dark_knight94
Reputation: 117
IMA fails to detect existing TPM eventhough it exists and functions correctly
I’m currently trying to perform integrity measurement using a TPM (SLB 9670) on a Raspberry Pi 3 model B+. I have the TPM installed and working properly since I can execute some basic commands like tpm2_getrandom() and so on. Now I want to perform an integrity measurement using IMA, and I have recompiled the new kernel with the following config:
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_INTEGRITY=y
CONFIG_IMA=y
CONFIG_IMA_MEASURE_PCR_IDX=10
CONFIG_IMA_AUDIT=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_WRITE_POLICY=y
CONFIG_IMA_READ_POLICY=y
CONFIG_IMA_APPRAISE=y
CONFIG_IMA_APPRAISE_BOOTPARAM=y
CONFIG_HW_RANDOM_TPM=y
CONFIG_TCG_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS=y
but the ima for some reason still doesn’t detect the TPM and gives the errors:
I have done some research and found out that maybe this is due to the fact that the ima get initialized before the TPM, so I have also tried to compile another version of the kernel where I change the code line in devices/clk/bcm/clk-bcm2835: from:
postcore_initcall(__bcm2835_clk_driver_init);
to
subsys_initcall(__bcm2835_clk_driver_init);
But it still didn’t work. Please help!
Upvotes: 2
Views: 229
Answers (1)
Related Questions
- TPM 2.0 - could not load "libtss2-tcti-tabrmd.so.0"
- Is a TPM device supposed to support both TPM1.2 and TPM2.0
- How to uninstall the TPM simulator and use the real TPM chip on raspberry pi?
- Trusted Platform Module (TPM) TSS program compilation error
- Extending PCR of TPM2.0 during boot by using buildroot with uboot
- ITpmVirtualSmartCardManager::CreateVirtualSmartCard the PIN is not set correctly
- ATA Trusted commands-How to set libata allow_tpm
- Interpreting tpm-tools tpm_getpubek output
- Using Tpm on Raspberry pi - error when compiling to native
- Cross compiling tpm-toool