| Message ID | 20240528155318.249309-1-mitchell.augustin@canonical.com |
|---|---|
| Headers | show |
| Series | UBUNTU: [Config]: Configure TPM drivers as builtins for arm64 in annotations | expand |
Acked-by: Jacob Martin <jacob.martin@canonical.com> On 5/28/24 10:53 AM, mitchell.augustin@canonical.com wrote: > From: Mitchell Augustin <mitchell.augustin@canonical.com> > > BugLink: https://bugs.launchpad.net/bugs/2037688 > > [Impact] > > On Grace systems, the IMA driver emits the following log: > > ima: No TPM chip found, activating TPM-bypass! > > This occurs because the IMA driver initializes before we are able to detect > the TPM. This will always be the case when the drivers required to > communicate with the TPM, spi_tegra210_quad and tpm_tis_spi, are built as > modules. > > [Test case] > > This change has been applied to the kernel in the following PPA, and > both the 64k and 4k page size variants have been verified to allow > the TPM to load as expected on our Grace machine: > https://launchpad.net/~mitchellaugustin/+archive/ubuntu/grace-tpm-config-patch-4-24 > > [Fix] > > Having these drivers as built-ins ensures that the TPM is available before > the IMA driver initializes. > > [Regression potential] > > The only potential regression I could expect is the increased binary > size > due to the additional modules being built-in > > Mitchell Augustin (1): > UBUNTU: [Config]: Configure TPM drivers as builtins for arm64 in > annotations > > debian.master/config/annotations | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >
On 28-05-2024 17:53, mitchell.augustin@canonical.com wrote: > From: Mitchell Augustin <mitchell.augustin@canonical.com> > > BugLink: https://bugs.launchpad.net/bugs/2037688 The bug doesn't target noble, can you update it ? > > [Impact] > > On Grace systems, the IMA driver emits the following log: > > ima: No TPM chip found, activating TPM-bypass! > > This occurs because the IMA driver initializes before we are able to detect > the TPM. This will always be the case when the drivers required to > communicate with the TPM, spi_tegra210_quad and tpm_tis_spi, are built as > modules. > > [Test case] > > This change has been applied to the kernel in the following PPA, and > both the 64k and 4k page size variants have been verified to allow > the TPM to load as expected on our Grace machine: > https://launchpad.net/~mitchellaugustin/+archive/ubuntu/grace-tpm-config-patch-4-24 > > [Fix] > > Having these drivers as built-ins ensures that the TPM is available before > the IMA driver initializes. > > [Regression potential] > > The only potential regression I could expect is the increased binary > size > due to the additional modules being built-in > > Mitchell Augustin (1): > UBUNTU: [Config]: Configure TPM drivers as builtins for arm64 in > annotations > > debian.master/config/annotations | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > Acked-by: Thibault Ferrante <thibault.ferrante@canonical.com> Is unstable already having this modification ? Might be good to have there. -- Thibault
From: Mitchell Augustin <mitchell.augustin@canonical.com> BugLink: https://bugs.launchpad.net/bugs/2037688 [Impact] On Grace systems, the IMA driver emits the following log: ima: No TPM chip found, activating TPM-bypass! This occurs because the IMA driver initializes before we are able to detect the TPM. This will always be the case when the drivers required to communicate with the TPM, spi_tegra210_quad and tpm_tis_spi, are built as modules. [Test case] This change has been applied to the kernel in the following PPA, and both the 64k and 4k page size variants have been verified to allow the TPM to load as expected on our Grace machine: https://launchpad.net/~mitchellaugustin/+archive/ubuntu/grace-tpm-config-patch-4-24 [Fix] Having these drivers as built-ins ensures that the TPM is available before the IMA driver initializes. [Regression potential] The only potential regression I could expect is the increased binary size due to the additional modules being built-in Mitchell Augustin (1): UBUNTU: [Config]: Configure TPM drivers as builtins for arm64 in annotations debian.master/config/annotations | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)