Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Thu, 2018-03-15 at 10:29 -0700, James Bottomley wrote: > On Thu, 2018-03-15 at 13:14 -0400, Mimi Zohar wrote: > > On Thu, 2018-03-15 at 10:08 -0700, James Bottomley wrote: > > > > > > On Thu, 2018-03-15 at 12:19 -0400, Mimi Zohar wrote: > > > > > > > > > > > > > If EFI is extending the TPM,

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Thu, 2018-03-15 at 10:29 -0700, James Bottomley wrote: > On Thu, 2018-03-15 at 13:14 -0400, Mimi Zohar wrote: > > On Thu, 2018-03-15 at 10:08 -0700, James Bottomley wrote: > > > > > > On Thu, 2018-03-15 at 12:19 -0400, Mimi Zohar wrote: > > > > > > > > > > > > > If EFI is extending the TPM,

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Thu, 2018-03-15 at 13:14 -0400, Mimi Zohar wrote: > On Thu, 2018-03-15 at 10:08 -0700, James Bottomley wrote: > > > > On Thu, 2018-03-15 at 12:19 -0400, Mimi Zohar wrote: > > > > > > > > > If EFI is extending the TPM, will the events be added to the TPM > > > event log or to the IMA

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Thu, 2018-03-15 at 13:14 -0400, Mimi Zohar wrote: > On Thu, 2018-03-15 at 10:08 -0700, James Bottomley wrote: > > > > On Thu, 2018-03-15 at 12:19 -0400, Mimi Zohar wrote: > > > > > > > > > If EFI is extending the TPM, will the events be added to the TPM > > > event log or to the IMA

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Thu, 2018-03-15 at 10:08 -0700, James Bottomley wrote: > On Thu, 2018-03-15 at 12:19 -0400, Mimi Zohar wrote: > > If EFI is extending the TPM, will the events be added to the TPM > > event log or to the IMA measurement list? > > I'm not proposing any changes to the tpm_pcr_extend API.  At the

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Thu, 2018-03-15 at 10:08 -0700, James Bottomley wrote: > On Thu, 2018-03-15 at 12:19 -0400, Mimi Zohar wrote: > > If EFI is extending the TPM, will the events be added to the TPM > > event log or to the IMA measurement list? > > I'm not proposing any changes to the tpm_pcr_extend API.  At the

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Thu, 2018-03-15 at 12:19 -0400, Mimi Zohar wrote: > On Wed, 2018-03-14 at 10:25 -0700, James Bottomley wrote: > > > > On Wed, 2018-03-14 at 13:08 -0400, Mimi Zohar wrote: > [..] > > > > > > > > Adding additional support for post IMA-initialization for TPM's > > > built as kernel modules is

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Thu, 2018-03-15 at 12:19 -0400, Mimi Zohar wrote: > On Wed, 2018-03-14 at 10:25 -0700, James Bottomley wrote: > > > > On Wed, 2018-03-14 at 13:08 -0400, Mimi Zohar wrote: > [..] > > > > > > > > Adding additional support for post IMA-initialization for TPM's > > > built as kernel modules is

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-14 at 10:25 -0700, James Bottomley wrote: > On Wed, 2018-03-14 at 13:08 -0400, Mimi Zohar wrote: [..] > > Adding additional support for post IMA-initialization for TPM's built > > as kernel modules is clearly not optimal for all of the reasons > > provided to now and will be

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-14 at 10:25 -0700, James Bottomley wrote: > On Wed, 2018-03-14 at 13:08 -0400, Mimi Zohar wrote: [..] > > Adding additional support for post IMA-initialization for TPM's built > > as kernel modules is clearly not optimal for all of the reasons > > provided to now and will be

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-14 at 13:08 -0400, Mimi Zohar wrote: > On Wed, 2018-03-14 at 07:41 -0700, James Bottomley wrote: [...] > > What about a compromise: we > > already get the boot loader to do measurements and PCR extensions > > using the BIOS TPM driver, there's no reason why we can't do the > > same

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-14 at 13:08 -0400, Mimi Zohar wrote: > On Wed, 2018-03-14 at 07:41 -0700, James Bottomley wrote: [...] > > What about a compromise: we > > already get the boot loader to do measurements and PCR extensions > > using the BIOS TPM driver, there's no reason why we can't do the > > same

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-14 at 07:41 -0700, James Bottomley wrote: > On Tue, 2018-03-13 at 12:57 +, Safford, David (GE Global Research, > US) wrote: > > > > > > -Original Message- > > > From: James Bottomley [mailto:james.bottom...@hansenpartnership.com > > > ] > > > Sent: Monday, March 12,

