From: Mimi Zohar <zohar@linux.ibm.com>
To: Yeoreum Yun <yeoreum.yun@arm.com>,
jarkko@kernel.org, sudeep.holla@arm.com, peterhuewe@gmx.de,
jgg@ziepe.ca, stuart.yoder@arm.com
Cc: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org
Subject: Re: [PATCH v4 2/2] tpm: tpm_crb_ffa: try to probe tpm_crb_ffa when it's built-in
Date: Sun, 22 Jun 2025 08:23:54 -0400 [thread overview]
Message-ID: <82acbfc071095da7cc153ec8f2fbdca6316c82bd.camel@linux.ibm.com> (raw)
In-Reply-To: <20250618102302.2379029-3-yeoreum.yun@arm.com>
On Wed, 2025-06-18 at 11:23 +0100, Yeoreum Yun wrote:
> To generate the boot_aggregate log in the IMA subsystem using TPM PCR values,
> the TPM driver must be built as built-in and must be probed before
> the IMA subsystem is initialized.
>
> However, when the TPM device operates over the FF-A protocol using the CRB interface,
> probing fails and returns -EPROBE_DEFER
> if the tpm_crb_ffa device — an FF-A device that provides
> the communication interface to the tpm_crb driver — has not yet been probed.
>
> This issue occurs because both crb_acpi_driver_init() and
> tpm_crb_ffa_driver_init() are registered with device_initcall.
> As a result, crb_acpi_driver_init() may be invoked before
> tpm_crb_ffa_driver_init(), which is responsible for probing the tpm_crb_ffa device.
>
> When this happens, IMA fails to detect the TPM device and
> logs the following message:
>
> | ima: No TPM chip found, activating TPM-bypass!
>
> Consequently, it cannot generate the boot_aggregate log with
> the PCR values provided by the TPM.
>
> To resolve this issue, the tpm_crb_ffa_init() function explicitly attempts to
> probe the tpm_crb_ffa by register tpm_crb_ffa driver so that
> when tpm_crb_ffa device is created before tpm_crb_ffa_init(),
> probe the tpm_crb_ffa device in tpm_crb_ffa_init() to finish probe the
> TPM device completely.
>
> This ensures that the TPM device using CRB over FF-A
> can be successfully probed, even if crb_acpi_driver_init() is called first.
>
> Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
> ---
> drivers/char/tpm/tpm_crb_ffa.c | 19 ++++++++++++++++---
> 1 file changed, 16 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm_crb_ffa.c b/drivers/char/tpm/tpm_crb_ffa.c
> index 4ead61f01299..462fcf610020 100644
> --- a/drivers/char/tpm/tpm_crb_ffa.c
> +++ b/drivers/char/tpm/tpm_crb_ffa.c
> @@ -115,6 +115,7 @@ struct tpm_crb_ffa {
> };
>
> static struct tpm_crb_ffa *tpm_crb_ffa;
> +static struct ffa_driver tpm_crb_ffa_driver;
>
> static int tpm_crb_ffa_to_linux_errno(int errno)
> {
> @@ -168,13 +169,23 @@ static int tpm_crb_ffa_to_linux_errno(int errno)
> */
> int tpm_crb_ffa_init(void)
> {
> + int ret = 0;
> +
> + if (!IS_MODULE(CONFIG_TCG_ARM_CRB_FFA)) {
> + ret = ffa_register(&tpm_crb_ffa_driver);
> + if (ret) {
> + tpm_crb_ffa = ERR_PTR(-ENODEV);
> + return ret;
> + }
> + }
> +
> if (!tpm_crb_ffa)
> - return -ENOENT;
> + ret = -ENOENT;
>
> if (IS_ERR_VALUE(tpm_crb_ffa))
> - return -ENODEV;
> + ret = -ENODEV;
>
> - return 0;
> + return ret;
> }
> EXPORT_SYMBOL_GPL(tpm_crb_ffa_init);
>
> @@ -369,7 +380,9 @@ static struct ffa_driver tpm_crb_ffa_driver = {
> .id_table = tpm_crb_ffa_device_id,
> };
>
> +#ifdef MODULE
> module_ffa_driver(tpm_crb_ffa_driver);
> +#endif
>
> MODULE_AUTHOR("Arm");
> MODULE_DESCRIPTION("TPM CRB FFA driver");
LGTM. Using ifndef/ifdef MODULE is similar to how module_init() works for both
builtin and loadable kernel modules. Except module_init() is on the
device_initcall().
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
next prev parent reply other threads:[~2025-06-22 12:27 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-18 10:23 [PATCH v4 0/2] generate boot_aggregate log in IMA with TPM using CRB over FF-A Yeoreum Yun
2025-06-18 10:23 ` [PATCH v4 1/2] firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall Yeoreum Yun
2025-06-22 12:22 ` Mimi Zohar
2025-06-24 23:29 ` Jarkko Sakkinen
2025-06-18 10:23 ` [PATCH v4 2/2] tpm: tpm_crb_ffa: try to probe tpm_crb_ffa when it's built-in Yeoreum Yun
2025-06-22 12:23 ` Mimi Zohar [this message]
2025-06-24 23:29 ` Jarkko Sakkinen
2025-06-25 10:37 ` Yeoreum Yun
2025-06-25 17:03 ` Jarkko Sakkinen
2025-06-24 23:28 ` [PATCH v4 0/2] generate boot_aggregate log in IMA with TPM using CRB over FF-A Jarkko Sakkinen
2025-06-25 10:36 ` Yeoreum Yun
2025-06-25 16:59 ` Jarkko Sakkinen
2025-06-25 17:01 ` Jarkko Sakkinen
2025-06-25 19:35 ` Sudeep Holla
2025-06-25 21:47 ` Jarkko Sakkinen
2025-06-26 19:53 ` Sudeep Holla
2025-07-02 22:24 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=82acbfc071095da7cc153ec8f2fbdca6316c82bd.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=stuart.yoder@arm.com \
--cc=sudeep.holla@arm.com \
--cc=yeoreum.yun@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.