[Kernel-packages] [Bug 2037688] Re: Pull-request to address TPM bypass issue
This bug was fixed in the package linux-nvidia-6.2 - 6.2.0-1011.11 --- linux-nvidia-6.2 (6.2.0-1011.11) jammy; urgency=medium * jammy/linux-nvidia-6.2: 6.2.0-1011.11 -proposed tracker (LP: #2038074) * Packaging resync (LP: #1786013) - [Packaging] resync update-dkms-versions helper - [Packaging] resync getabis * Enable building and signing of the nvidia-fs out-of-tree kernel module. (LP: #2038099) - NVIDIA: [Packaging] debian/dkms-versions: add in nvidia-fs to dkms-versions and add nvidia build depends for nvidia-fs-dkms * Pull-request to address TPM bypass issue (LP: #2037688) - NVIDIA: [Config]: Ensure the TPM is available before IMA initializes * Pull-request to address ARM CoreSoght PMU issues (LP: #2033685) - perf: arm_cspmu: Fix variable dereference warning - ACPI/APMT: Don't register invalid resource - perf/arm_cspmu: Clean up ACPI dependency - perf/arm_cspmu: Decouple APMT dependency - perf: arm_cspmu: Add missing MODULE_DEVICE_TABLE [ Ubuntu: 6.2.0-36.37~22.04.1 ] * jammy/linux-hwe-6.2: 6.2.0-36.37~22.04.1 -proposed tracker (LP: #2038075) * lunar/linux: 6.2.0-36.37 -proposed tracker (LP: #2038076) * Regression for ubuntu_bpf test build caused by upstream bdeeed3498c7 (LP: #2035181) - selftests/bpf: fix static assert compilation issue for test_cls_*.c * CVE-2023-4244 - netfilter: nf_tables: don't skip expired elements during walk - netfilter: nf_tables: adapt set backend to use GC transaction API - netfilter: nft_set_hash: mark set element as dead when deleting from packet path - netfilter: nf_tables: GC transaction API to avoid race with control plane - netfilter: nf_tables: don't fail inserts if duplicate has expired - netfilter: nf_tables: fix kdoc warnings after gc rework - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path - netfilter: nf_tables: GC transaction race with netns dismantle - netfilter: nf_tables: GC transaction race with abort path - netfilter: nf_tables: use correct lock to protect gc_list - netfilter: nf_tables: defer gc run if previous batch is still pending - netfilter: nft_dynset: disallow object maps - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction * CVE-2023-4563 - netfilter: nf_tables: remove busy mark and gc batch API * CVE-2023-42756 - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP * CVE-2023-4623 - net/sched: sch_hfsc: Ensure inner classes have fsc curve * Fix unstable audio at low levels on Thinkpad P1G4 (LP: #2037077) - ALSA: hda/realtek - ALC287 I2S speaker platform support * Lunar update: upstream stable patchset 2023-09-21 (LP: #2037005) - Upstream stable to v6.1.41, v6.4.6 - io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq - ALSA: hda/realtek - remove 3k pull low procedure - ALSA: hda/realtek: Add quirk for Clevo NS70AU - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx - maple_tree: set the node limit when creating a new root node - maple_tree: fix node allocation testing on 32 bit - keys: Fix linking a duplicate key to a keyring's assoc_array - perf probe: Add test for regression introduced by switch to die_get_decl_file() - btrfs: fix warning when putting transaction with qgroups enabled after abort - fuse: revalidate: don't invalidate if interrupted - fuse: Apply flags2 only when userspace set the FUSE_INIT_EXT - btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand - btrfs: zoned: fix memory leak after finding block group with super blocks - fuse: ioctl: translate ENOSYS in outarg - btrfs: fix race between balance and cancel/pause - selftests: tc: set timeout to 15 minutes - selftests: tc: add 'ct' action kconfig dep - regmap: Drop initial version of maximum transfer length fixes - of: Preserve "of-display" device name for compatibility - regmap: Account for register length in SMBus I/O limits - arm64/fpsimd: Ensure SME storage is allocated after SVE VL changes - can: mcp251xfd: __mcp251xfd_chip_set_mode(): increase poll timeout - can: bcm: Fix UAF in bcm_proc_show() - can: gs_usb: gs_can_open(): improve error handling - selftests: tc: add ConnTrack procfs kconfig - dma-buf/dma-resv: Stop leaking on krealloc() failure - drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel - drm/amdgpu/pm: make gfxclock consistent for sienna cichlid - drm/amdgpu/pm: make mclk consistent for smu 13.0.7 - drm/client: Fix memory leak in drm_client_target_cloned - drm/client: Fix memory leak in drm_client_modeset_probe - drm/amd/display: only accept async flips for fast updates - drm/amd/display: Disable MPC split by default on special asic - drm/amd/display: check TG is non-null before checking if enabled -
