-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
26 lines (21 loc) · 1.19 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
cel_util
Utilities for verifying Canonical Event Log (CEL) formatted measurement lists.
These tools are intended for Linux systems running the new sdboot with UKI
support. The tools can verify the new sdboot stub and systemd events for
these systems. The tools include:
pcclient_to_cel: translates pcclient measurement lists to CEL
systemd_to_cel: translates the new systemd journal events to CEL
ima-ng_to_cel: translates IMA binary events to CEL
cel_verify: verifies a CEL event log
verify: a front end script to demonstrate common usage of the utilities
Compiling:
Install dependencies, including openssl-devel, systemd-devel tpm2-tss-devel,
and the "C Development Tools and Libraries" group
make
Usage: cel_verify [-v] [-p pcrs.bin] [-h RIM.txt]
The script "verify" shows a typical usage sequence.
The script gets measurement logs from the normal locations, translates
them to CEL, and verifies them with cel_verify. Verify demonstrates
creation of a pcrbin file using tpm2_pcrread. An example RIM.txt file
is included. You can obtain the necessary hashes and descriptions from
a verbose cel_verify output.