Can I restrict PCR 10 updates to only /usr/bin/ls using IMA with SPI TPM?

[leenaarora18]

Hi all,

I'm working with a TPM 2.0 device over SPI on a Linux system, and I'm using IMA (Integrity Measurement Architecture) to measure files. I want to configure the system such that only the measurement of /usr/bin/ls affects PCR 10 — meaning:

PCR 10 should change only when /usr/bin/ls is executed or modified.

No other file or system activity should extend PCR 10.

Is this kind of isolated measurement possible using IMA and TPM together? If yes, what would be the right way to configure the IMA policy or TPM setup to achieve this?