linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Mimi Zohar <zohar@linux.ibm.com>
To: "Jorge Ramirez-Ortiz, Foundries" <jorge@foundries.io>,
	dmitry.kasatkin@gmail.com, jmorris@namei.org, serge@hallyn.com
Cc: linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org, Jarkko Sakkinen <jarkko@kernel.org>
Subject: Re: ima - wait for tpm load
Date: Thu, 10 Jun 2021 10:19:58 -0400	[thread overview]
Message-ID: <b3c1f5a0a37419fac51d570cd1c8e521f59cee14.camel@linux.ibm.com> (raw)
In-Reply-To: <20210610071633.GA30216@trex>

[Cc'ing Jarkko]

On Thu, 2021-06-10 at 09:16 +0200, Jorge Ramirez-Ortiz, Foundries
wrote:
> I am enabling IMA on a ZynqMP based platform using an SPI based TPM
> from Infineon.
> 
> The SPI TPM driver is built-in but since the IMA is initalized from a
> late_initcall, IMA never finds the TPM.
> 
> Is there a recomended way to work around this issue?
> 
> fio@uz3cg-dwg:~$ dmesg | grep tpm
> [    3.381181] tpm_tis_spi spi1.1: 2.0 TPM (device-id 0x1B, rev-id 22)
> [    3.423608] tpm tpm0: A TPM error (256) occurred attempting the self test
> [    3.430406] tpm tpm0: starting up the TPM manually
> 
> fio@uz3cg-dwg:~$ dmesg | grep ima
> [    3.525741] ima: No TPM chip found, activating TPM-bypass!
> [    3.531233] ima: Allocated hash algorithm: sha1

Lengthening the TPM timeout, executing the TPM self test have been past
reasons for the TPM not to initialize prior to IMA.

(Missing from this bug report is the kernel version.)

thanks,

Mimi


  reply	other threads:[~2021-06-10 14:20 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-10  7:16 ima - wait for tpm load Jorge Ramirez-Ortiz, Foundries
2021-06-10 14:19 ` Mimi Zohar [this message]
2021-06-10 15:18   ` Jorge Ramirez-Ortiz, Foundries
2021-06-10 20:31     ` Mimi Zohar
2021-06-28 22:04       ` Ken Goldman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b3c1f5a0a37419fac51d570cd1c8e521f59cee14.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=jarkko@kernel.org \
    --cc=jmorris@namei.org \
    --cc=jorge@foundries.io \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=serge@hallyn.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).