Hi All
Recently, I installed the StrongSwan for IMA remote attestation following
the guideline at:
https://wiki.strongswan.org/projects/strongswan/wiki/IMA#Register-the-Device-with-the-strongTNC-Policy-Manager
For the build-database.sh, I did some modifications:
p="Ubuntu 16.04 x86_64"
a="x86_64-linux-gnu"
k="4.13.0-45-generic"
Then I run the test command, I got nothing:
ipsec attest --hashes --sha1 --product "Ubuntu 16.04 x86_64"
0 SHA1 values found for product 'Ubuntu 16.04 x86_64'
ipsec attest --hashes --sha1
5: /lib/x86_64-linux-gnu
1: libcrypto.so.1.0.0
18: Ubuntu 12.10 x86_64
10: d9309b9e45928239d7a7b18711e690792632cce4
3: libssl.so.1.0.0
18: Ubuntu 12.10 x86_64
13: 3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b
8: /usr/bin
5: openssl
28: Debian 7.2 x86_64
7: ecd9c7076cc0572724c7a67db7f19c2831e0445f
18: Ubuntu 12.10 x86_64
16: e59602f4edf24c1b36199588886d06665d4adcd7
11: /usr/lib/x86_64-linux-gnu
2: libcrypto.so.1.0.0
28: Debian 7.2 x86_64
1: 6c6f8e12f6cbfba612e780374c4cdcd40f20968a
4: libssl.so.1.0.0
28: Debian 7.2 x86_64
4: 3ad204f99eb7262efab79cfca02628870ea76361
6 SHA1 values found
I think due to this reason, the measurement for the device is:
*processed 1315 IMA file evidence measurements: 0 ok, 1315 unknown, 0
differ, 0 failed; 22 BIOS evidence measurements are ok*
I also try different machine to generate the database, the result is the
same.
If you need more information, please let me know. Thx.
Best wishes
Yueqiang Cheng
