| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1546291059.4069.158.camel@linux.ibm.com>
Date: Mon, 31 Dec 2018 16:17:39 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Michael Niewöhner <linux@...ewoehner.de>,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
James Bottomley <James.Bottomley@...senPartnership.com>,
peterhuewe@....de, jgg@...pe.ca, arnd@...db.de,
linux-integrity@...r.kernel.org,
linux-kernel <linux-kernel@...r.kernel.org>,
Nayna Jain <nayna@...ux.ibm.com>,
Ken Goldman <kgold@...ux.ibm.com>
Subject: Re: tpm_tis TPM2.0 not detected on cold boot
On Sun, 2018-12-30 at 14:22 +0100, Michael Niewöhner wrote:
> > difference is that on a cold boot, the TPM takes longer to initialize.
>
> Well, as I said. Waiting for 10, 20 or even 60 seconds in the boot manager does
> not solve the problem. So the problem is NOT that the TPM takes longer to
> initialize. Even adding a delay of 20 seconds before TPM init does not solve
> that while that should be more than enough time.
The purpose of commenting out the TPM2 selftest was to minimize the
TPM initialization delay, so that the TPM is ready before IMA. After
James' patch that wasn't needed anymore.
Looking back at this thread, I see you're using systemd-boot, not
grub2. When you commented out the systemd-boot timeout, IMA found the
TPM. The question is why isn't the TPM ready with the timeout before
IMA (like above)? Has systemd-boot done the selftest?
Mimi
Powered by blists - more mailing lists