On Mon, May 4, 2026 at 8:03 AM Mimi Zohar <[email protected]> wrote: > On Sun, 2026-05-03 at 12:46 -0400, Paul Moore wrote: > > Regardless, assuming you always want IMA to leverage a TPMs when they > > exist, your reply suggests that using an initcall based IMA init > > scheme, even a late-sync initcall, may not be sufficient because > > deferred TPM initialization could happen later, yes? > > Well yeah. The TPM could be configured as a module, but that scenario is not > of > interest. That's way too late. The case being addressed in this patch set is > when the TPM driver tries to initialize at device_initcall, returns > EPROBE_DEFER, and is retried at deferred_probe_initcall (late_initcall). > Since > ordering within an initcall is not supported, this patch attempts to > initialize > IMA at late_initcall and similarly retries, in this case, at > late_initcall_sync.
Okay, so from a TPM initialization perspective you are satisfied with a late-sync IMA initialization, yes? -- paul-moore.com
