[strongSwan] Fwd: about build-database.sh

Yueqiang Cheng strongerwill at gmail.com
Thu Jul 5 20:28:15 CEST 2018

Hi Andreas

Sorry to bother you. Recently, I installed the StrongSwan for IMA remote
attestation following the guideline at:

For the build-database.sh, I did some modifications:

p="Ubuntu 16.04 x86_64"

Then I run the test command, I got nothing:

>ipsec attest --hashes --sha1 --product "Ubuntu 16.04 x86_64"

0 SHA1 values found for product 'Ubuntu 16.04 x86_64'

>ipsec attest --hashes --sha1

     5: /lib/x86_64-linux-gnu

     1:   libcrypto.so.1.0.0

    18:     Ubuntu 12.10 x86_64

    10:       d9309b9e45928239d7a7b18711e690792632cce4

     3:   libssl.so.1.0.0

    18:     Ubuntu 12.10 x86_64

    13:       3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b

     8: /usr/bin

     5:   openssl

    28:     Debian 7.2 x86_64

     7:       ecd9c7076cc0572724c7a67db7f19c2831e0445f

    18:     Ubuntu 12.10 x86_64

    16:       e59602f4edf24c1b36199588886d06665d4adcd7

    11: /usr/lib/x86_64-linux-gnu

     2:   libcrypto.so.1.0.0

    28:     Debian 7.2 x86_64

     1:       6c6f8e12f6cbfba612e780374c4cdcd40f20968a

     4:   libssl.so.1.0.0

    28:     Debian 7.2 x86_64

     4:       3ad204f99eb7262efab79cfca02628870ea76361

6 SHA1 values found

However, when I open the config.db at /etc/pts/, I found there are over 10K
files there and file_hashes. However, there version is 0.

I think due to this reason, the measurement for the device is:
*processed 1315 IMA file evidence measurements: 0 ok, 1315 unknown, 0
differ, 0 failed; 22 BIOS evidence measurements are ok*

I also try different machine to generate the database, the result is the
same. Please guide me to address this issue. Thx.

If you need more information, please let me know. Thx.

Best wishes
Yueqiang Cheng
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180705/2b98208f/attachment-0001.html>

More information about the Users mailing list