<div dir="ltr">Hi All<div><br></div><div>Recently, I installed the StrongSwan for IMA remote attestation following the guideline at: <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IMA#Register-the-Device-with-the-strongTNC-Policy-Manager">https://wiki.strongswan.org/projects/strongswan/wiki/IMA#Register-the-Device-with-the-strongTNC-Policy-Manager</a> </div><div><br></div><div>For the build-database.sh, I did some modifications:</div><div><br></div><div><pre style="font-family:Consolas,Menlo,"Liberation Mono",Courier,monospace;margin:1em 1em 1em 1.6em;padding:8px;background-color:rgb(250,250,250);border:1px solid rgb(226,226,226);border-radius:3px;width:auto;overflow-x:auto;overflow-y:hidden;color:rgb(54,0,12);font-size:10.8px;text-align:left;text-decoration-style:initial;text-decoration-color:initial">p="Ubuntu 16.04 x86_64" 
a="x86_64-linux-gnu" 
k="4.13.0-45-generic" </pre><br></div><div>Then I run the test command, I got nothing: </div><div>




<span></span>





<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ipsec attest --hashes --sha1 --product "Ubuntu 16.04 x86_64"<span class="gmail-Apple-converted-space"> </span></span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">0 SHA1 values found for product 'Ubuntu 16.04 x86_64'</span></p>


<div>




<span></span>





<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">ipsec attest --hashes --sha1<span class="gmail-Apple-converted-space"> </span></span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">     </span>5: /lib/x86_64-linux-gnu</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">     </span>1: <span class="gmail-Apple-converted-space">  </span>libcrypto.so.1.0.0</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>18: <span class="gmail-Apple-converted-space">    </span>Ubuntu 12.10 x86_64</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>10: <span class="gmail-Apple-converted-space">      </span>d9309b9e45928239d7a7b18711e690792632cce4</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">     </span>3: <span class="gmail-Apple-converted-space">  </span>libssl.so.1.0.0</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>18: <span class="gmail-Apple-converted-space">    </span>Ubuntu 12.10 x86_64</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>13: <span class="gmail-Apple-converted-space">      </span>3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">     </span>8: /usr/bin</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">     </span>5: <span class="gmail-Apple-converted-space">  </span>openssl</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>28: <span class="gmail-Apple-converted-space">    </span>Debian 7.2 x86_64</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">     </span>7: <span class="gmail-Apple-converted-space">      </span>ecd9c7076cc0572724c7a67db7f19c2831e0445f</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>18: <span class="gmail-Apple-converted-space">    </span>Ubuntu 12.10 x86_64</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>16: <span class="gmail-Apple-converted-space">      </span>e59602f4edf24c1b36199588886d06665d4adcd7</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>11: /usr/lib/x86_64-linux-gnu</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">     </span>2: <span class="gmail-Apple-converted-space">  </span>libcrypto.so.1.0.0</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>28: <span class="gmail-Apple-converted-space">    </span>Debian 7.2 x86_64</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">     </span>1: <span class="gmail-Apple-converted-space">      </span>6c6f8e12f6cbfba612e780374c4cdcd40f20968a</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">     </span>4: <span class="gmail-Apple-converted-space">  </span>libssl.so.1.0.0</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>28: <span class="gmail-Apple-converted-space">    </span>Debian 7.2 x86_64</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">     </span>4: <span class="gmail-Apple-converted-space">      </span>3ad204f99eb7262efab79cfca02628870ea76361</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:16px;line-height:normal;font-family:Monaco;color:rgb(244,244,244);background-color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">6 SHA1 values found</span></p>


<br></div>I think due to this reason, the measurement for the device is:<br><u>processed 1315 IMA file evidence measurements: 0 ok, 1315 unknown, 0 differ, 0 failed; 22 BIOS evidence measurements are ok</u><br><br>I also try different machine to generate the database, the result is the same.<div><span style="color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;background-color:rgb(249,249,249);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><div><font color="#333333" face="Helvetica Neue, Helvetica, Arial, sans-serif"><span style="font-size:14px;background-color:rgb(249,249,249)">If you need more information, please let me know. Thx.</span></font></div><div><font color="#333333" face="Helvetica Neue, Helvetica, Arial, sans-serif"><span style="font-size:14px;background-color:rgb(249,249,249)"><br></span></font></div><div><font color="#333333" face="Helvetica Neue, Helvetica, Arial, sans-serif"><span style="font-size:14px;background-color:rgb(249,249,249)"><br></span></font></div><div><font color="#333333" face="Helvetica Neue, Helvetica, Arial, sans-serif"><span style="font-size:14px;background-color:rgb(249,249,249)">Best wishes</span></font></div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><div>Yueqiang Cheng<br></div><br></div><br></div></div></div></div></div></div></div>
</div></div>