I’m currently trying to perform integrity measurement using a TPM (SLB 9670) on a Raspberry Pi 3 model B+.
I have the TPM installed and working properly since I can execute some basic commands like tpm2_getrandom() and so on. Now I want to perform an integrity measurement using IMA, and I have recompiled the new kernel with the following config:
CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_INTEGRITY=y CONFIG_IMA=y CONFIG_IMA_MEASURE_PCR_IDX=10 CONFIG_IMA_AUDIT=y CONFIG_IMA_LSM_RULES=y CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA_READ_POLICY=y CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_HW_RANDOM_TPM=y CONFIG_TCG_TPM=y CONFIG_TCG_TIS_CORE=y CONFIG_TCG_TIS=y
but the ima for some reason still doesn’t detect the TPM and gives the errors:
I have also tried to compile another version of the kernel where I change the code line in devices/clk/bcm/clk-bcm2835:
But it still didn’t work.