For VMware Pulse IoT Center to detect tampering, you must configure the following IMA settings on your gateway.

Configure the Kernel

Append the Kernel command line with the following flag:
rootflags=i_version ima_policy=tcb ima_hash=sha256
For example, on a Fedora Workstation:
  1. Edit /etc/default/grub with:
    GRUB_CMDLINE_LINUX="rootflags=i_version ima_policy=tcb ima_policy=secure_boot ima_hash=sha256"
  2. sudo grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg.
Note: These steps might not work with a Fedora IoT image. Perform the following steps if the preceding steps do not work:
  1. Open the /boot/loader/entries/ostree-1-fedora-iot.conf file and add the following flag to the line that starts with options:
    "rootflags=i_version ima_policy=tcb ima_hash=sha256"
  2. Restart the gateway for the settings to take effect.

Modify the /etc/fstab File

Add the following line to the fstab file:
UUID=d4bbe97d-a719-43af-a89a-19a9455cec5b /                       ext4    noatime,iversion        1 1