Currently the tpm2-tools and other userspace processes cannot access the system measurement logs for users even if they are in the group tss: crw-rw---- 1 tss root 10, 224 Mai 3 17:22 /dev/tpm0 -r--r----- 1 root root 0 Mai 3 17:22 /sys/kernel/security/ima/binary_runtime_measurements -r--r----- 1 root root 0 Mai 3 17:22 /sys/kernel/security/tpm0/binary_bios_measurements So with tss2_quote a quote can be computed but not the pcrLog for the sytem PCRs. The problem could be solved if the log files would be owned by tss. But that could create privacy issues because the pcrLog would e.g. contain executables in user home directories. Do you have any suggestions how the problem could be addressed or is there a privacy concern here? Thanks, Bill
