[v2,8/8] ima-evm-utils: update README to reflect "--pcrs", "--verify" and "--validate"
diff mbox series

Message ID 1594396859-9232-9-git-send-email-zohar@linux.ibm.com
State New
Headers show
  • additional "ima-measurement" support
Related show

Commit Message

Mimi Zohar July 10, 2020, 4 p.m. UTC
"--pcrs" compares the re-calculate PCRs against a file containing TPM 1.2 pcrs.
"--validate" ignores ToMToU measurement violations.
"--verify" verifies the template data digest based on the template data.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
 README | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff mbox series

diff --git a/README b/README
index 374b748c59bf..64b9da508d8d 100644
--- a/README
+++ b/README
@@ -31,7 +31,7 @@  COMMANDS
  ima_sign [--sigfile] [--key key] [--pass password] file
  ima_verify file
  ima_hash file
- ima_measurement [--verify-sig [--key "key1, key2, ..."]] file
+ ima_measurement [--validate] [--verify] [--verify-sig [--key "key1, key2, ..."]]  [--pcrs file] file
  ima_fix [-t fdsxm] path
  sign_hash [--key key] [--pass password]
  hmac [--imahash | --imasig ] file
@@ -59,6 +59,9 @@  OPTIONS
       --m32          force EVM hmac/signature for 32 bit target system
       --m64          force EVM hmac/signature for 64 bit target system
       --engine e     preload OpenSSL engine e (such as: gost)
+      --pcrs         file containing TPM 1.2 pcrs
+      --validate     ignore ToMToU measurement violations
+      --verify       verify the template data digest
       --verify-sig   verify the template data file signature
   -v                 increase verbosity level
   -h, --help         display this help and exit