| Message ID | 20240528165632.367952-1-mitchell.augustin@canonical.com |
|---|---|
| Headers | show |
| Series | UBUNTU: [Config]: Configure TPM drivers as builtins for arm64 in annotations | expand |
Looks good to me, and the feedback from others appears to have been addressed. Acked-by: Jacob Martin <jacob.martin@canonical.com> On 5/28/24 11:56 AM, mitchell.augustin@canonical.com wrote: > From: Mitchell Augustin <mitchell.augustin@canonical.com> > > BugLink: https://bugs.launchpad.net/bugs/2037688 > > [Impact] > > On Grace systems, the IMA driver emits the following log: > > ima: No TPM chip found, activating TPM-bypass! > > This occurs because the IMA driver initializes before we are able to detect > the TPM. This will always be the case when the drivers required to > communicate with the TPM, spi_tegra210_quad and tpm_tis_spi, are built as > modules. > > [Test case] > > This change has been applied to the kernel in the following PPA, and > both the 64k and 4k page size variants have been verified to allow > the TPM to load as expected on our Grace machine: > https://launchpad.net/~mitchellaugustin/+archive/ubuntu/grace-tpm-config-patch-4-24 > > [Fix] > > Having these drivers as built-ins ensures that the TPM is available before > the IMA driver initializes. > > [Regression potential] > > The only potential regression I could expect is the increased binary > size > due to the additional modules being built-in > > Mitchell Augustin (1): > UBUNTU: [Config]: Configure TPM drivers as builtins for arm64 in > annotations > > debian.master/config/annotations | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >
On Tue, May 28, 2024 at 11:56:32AM -0500, mitchell.augustin@canonical.com wrote: > From: Mitchell Augustin <mitchell.augustin@canonical.com> > > BugLink: https://bugs.launchpad.net/bugs/2037688 Seems sensible. Acked-by: Paolo Pisati <paolo.pisati@canonical.com>
On Tue, May 28, 2024 at 11:56:32AM -0500, mitchell.augustin@canonical.com wrote: > From: Mitchell Augustin <mitchell.augustin@canonical.com> > > BugLink: https://bugs.launchpad.net/bugs/2037688 Acked-by: Paolo Pisati <paolo.pisati@canonical.com>
From: Mitchell Augustin <mitchell.augustin@canonical.com> BugLink: https://bugs.launchpad.net/bugs/2037688 [Impact] On Grace systems, the IMA driver emits the following log: ima: No TPM chip found, activating TPM-bypass! This occurs because the IMA driver initializes before we are able to detect the TPM. This will always be the case when the drivers required to communicate with the TPM, spi_tegra210_quad and tpm_tis_spi, are built as modules. [Test case] This change has been applied to the kernel in the following PPA, and both the 64k and 4k page size variants have been verified to allow the TPM to load as expected on our Grace machine: https://launchpad.net/~mitchellaugustin/+archive/ubuntu/grace-tpm-config-patch-4-24 [Fix] Having these drivers as built-ins ensures that the TPM is available before the IMA driver initializes. [Regression potential] The only potential regression I could expect is the increased binary size due to the additional modules being built-in Mitchell Augustin (1): UBUNTU: [Config]: Configure TPM drivers as builtins for arm64 in annotations debian.master/config/annotations | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)