I don't think IMA was designed to be deterministic. And I think you should not rely on
the TPM PCR 10 value being in an specific state for e.g. secret sealing.
The reason is the asynchronous nature of the OS. Things happens when they are ready, and
IMA measures them as they are requested.
I think the sole purpose of the IMA Measurement and the TPM PCR 10 extension is to extend
the hardware root of trust to the user space, and have user space remote attestation
capabilities. For this, you need the IMA Measurement Log, and check that the quoted PCR 10
value matches the aggregated digest calculated from IMA Measurement Log.
You could reduce the IMA Measurement policy to a very reduced set of user files, like only
measuring the Kernel Modules for example, but that will imply not measuring important
parts of the Trusted Computing Base.
Could you expand on the reason to the a deterministic PCR 10?