tw.config does not iclude /boot so kernel images will not be checked.
The twpol.txt in tripwire-2.3-53 includes /boot in the "Critical system boot files" rule, and creating a file named /boot/newfile after the database is created causes its existence to be flagged when the system is checked.