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-14 at 07:41 -0700, James Bottomley wrote: > On Tue, 2018-03-13 at 12:57 +, Safford, David (GE Global Research, > US) wrote: > > > > > > -Original Message- > > > From: James Bottomley [mailto:james.bottom...@hansenpartnership.com > > > ] > > > Sent: Monday, March 12,

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Tue, 2018-03-13 at 12:57 +, Safford, David (GE Global Research, US) wrote: > > > > -Original Message- > > From: James Bottomley [mailto:james.bottom...@hansenpartnership.com > > ] > > Sent: Monday, March 12, 2018 8:07 PM > > To: Mimi Zohar ; Jiandi An

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Tue, 2018-03-13 at 12:57 +, Safford, David (GE Global Research, US) wrote: > > > > -Original Message- > > From: James Bottomley [mailto:james.bottom...@hansenpartnership.com > > ] > > Sent: Monday, March 12, 2018 8:07 PM > > To: Mimi Zohar ; Jiandi An [...] > > > > The key question

[PATCH] security: Fix IMA Kconfig for dependencies on ARM64

h, US) <david.saff...@ge.com> > Subject: EXT: Re: [PATCH] security: Fix IMA Kconfig for dependencies on > ARM64 > > On Mon, 2018-03-12 at 19:30 -0400, Mimi Zohar wrote: > > On Mon, 2018-03-12 at 15:30 -0700, James Bottomley wrote: > > > > > > On Mon, 2018-03-

[PATCH] security: Fix IMA Kconfig for dependencies on ARM64

gr...@vger.kernel.org; linux-ima-de...@lists.sourceforge.net; > linux-ima-u...@lists.sourceforge.net; linux-security- > mod...@vger.kernel.org; linux-kernel@vger.kernel.org; Safford, David (GE > Global Research, US) > Subject: EXT: Re: [PATCH] security: Fix IMA Kconfig for dependencies o

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Mon, 2018-03-12 at 19:30 -0400, Mimi Zohar wrote: > On Mon, 2018-03-12 at 15:30 -0700, James Bottomley wrote: > > > > On Mon, 2018-03-12 at 17:53 -0400, Mimi Zohar wrote: > [...] > > > > > > > > - This use case, when the TPM is not builtin and unavailable > > > before > > > IMA is

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Mon, 2018-03-12 at 19:30 -0400, Mimi Zohar wrote: > On Mon, 2018-03-12 at 15:30 -0700, James Bottomley wrote: > > > > On Mon, 2018-03-12 at 17:53 -0400, Mimi Zohar wrote: > [...] > > > > > > > > - This use case, when the TPM is not builtin and unavailable > > > before > > > IMA is

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Mon, 2018-03-12 at 15:30 -0700, James Bottomley wrote: > On Mon, 2018-03-12 at 17:53 -0400, Mimi Zohar wrote: [...] > > - This use case, when the TPM is not builtin and unavailable before > > IMA is initialized. > > > > I would classify this use case as an IMA testing/debugging > >

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Mon, 2018-03-12 at 15:30 -0700, James Bottomley wrote: > On Mon, 2018-03-12 at 17:53 -0400, Mimi Zohar wrote: [...] > > - This use case, when the TPM is not builtin and unavailable before > > IMA is initialized. > > > > I would classify this use case as an IMA testing/debugging > >

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Mon, 2018-03-12 at 17:05 -0600, Jason Gunthorpe wrote: > On Mon, Mar 12, 2018 at 06:58:45PM -0400, Mimi Zohar wrote: > > On Mon, 2018-03-12 at 15:59 -0600, Jason Gunthorpe wrote: > > > On Mon, Mar 12, 2018 at 05:53:18PM -0400, Mimi Zohar wrote: > > > > > > > Using Kconfig to force the TPM to

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Mon, 2018-03-12 at 17:05 -0600, Jason Gunthorpe wrote: > On Mon, Mar 12, 2018 at 06:58:45PM -0400, Mimi Zohar wrote: > > On Mon, 2018-03-12 at 15:59 -0600, Jason Gunthorpe wrote: > > > On Mon, Mar 12, 2018 at 05:53:18PM -0400, Mimi Zohar wrote: > > > > > > > Using Kconfig to force the TPM to

