------- Comment From [email protected] 2017-02-23 16:09 EDT------- I've verified that the kernel config options we requested are in fact enabled in the Ubuntu 17.04 daily kernel. However, there are 2 problems for which I'll open separate bugs.
1. Some additional options that were not requested and should not be enabled were enabled: CONFIG_IMA_APPRAISE_SIGNED_INIT CONFIG_IMA_BLACKLIST_KEYRING CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY CONFIG_IIMA_READ_POLICY CONFIG_IIMA_WRITE_POLICY 2. We've found that msleep() is buggy and causes excessive delays in TPM extend operations during bursts of measurements from IMA. Currently with IMA enabled by passing ima_tcb on the kernel command line, the kernel will not boot. We have a proof of concept patch that changes msleep() to usleep_ranged() in the Nuvoton I2C TPM device driver, which remedies the problem on our platform. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1643652 Title: [17.04 FEAT] Build IMA and the TPM device drivers into the KVM on POWER host/NV kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1643652/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
