keylime-agent.conf: Allow setting event logs paths

This introduces the 'ima_ml_path' and 'measuredboot_ml_path' options to set the IMA measurement log and Measured Boot event log, respectively. This also bumps the configuration version to 2.2 as new options were added. Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
keylime · Jan 30, 2024 · f56bd27 · f56bd27
1 parent 6342cec
commit f56bd27
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/keylime-agent.conf b/keylime-agent.conf
@@ -11,7 +11,7 @@
 # The configuration file version
 #
 # To override, set KEYLIME_AGENT_VERSION environment variable.
-version = "2.1"
+version = "2.2"
 
 # The agent's UUID.
 # If you set this to "generate", Keylime will create a random UUID.
@@ -298,3 +298,18 @@ run_as = "keylime:tss"
 # variable.
 agent_data_path = "default"
 
+# Path from where the agent will read the IMA measurement log.
+#
+# If set as "default", Keylime will use the default path:
+# The default path is /sys/kernel/security/ima/ascii_runtime_measurements
+# If set as a relative path, it will be considered from the root path "/".
+# If set as an absolute path, it will use it without changes
+ima_ml_path = "default"
+
+# Path from where the agent will read the measured boot event log.
+#
+# If set as "default", Keylime will use the default path:
+# The default path is /sys/kernel/security/tpm0/binary_boot_measurements
+# If set as a relative path, it will be considered from the root path "/".
+# If set as an absolute path, it will use it without changes
+measuredboot_ml_path = "default"