Hi, Thanks for the report.
On Sat, Sep 09, 2023 at 12:38:21PM +0100, Tj wrote: > Source: linux > Severity: normal > > Working with a Debian user in Matrix channel #Debian where they report > that the TPM hardware random number generator that was available in > v5.10* series is missing from v6.1* series for the amd64 kernel. > > After examining the Kconfig options and the Debian configs I found that > due to commit 6e679322d7d "Re-enable IMA" that possibly inadvertently > it disabled HW_RANDOM_TPM. > > The reason being that we have: > > config HW_RANDOM_TPM > bool "TPM HW Random Number Generator support" > depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m) > > And when IMA=y that does: > > config IMA > bool "Integrity Measurement Architecture(IMA)" > ... > select TCG_TPM if HAS_IOMEM > > And `select` will force the target to the same value as this option. > > TCG_TPM is tri-state (n,y,m) but IMA is boolean (n,y) so this select > forces TCG_TPM=y. > > so !(TCG_TPM=y && HW_RANDOM=m) is true and therefore HW_RANDOM_TPM is > not set. > > $ grep -rnE 'CONFIG_(IMA|TCG_TPM|HW_RANDOM)=' debian/config > /boot/config-6.1.0-11-amd64 > debian/config/config:457:CONFIG_HW_RANDOM=m > debian/config/config:7752:CONFIG_IMA=y > debian/config/arm64/config:172:CONFIG_TCG_TPM=m > debian/config/kernelarch-x86/config:332:CONFIG_TCG_TPM=m > debian/config/config.cloud:149:CONFIG_TCG_TPM=m > /boot/config-6.1.0-11-amd64:4324:CONFIG_HW_RANDOM=m > /boot/config-6.1.0-11-amd64:4352:CONFIG_TCG_TPM=y > /boot/config-6.1.0-11-amd64:9774:CONFIG_IMA=y The issue is handled already in #1041007, so merging both. There is a MR to get the change first in unstable: https://salsa.debian.org/kernel-team/linux/-/merge_requests/821 after that it can go into bookworm (likely in the next bookworm point release). Regards, Salvatore
