I’m currently trying to perform integrity measurement using a TPM (SLB 9670) on a Raspberry Pi 3 model B+.
I have the TPM installed and working properly since I can execute some basic commands like tpm2_getrandom() and so on. Now I want to perform an integrity measurement using IMA, and I have recompiled the new kernel with the following config:
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_INTEGRITY=y
CONFIG_IMA=y
CONFIG_IMA_MEASURE_PCR_IDX=10
CONFIG_IMA_AUDIT=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_WRITE_POLICY=y
CONFIG_IMA_READ_POLICY=y
CONFIG_IMA_APPRAISE=y
CONFIG_IMA_APPRAISE_BOOTPARAM=y
CONFIG_HW_RANDOM_TPM=y
CONFIG_TCG_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS=y
but the ima for some reason still doesn’t detect the TPM and gives the errors:
I have done some research and found out that maybe this is due to the fact that the ima get initialized before the TPM, so I have also tried to compile another version of the kernel where I change the code line in devices/clk/bcm/clk-bcm2835:
from:
postcore_initcall(__bcm2835_clk_driver_init);
to
subsys_initcall(__bcm2835_clk_driver_init);
But it still didn’t work.
Please help!
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