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Mon, Mar 12, 2018 at 06:58:45PM -0400, Mimi Zohar wrote: > On Mon, 2018-03-12 at 15:59 -0600, Jason Gunthorpe wrote: > > On Mon, Mar 12, 2018 at 05:53:18PM -0400, Mimi Zohar wrote: > > > > > Using Kconfig to force the TPM to be builtin is not required, but > > > helpful.  Users interested in

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Mon, Mar 12, 2018 at 06:58:45PM -0400, Mimi Zohar wrote: > On Mon, 2018-03-12 at 15:59 -0600, Jason Gunthorpe wrote: > > On Mon, Mar 12, 2018 at 05:53:18PM -0400, Mimi Zohar wrote: > > > > > Using Kconfig to force the TPM to be builtin is not required, but > > > helpful.  Users interested in

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Mon, 2018-03-12 at 15:59 -0600, Jason Gunthorpe wrote: > On Mon, Mar 12, 2018 at 05:53:18PM -0400, Mimi Zohar wrote: > > > Using Kconfig to force the TPM to be builtin is not required, but > > helpful.  Users interested in IMA-measurement could configure the TPM > > as builtin themselves.  

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Mon, 2018-03-12 at 15:59 -0600, Jason Gunthorpe wrote: > On Mon, Mar 12, 2018 at 05:53:18PM -0400, Mimi Zohar wrote: > > > Using Kconfig to force the TPM to be builtin is not required, but > > helpful.  Users interested in IMA-measurement could configure the TPM > > as builtin themselves.  

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Mon, 2018-03-12 at 17:53 -0400, Mimi Zohar wrote: > On Fri, 2018-03-09 at 09:11 -0800, James Bottomley wrote: > > > > On Thu, 2018-03-08 at 12:42 -0600, Jiandi An wrote: > > [...] > > > > > > I'm no expert on IMA and its driver.  James, will you be kind > > > enough to look into overhauling

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Mon, 2018-03-12 at 17:53 -0400, Mimi Zohar wrote: > On Fri, 2018-03-09 at 09:11 -0800, James Bottomley wrote: > > > > On Thu, 2018-03-08 at 12:42 -0600, Jiandi An wrote: > > [...] > > > > > > I'm no expert on IMA and its driver.  James, will you be kind > > > enough to look into overhauling

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Mon, Mar 12, 2018 at 05:53:18PM -0400, Mimi Zohar wrote: > Using Kconfig to force the TPM to be builtin is not required, but > helpful.  Users interested in IMA-measurement could configure the TPM > as builtin themselves.  Without the TPM builtin, IMA goes into TPM- > bypass mode. This

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Mon, Mar 12, 2018 at 05:53:18PM -0400, Mimi Zohar wrote: > Using Kconfig to force the TPM to be builtin is not required, but > helpful.  Users interested in IMA-measurement could configure the TPM > as builtin themselves.  Without the TPM builtin, IMA goes into TPM- > bypass mode. This

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Fri, 2018-03-09 at 09:11 -0800, James Bottomley wrote: > On Thu, 2018-03-08 at 12:42 -0600, Jiandi An wrote: > [...] > > I'm no expert on IMA and its driver.  James, will you be kind enough > > to look into overhauling the IMA driver to not measure until after  > > initrd phase if that's the

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Fri, 2018-03-09 at 09:11 -0800, James Bottomley wrote: > On Thu, 2018-03-08 at 12:42 -0600, Jiandi An wrote: > [...] > > I'm no expert on IMA and its driver.  James, will you be kind enough > > to look into overhauling the IMA driver to not measure until after  > > initrd phase if that's the

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Tue, 2018-03-06 at 23:26 -0600, Jiandi An wrote: > TPM_CRB driver is the TPM support for ARM64. If it > is built as module, TPM chip is registered after IMA > init. tpm_pcr_read() in IMA driver would fail and > display the following message even though eventually > there is TPM chip on the

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Tue, 2018-03-06 at 23:26 -0600, Jiandi An wrote: > TPM_CRB driver is the TPM support for ARM64. If it > is built as module, TPM chip is registered after IMA > init. tpm_pcr_read() in IMA driver would fail and > display the following message even though eventually > there is TPM chip on the

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Thu, 2018-03-08 at 12:42 -0600, Jiandi An wrote: [...] > I'm no expert on IMA and its driver.  James, will you be kind enough > to look into overhauling the IMA driver to not measure until after  > initrd phase if that's the consensus on resolving this? I'll add it to my todo list. Since my

