| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b3c1f5a0a37419fac51d570cd1c8e521f59cee14.camel@linux.ibm.com>
Date: Thu, 10 Jun 2021 10:19:58 -0400
From: Mimi Zohar <zohar@...ux.ibm.com>
To: "Jorge Ramirez-Ortiz, Foundries" <jorge@...ndries.io>,
dmitry.kasatkin@...il.com, jmorris@...ei.org, serge@...lyn.com
Cc: linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, Jarkko Sakkinen <jarkko@...nel.org>
Subject: Re: ima - wait for tpm load
[Cc'ing Jarkko]
On Thu, 2021-06-10 at 09:16 +0200, Jorge Ramirez-Ortiz, Foundries
wrote:
> I am enabling IMA on a ZynqMP based platform using an SPI based TPM
> from Infineon.
>
> The SPI TPM driver is built-in but since the IMA is initalized from a
> late_initcall, IMA never finds the TPM.
>
> Is there a recomended way to work around this issue?
>
> fio@...cg-dwg:~$ dmesg | grep tpm
> [ 3.381181] tpm_tis_spi spi1.1: 2.0 TPM (device-id 0x1B, rev-id 22)
> [ 3.423608] tpm tpm0: A TPM error (256) occurred attempting the self test
> [ 3.430406] tpm tpm0: starting up the TPM manually
>
> fio@...cg-dwg:~$ dmesg | grep ima
> [ 3.525741] ima: No TPM chip found, activating TPM-bypass!
> [ 3.531233] ima: Allocated hash algorithm: sha1
Lengthening the TPM timeout, executing the TPM self test have been past
reasons for the TPM not to initialize prior to IMA.
(Missing from this bug report is the kernel version.)
thanks,
Mimi
Powered by blists - more mailing lists