| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aFs0of3uZdoMEJXc@kernel.org> Date: Wed, 25 Jun 2025 02:28:33 +0300 From: Jarkko Sakkinen <jarkko@...nel.org> To: Yeoreum Yun <yeoreum.yun@....com> Cc: sudeep.holla@....com, peterhuewe@....de, jgg@...pe.ca, stuart.yoder@....com, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, linux-integrity@...r.kernel.org Subject: Re: [PATCH v4 0/2] generate boot_aggregate log in IMA with TPM using CRB over FF-A On Wed, Jun 18, 2025 at 11:23:00AM +0100, Yeoreum Yun wrote: > To ensure the TPM device operating over the FF-A protocol with > the CRB interface is probed before IMA initialization, > the following conditions must be met: > > 1. The corresponding ffa_device must be registered, > which is done via ffa_init(). > > 2. The tpm_crb_driver must successfully probe this device via > tpm_crb_ffa_init(). > > 3. The tpm_crb driver using CRB over FF-A can then > be probed successfully. (See crb_acpi_add() and > tpm_crb_ffa_init() for reference.) > > Unfortunately, ffa_init(), tpm_crb_ffa_init(), and crb_acpi_driver_init() are > all registered with device_initcall, which means crb_acpi_driver_init() may > be invoked before ffa_init() and tpm_crb_ffa_init() are completed. I get the ffa_init() part i.e, moving it earlier. However for tpm_crb_ffa_init() and crb_acpi_driver_init(), modules.dep takes care that they are loaded in order. For IMA you will need the driver as built-in but that should be handled via kernel config, not via code changes. BR, Jarkko
Powered by blists - more mailing lists