[Kernel-packages] [Bug 2037688] Re: Pull-request to address TPM bypass issue
This bug is awaiting verification that the linux- nvidia-6.2/6.2.0-1011.11 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-nvidia-6.2' to 'verification-done-jammy-linux-nvidia-6.2'. If the problem still exists, change the tag 'verification-needed-jammy-linux-nvidia-6.2' to 'verification-failed-jammy-linux-nvidia-6.2'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-nvidia-6.2-v2 verification-needed-jammy-linux-nvidia-6.2 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-nvidia-6.2 in Ubuntu. https://bugs.launchpad.net/bugs/2037688 Title: Pull-request to address TPM bypass issue Status in linux-nvidia-6.2 package in Ubuntu: Fix Committed Status in linux-nvidia-6.2 source package in Jammy: Fix Committed Bug description: NVIDIA: [Config]: Ensure the TPM is available before IMA initializes Set the following configs: CONFIG_SPI_TEGRA210_QUAD=y CONFIG_TCG_TIS_SPI=y On Grace systems, the IMA driver emits the following log: ima: No TPM chip found, activating TPM-bypass! This occurs because the IMA driver initializes before we are able to detect the TPM. This will always be the case when the drivers required to communicate with the TPM, spi_tegra210_quad and tpm_tis_spi, are built as modules. Having these drivers as built-ins ensures that the TPM is available before the IMA driver initializes. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-nvidia-6.2/+bug/2037688/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2037688] Re: Pull-request to address TPM bypass issue
** Changed in: linux-nvidia-6.2 (Ubuntu Jammy) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-nvidia-6.2 in Ubuntu. https://bugs.launchpad.net/bugs/2037688 Title: Pull-request to address TPM bypass issue Status in linux-nvidia-6.2 package in Ubuntu: Fix Committed Status in linux-nvidia-6.2 source package in Jammy: Fix Committed Bug description: NVIDIA: [Config]: Ensure the TPM is available before IMA initializes Set the following configs: CONFIG_SPI_TEGRA210_QUAD=y CONFIG_TCG_TIS_SPI=y On Grace systems, the IMA driver emits the following log: ima: No TPM chip found, activating TPM-bypass! This occurs because the IMA driver initializes before we are able to detect the TPM. This will always be the case when the drivers required to communicate with the TPM, spi_tegra210_quad and tpm_tis_spi, are built as modules. Having these drivers as built-ins ensures that the TPM is available before the IMA driver initializes. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-nvidia-6.2/+bug/2037688/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2037688] Re: Pull-request to address TPM bypass issue
** Also affects: linux-nvidia-6.2 (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: linux-nvidia-6.2 (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-nvidia-6.2 in Ubuntu. https://bugs.launchpad.net/bugs/2037688 Title: Pull-request to address TPM bypass issue Status in linux-nvidia-6.2 package in Ubuntu: Fix Committed Status in linux-nvidia-6.2 source package in Jammy: New Bug description: NVIDIA: [Config]: Ensure the TPM is available before IMA initializes Set the following configs: CONFIG_SPI_TEGRA210_QUAD=y CONFIG_TCG_TIS_SPI=y On Grace systems, the IMA driver emits the following log: ima: No TPM chip found, activating TPM-bypass! This occurs because the IMA driver initializes before we are able to detect the TPM. This will always be the case when the drivers required to communicate with the TPM, spi_tegra210_quad and tpm_tis_spi, are built as modules. Having these drivers as built-ins ensures that the TPM is available before the IMA driver initializes. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-nvidia-6.2/+bug/2037688/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