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Thu, 2018-03-08 at 12:42 -0600, Jiandi An wrote: [...] > I'm no expert on IMA and its driver.  James, will you be kind enough > to look into overhauling the IMA driver to not measure until after  > initrd phase if that's the consensus on resolving this? I'll add it to my todo list. Since my

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Thu, 2018-03-08 at 12:42 -0600, Jiandi An wrote: > So from the discussion, I hear James suggests to overhaul the current > IMA driver to not do measurement (calling tpm_pcr_read(), etc) until > after initrd phase so TPM drivers can be built as modules. > > I hear Mimi insists TPM drivers

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Thu, 2018-03-08 at 12:42 -0600, Jiandi An wrote: > So from the discussion, I hear James suggests to overhaul the current > IMA driver to not do measurement (calling tpm_pcr_read(), etc) until > after initrd phase so TPM drivers can be built as modules. > > I hear Mimi insists TPM drivers

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On 03/07/2018 04:19 PM, Mimi Zohar wrote: On Wed, 2018-03-07 at 11:41 -0800, James Bottomley wrote: On Wed, 2018-03-07 at 14:21 -0500, Mimi Zohar wrote: On Wed, 2018-03-07 at 11:08 -0800, James Bottomley wrote: On Wed, 2018-03-07 at 13:55 -0500, Mimi Zohar wrote: On Wed, 2018-03-07 at

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On 03/07/2018 04:19 PM, Mimi Zohar wrote: On Wed, 2018-03-07 at 11:41 -0800, James Bottomley wrote: On Wed, 2018-03-07 at 14:21 -0500, Mimi Zohar wrote: On Wed, 2018-03-07 at 11:08 -0800, James Bottomley wrote: On Wed, 2018-03-07 at 13:55 -0500, Mimi Zohar wrote: On Wed, 2018-03-07 at

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-07 at 11:41 -0800, James Bottomley wrote: > On Wed, 2018-03-07 at 14:21 -0500, Mimi Zohar wrote: > > On Wed, 2018-03-07 at 11:08 -0800, James Bottomley wrote: > > > > > > On Wed, 2018-03-07 at 13:55 -0500, Mimi Zohar wrote: > > > > > > > > On Wed, 2018-03-07 at 11:51 -0700, Jason

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-07 at 11:41 -0800, James Bottomley wrote: > On Wed, 2018-03-07 at 14:21 -0500, Mimi Zohar wrote: > > On Wed, 2018-03-07 at 11:08 -0800, James Bottomley wrote: > > > > > > On Wed, 2018-03-07 at 13:55 -0500, Mimi Zohar wrote: > > > > > > > > On Wed, 2018-03-07 at 11:51 -0700, Jason

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-07 at 15:12 -0600, Jiandi An wrote: > > On 03/07/2018 01:41 PM, James Bottomley wrote: > > > > On Wed, 2018-03-07 at 14:21 -0500, Mimi Zohar wrote: > > > > > > On Wed, 2018-03-07 at 11:08 -0800, James Bottomley wrote: > > > > > > > > > > > > On Wed, 2018-03-07 at 13:55 -0500,

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-07 at 15:12 -0600, Jiandi An wrote: > > On 03/07/2018 01:41 PM, James Bottomley wrote: > > > > On Wed, 2018-03-07 at 14:21 -0500, Mimi Zohar wrote: > > > > > > On Wed, 2018-03-07 at 11:08 -0800, James Bottomley wrote: > > > > > > > > > > > > On Wed, 2018-03-07 at 13:55 -0500,

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On 03/07/2018 01:41 PM, James Bottomley wrote: On Wed, 2018-03-07 at 14:21 -0500, Mimi Zohar wrote: On Wed, 2018-03-07 at 11:08 -0800, James Bottomley wrote: On Wed, 2018-03-07 at 13:55 -0500, Mimi Zohar wrote: On Wed, 2018-03-07 at 11:51 -0700, Jason Gunthorpe wrote: On Tue, Mar 06,

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On 03/07/2018 01:41 PM, James Bottomley wrote: On Wed, 2018-03-07 at 14:21 -0500, Mimi Zohar wrote: On Wed, 2018-03-07 at 11:08 -0800, James Bottomley wrote: On Wed, 2018-03-07 at 13:55 -0500, Mimi Zohar wrote: On Wed, 2018-03-07 at 11:51 -0700, Jason Gunthorpe wrote: On Tue, Mar 06,

