Thanks for the response Ken.
I am seeing the following errors when trying to validate IMA
measurement using the util. I'd like to try the latest (v1.4).
sudo ./evmctl ima_measurement
/sys/kernel/security/ima/binary_runtime_measurements -vv
Error messages for the above command
------------------------------------
Using tsspcrread to read PCRs.
tpm2_pcr_supported:67 Found 'tsspcrread' in $PATHread_tpm_banks:1923
Failed to read sha1 PCRs: (TSS_Socket_Open: Error on connect to
localhost:2321)
read_tpm_banks:1923 Failed to read sha256 PCRs: (TSS_Socket_Open: Error
on connect to localhost:2321)
Failed to read any TPM PCRs
This sounds like your program is trying to connect to a SW TPM,
and the SW TPM process is not running.
There is a physical TPM on the machine where I am running ima-evm-utils
to verify IMA measurements. I want to use that physical TPM and not a
software TPM.
I am seeing the error with v1.4 sources as well.
I will review ima-evm-utils code and check how to get it to use the
physical TPM for validating the IMA measurements.
-lakshmi
