Hi,
Thanks for the report.
On Sat, Sep 09, 2023 at 12:38:21PM +0100, Tj wrote:
> Source: linux
> Severity: normal
>
> Working with a Debian user in Matrix channel #Debian where they report
> that the TPM hardware random number generator that was available in
> v5.10* series is missing from v6.1* series for the amd64 kernel.
>
> After examining the Kconfig options and the Debian configs I found that
> due to commit 6e679322d7d "Re-enable IMA" that possibly inadvertently
> it disabled HW_RANDOM_TPM.
>
> The reason being that we have:
>
> config HW_RANDOM_TPM
> bool "TPM HW Random Number Generator support"
> depends on TCG_TPM && HW_RANDOM && !(TCG_TPM=y && HW_RANDOM=m)
>
> And when IMA=y that does:
>
> config IMA
> bool "Integrity Measurement Architecture(IMA)"
> ...
> select TCG_TPM if HAS_IOMEM
>
> And `select` will force the target to the same value as this option.
>
> TCG_TPM is tri-state (n,y,m) but IMA is boolean (n,y) so this select
> forces TCG_TPM=y.
>
> so !(TCG_TPM=y && HW_RANDOM=m) is true and therefore HW_RANDOM_TPM is
> not set.
>
> $ grep -rnE 'CONFIG_(IMA|TCG_TPM|HW_RANDOM)=' debian/config
> /boot/config-6.1.0-11-amd64
> debian/config/config:457:CONFIG_HW_RANDOM=m
> debian/config/config:7752:CONFIG_IMA=y
> debian/config/arm64/config:172:CONFIG_TCG_TPM=m
> debian/config/kernelarch-x86/config:332:CONFIG_TCG_TPM=m
> debian/config/config.cloud:149:CONFIG_TCG_TPM=m
> /boot/config-6.1.0-11-amd64:4324:CONFIG_HW_RANDOM=m
> /boot/config-6.1.0-11-amd64:4352:CONFIG_TCG_TPM=y
> /boot/config-6.1.0-11-amd64:9774:CONFIG_IMA=y
The issue is handled already in #1041007, so merging both.
There is a MR to get the change first in unstable:
https://salsa.debian.org/kernel-team/linux/-/merge_requests/821
after that it can go into bookworm (likely in the next bookworm point
release).
Regards,
Salvatore