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-07 at 14:21 -0500, Mimi Zohar wrote: > On Wed, 2018-03-07 at 11:08 -0800, James Bottomley wrote: > > > > On Wed, 2018-03-07 at 13:55 -0500, Mimi Zohar wrote: > > > > > > On Wed, 2018-03-07 at 11:51 -0700, Jason Gunthorpe wrote: > > > > > > > > > > > > On Tue, Mar 06, 2018 at

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-07 at 14:21 -0500, Mimi Zohar wrote: > On Wed, 2018-03-07 at 11:08 -0800, James Bottomley wrote: > > > > On Wed, 2018-03-07 at 13:55 -0500, Mimi Zohar wrote: > > > > > > On Wed, 2018-03-07 at 11:51 -0700, Jason Gunthorpe wrote: > > > > > > > > > > > > On Tue, Mar 06, 2018 at

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-07 at 11:08 -0800, James Bottomley wrote: > On Wed, 2018-03-07 at 13:55 -0500, Mimi Zohar wrote: > > On Wed, 2018-03-07 at 11:51 -0700, Jason Gunthorpe wrote: > > > > > > On Tue, Mar 06, 2018 at 11:26:26PM -0600, Jiandi An wrote: > > > > > > > > TPM_CRB driver is the TPM support

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-07 at 11:08 -0800, James Bottomley wrote: > On Wed, 2018-03-07 at 13:55 -0500, Mimi Zohar wrote: > > On Wed, 2018-03-07 at 11:51 -0700, Jason Gunthorpe wrote: > > > > > > On Tue, Mar 06, 2018 at 11:26:26PM -0600, Jiandi An wrote: > > > > > > > > TPM_CRB driver is the TPM support

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-07 at 13:55 -0500, Mimi Zohar wrote: > On Wed, 2018-03-07 at 11:51 -0700, Jason Gunthorpe wrote: > > > > On Tue, Mar 06, 2018 at 11:26:26PM -0600, Jiandi An wrote: > > > > > > TPM_CRB driver is the TPM support for ARM64.  If it > > > is built as module, TPM chip is registered

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-07 at 13:55 -0500, Mimi Zohar wrote: > On Wed, 2018-03-07 at 11:51 -0700, Jason Gunthorpe wrote: > > > > On Tue, Mar 06, 2018 at 11:26:26PM -0600, Jiandi An wrote: > > > > > > TPM_CRB driver is the TPM support for ARM64.  If it > > > is built as module, TPM chip is registered

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-07 at 11:51 -0700, Jason Gunthorpe wrote: > On Tue, Mar 06, 2018 at 11:26:26PM -0600, Jiandi An wrote: > > TPM_CRB driver is the TPM support for ARM64. If it > > is built as module, TPM chip is registered after IMA > > init. tpm_pcr_read() in IMA driver would fail and > > display

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Wed, 2018-03-07 at 11:51 -0700, Jason Gunthorpe wrote: > On Tue, Mar 06, 2018 at 11:26:26PM -0600, Jiandi An wrote: > > TPM_CRB driver is the TPM support for ARM64. If it > > is built as module, TPM chip is registered after IMA > > init. tpm_pcr_read() in IMA driver would fail and > > display

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Tue, Mar 06, 2018 at 11:26:26PM -0600, Jiandi An wrote: > TPM_CRB driver is the TPM support for ARM64. If it > is built as module, TPM chip is registered after IMA > init. tpm_pcr_read() in IMA driver would fail and > display the following message even though eventually > there is TPM chip on

Re: [PATCH] security: Fix IMA Kconfig for dependencies on ARM64

On Tue, Mar 06, 2018 at 11:26:26PM -0600, Jiandi An wrote: > TPM_CRB driver is the TPM support for ARM64. If it > is built as module, TPM chip is registered after IMA > init. tpm_pcr_read() in IMA driver would fail and > display the following message even though eventually > there is TPM chip on

[PATCH] security: Fix IMA Kconfig for dependencies on ARM64

TPM_CRB driver is the TPM support for ARM64. If it is built as module, TPM chip is registered after IMA init. tpm_pcr_read() in IMA driver would fail and display the following message even though eventually there is TPM chip on the system: ima: No TPM chip found, activating TPM-bypass! (rc=-19)

[PATCH] security: Fix IMA Kconfig for dependencies on ARM64

TPM_CRB driver is the TPM support for ARM64. If it is built as module, TPM chip is registered after IMA init. tpm_pcr_read() in IMA driver would fail and display the following message even though eventually there is TPM chip on the system: ima: No TPM chip found, activating TPM-bypass! (rc=-19)