[Cc'ing Dmitry Eremin-Solenikov] Hi Petr, On Mon, 2020-10-19 at 22:08 +0200, Petr Vorel wrote: > This is required, because when TPM HW available (i.e. -c /dev/tpm0), > evmctl ima_boot_aggregate returns sha1:xxxx. > > skip requires to move cleanup(). > > Signed-off-by: Petr Vorel <petr.vorel@xxxxxxxxx> Nice. > --- > Hi Mimi, > > this Fixes problems on current Debian, which has still disabled CONFIG_IMA > (FYI [1]). I was not able to figure out how to get it working with > sample-* files, but maybe there is a way. > > Although it sound strange, people may want to build and check evmctl > even on a system with disabled CONFIG_IMA (both Debian and Ubuntu have > outdated ima-evm-utils (1.1)). Oops, I need to keep Dmitry in the loop better. I'm hoping to release v1.3 shortly. > > Kind regards, > Petr > > [1] https://bugs.debian.org/972459 linux: Reenable CONFIG_IMA I wasn't aware that because of lockdown, IMA was disabled. Thank you for reporting and updating the IMA w/lockdown status. Mimi
