Thore Sommer

The registrar does not do any validation except for checking if the format is correct and that the AIK belongs to the EK. https://github.com/keylime/keylime/blob/16a9cfd31b02f5c60b1ccc667627fac6144f82d1/keylime/registrar_common.py#L225-L228 The actual checking if the EK...

Ok now I understand the motivation to do that. If I read #680 correctly resolving that issue will fix the validation gap and the validation in the registrar not necessarily...

This will be fixed once https://github.com/keylime/enhancements/pull/71 is implemented.

Can you post the output of `tpm2_pcrread`? In some cases with SWTPM sha1 is there, but without any actually usable PCR banks. This should work with sha256: ``` keylime_ima_emulator -a...

I think it is similar to the config script also a good idea to put this script under `keylime/cmd` because it is an official part of Keylime. In general it...

I would say this is nearly ready to go. Following changes I think are still necessary: * drop changes to the create_allowlist script (currently not really useful) * Add the...

> Should this be listed as an item under https://github.com/keylime/keylime/issues/1035 ? Yes added.

@ansasaki can you look into adding an error message when no Keylime configuration was found be the config module?

The easiest way is to run the `installer.sh` script on the machine that should run the verifier and registrar. Change the configuration to listen on the correct IP address and...

@blackdobb did you get it working? Because this is not a bug and more of a setup question, I'll close this. If you have any issues setting up Keylime the...