I am trying to use IMA in Ubuntu Desktop 22.04; the kernel version is 5.19.0-41-generic. I have verified that the following flags are present in the config file:
CONFIG_IMA=y
CONFIG_IMA_MEASURE_PCR_IDX=10
CONFIG_IMA_LSM_RULES=y
CONFIG_INTEGRITY_SIGNATURE=y
CONFIG_IMA_APPRAISE=y
IMA_APPRAISE_BOOTPARAM=y
Then I added following line in /etc/default/grub file:
GRUB_CMDLINE_LINUX="rootflags=i_version dolvm lsm=integrity ima_appraise=enforce ima_policy=tcb ima_policy=appraise_tcb"
After that, I rebooted the machine and executed the following command:
time find / -fstype ext4 -type f -uid 0 -exec dd if='{}' of=/dev/null count=0 status=none \;
As far as I understand, this command should prompt IMA to calculate hash values of all executable files. However, when I run head /sys/kernel/security/ima/ascii_runtime_measurements, only the following line is shown in output:
10 1d8d532d463c9f8c205d0df7787669a85f93e260 ima-ng sha1:0000000000000000000000000000000000000000 boot_aggregate
For debugging purpose, I ran dmesg | grep 'ima' and found following IMA related messages:
[ 0.686078] device-mapper: core: CONFIG_IMA_DISABLE_HTABLE is disabled. Duplicate IMA measurements will not be recorded in the IMA log.
[ 0.727155] ima: No TPM chip found, activating TPM-bypass!
[ 0.727893] ima: Allocated hash algorithm: sha1
[ 0.727901] ima: No architecture policies found
[ 3.343188] systemd[1]: systemd 249.11-0ubuntu3.9 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
I am new to using IMA and do not understand why hash values of all executables are not being calculated. I am also not fully sure if I am executing all the correct commands. Can anyone kindly help with the issue?
