Hi Brent, We're working on this right now in the SIMP project https://simp-project.com .
We will be providing a set of custom Facter facts to gather this information and report it back for automated configuration. Thanks, Trevor On Fri, Jul 15, 2016 at 1:17 PM, Brent Kimberley <[email protected]> wrote: > Greetings. > Are there automated methods for assessing TPM posture? > > For example - verify TPM is: enabled, activated, contains a unique EK > (i.e. tpm_getpubek is not reflective of known compliance vector fragments.) > > ( I apologize in advance if this question is off topic or common > knowledge.) > > Best Regards, > Brent > > > ref > oval.mitre.org/community/docs/OVAL-and-TPM-06-14-2010.pdf > > scap.nist.gov/events/2011/saddsp/presentations/Charles_Schmidt-Trusted_Computing_in_OVAL.pdf > scap.nist.gov/events/2012/itsac/presentations/day2/4Oct_1145am_Boyle.pdf > csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2014.pdf > cryptotronix.com/2014/08/28/compliance_mode/ > THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY > CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR > EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to > any privilege have been waived. If you are not the intended recipient, you > are hereby notified that any review, retransmission, dissemination, > distribution, copying, conversion to hard copy, taking of action in > reliance on or other use of this communication is strictly prohibited. If > you are not the intended recipient and have received this message in error, > please notify me by return e-mail and delete or destroy all copies of this > message. > -- > SCAP Security Guide mailing list > [email protected] > > https://lists.fedorahosted.org/admin/lists/[email protected] > https://github.com/OpenSCAP/scap-security-guide/ > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
