On 2020-10-20 20:02:31, Petr Vorel wrote: > Hi Mimi, Dmitry, > > > [Cc'ing Dmitry Eremin-Solenikov] > > > Hi Petr, > > > On Mon, 2020-10-19 at 22:08 +0200, Petr Vorel wrote: > > > This is required, because when TPM HW available (i.e. -c /dev/tpm0), > > > evmctl ima_boot_aggregate returns sha1:xxxx. > > > > skip requires to move cleanup(). > > > > Signed-off-by: Petr Vorel <petr.vorel@xxxxxxxxx> > > > Nice. > > > --- > > > Hi Mimi, > > > > this Fixes problems on current Debian, which has still disabled CONFIG_IMA > > > (FYI [1]). I was not able to figure out how to get it working with > > > sample-* files, but maybe there is a way. > > > > Although it sound strange, people may want to build and check evmctl > > > even on a system with disabled CONFIG_IMA (both Debian and Ubuntu have > > > outdated ima-evm-utils (1.1)). > > > Oops, I need to keep Dmitry in the loop better. I'm hoping to release > > v1.3 shortly. > Thanks! > @Dmitry do you wish to be Cc: before release or any other time? > > > > Kind regards, > > > Petr > > > > [1] https://bugs.debian.org/972459 linux: Reenable CONFIG_IMA > > > I wasn't aware that because of lockdown, IMA was disabled. Thank you > > for reporting and updating the IMA w/lockdown status. > Feel free to comment it, please. It'd be nice to have IMA in Debian (not sure > about Ubuntu status). I can help with the Ubuntu status. IMA is still enabled there. You can see CONFIG_IMA set to 'y' in the 20.04 LTS (Focal) and most recent 20.10 release (Groovy): https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/tree/debian.master/config/annotations#n12861 https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/groovy/tree/debian.master/config/annotations#n13173 Tyler > > @Dmitry: do you plan to update Debian package? (you're the listed maintainer, > although the package was signed by Wartan Hachaturow). > > > Mimi > > Kind regards, > Petr
