diff --git a/pkg/sensors/tracing/lsm_test.go b/pkg/sensors/tracing/lsm_test.go
index 7b9cdee895a..8863c0bc636 100644
--- a/pkg/sensors/tracing/lsm_test.go
+++ b/pkg/sensors/tracing/lsm_test.go
@@ -5,6 +5,8 @@ package tracing
 
 import (
 	"context"
+	"crypto/sha256"
+	"encoding/hex"
 	"os"
 	"os/exec"
 	"strconv"
@@ -240,3 +242,72 @@ spec:
 	err = jsonchecker.JsonTestCheck(t, ec.NewUnorderedEventChecker(lsmChecker))
 	assert.NoError(t, err)
 }
+
+func TestLSMIMAHash(t *testing.T) {
+	if !bpf.HasLSMPrograms() || !kernels.EnableLargeProgs() || !kernels.EnableIMA() || !kernels.MinKernelVersion("5.11") {
+		t.Skip()
+	}
+	var doneWG, readyWG sync.WaitGroup
+	defer doneWG.Wait()
+
+	ctx, cancel := context.WithTimeout(context.Background(), tus.Conf().CmdWaitTime)
+	defer cancel()
+
+	testBin := testutils.RepoRootPath("contrib/tester-progs/nop")
+	pidStr := strconv.Itoa(int(observertesthelper.GetMyPid()))
+
+	configHook := `
+apiVersion: cilium.io/v1alpha1
+kind: TracingPolicy
+metadata:
+  name: "lsm"
+spec:
+  lsmhooks:
+  - hook: "bprm_check_security"
+    args:
+      - index: 0
+        type: "linux_binprm"
+    selectors:
+    - matchPIDs:
+      - operator: In
+        followForks: true
+        isNamespacePID: false
+        values:
+        - ` + pidStr + `
+      matchActions:
+      - action: Post
+        imaHash: true
+`
+
+	configHookRaw := []byte(configHook)
+	err := os.WriteFile(testConfigFile, configHookRaw, 0644)
+	if err != nil {
+		t.Fatalf("writeFile(%s): err %s", testConfigFile, err)
+	}
+	hasher := sha256.New()
+	s, err := os.ReadFile(testBin)
+	if err != nil {
+		t.Fatalf("ReadFile(%s): err %s", testBin, err)
+	}
+	hasher.Write(s)
+	lsmChecker := ec.NewProcessLsmChecker("lsm-ima-checker").
+		WithFunctionName(sm.Suffix("bprm_check_security")).
+		WithProcess(ec.NewProcessChecker().
+			WithBinary(sm.Suffix(tus.Conf().SelfBinary))).
+		WithImaHash(sm.Full("sha256:" + hex.EncodeToString(hasher.Sum(nil))))
+	obs, err := observertesthelper.GetDefaultObserverWithFile(t, ctx, testConfigFile, tus.Conf().TetragonLib, observertesthelper.WithMyPid())
+	if err != nil {
+		t.Fatalf("GetDefaultObserverWithFile error: %s", err)
+	}
+	observertesthelper.LoopEvents(ctx, t, &doneWG, &readyWG, obs)
+	readyWG.Wait()
+
+	testCmd := exec.Command(testBin)
+
+	if err := testCmd.Run(); err != nil {
+		t.Fatalf("failed to run %s: %s", testCmd, err)
+	}
+
+	err = jsonchecker.JsonTestCheck(t, ec.NewUnorderedEventChecker(lsmChecker))
+	assert.NoError(t, err)
+}