NAME¶

tsstssimaextend - Replay IMA event log

DESCRIPTION¶

Replays the provided IMA event log.

Without -sim, uses TPM2_PCR_Extend to extend the events into the TPM.
With -sim, extends into simulated PCRs and traces the result.

Without -sim, hash algorithms not allocated are ignored, the TPM behavior.
With -sim, all specified hash algorithms are used.

This handles the case where a zero measurement extends ones into the IMA PCR.

-if

IMA event log file name

[-of

With -sim, PCR 10 of first algorithm specified]

[-le

input file is little endian (default big endian)]

[-halg

PCR bank algorithm (sha1, sha256, sha384, sha512)]
default sha1 and sha256
-halg may be specified more than once

[-ealg

IMA log algorithm (sha1, sha256, sha384, sha512)]
default sha256

[-tpm

extend TPM PCRs (default)]

[-sim

calculate simulated PCRs]

[-checkhash

verify IMA event log hashes]

[-checkdata

verify IMA event log template data, stop on error]

[-b

beginning entry (default 0, beginning of log)] A beginning entry after the end of the log becomes a noop

[-e

ending entry (default end of log)] E.g., -b 0 -e 0 sends one entry

[-l

time - run in a continuous loop, sleep 'time' seconds betwteen loops] The intent is that this be run without specifying -b and -e Afer each pass, the next beginning entry is set to the last entry +1