On Mon, 2021-11-08 at 12:46 -0800, Lakshmi Ramasubramanian wrote: > Thanks for the response Ken. > > >> I am seeing the following errors when trying to validate IMA > >> measurement using the util. I'd like to try the latest (v1.4). > >> > >> sudo ./evmctl ima_measurement > >> /sys/kernel/security/ima/binary_runtime_measurements -vv > >> > >> Error messages for the above command > >> ------------------------------------ > >> Using tsspcrread to read PCRs. > >> > >> tpm2_pcr_supported:67 Found 'tsspcrread' in $PATHread_tpm_banks:1923 > >> Failed to read sha1 PCRs: (TSS_Socket_Open: Error on connect to > >> localhost:2321) > >> > >> read_tpm_banks:1923 Failed to read sha256 PCRs: (TSS_Socket_Open: Error > >> on connect to localhost:2321) > >> > >> Failed to read any TPM PCRs > >> > > > > This sounds like your program is trying to connect to a SW TPM, > > and the SW TPM process is not running. > > > > There is a physical TPM on the machine where I am running ima-evm-utils > to verify IMA measurements. I want to use that physical TPM and not a > software TPM. > > I am seeing the error with v1.4 sources as well. > > I will review ima-evm-utils code and check how to get it to use the > physical TPM for validating the IMA measurements. This release has support for linking with "-libmtss", in addition to calling the command line tools. Check the configure output to see which TSS you're using. If you're using the IBM TSS, first make sure that "tsspcrread -halg sha256 -ha 10 -ns", for example, is actually working. thanks, Mimi
