From: Jarkko Sakkinen <jarkko@kernel.org>
To: Yeoreum Yun <yeoreum.yun@arm.com>
Cc: sudeep.holla@arm.com, peterhuewe@gmx.de, jgg@ziepe.ca,
stuart.yoder@arm.com, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org
Subject: Re: [PATCH v4 1/2] firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall
Date: Wed, 25 Jun 2025 02:29:04 +0300 [thread overview]
Message-ID: <aFs0wHrcQPFFmZYz@kernel.org> (raw)
In-Reply-To: <20250618102302.2379029-2-yeoreum.yun@arm.com>
On Wed, Jun 18, 2025 at 11:23:01AM +0100, Yeoreum Yun wrote:
> The Linux IMA (Integrity Measurement Architecture) subsystem used for secure
> boot, file integrity, or remote attestation cannot be a loadable module
> for few reasons listed below:
>
> o Boot-Time Integrity: IMA’s main role is to measure and appraise files
> before they are used. This includes measuring critical system files during
> early boot (e.g., init, init scripts, login binaries). If IMA were a module,
> it would be loaded too late to cover those.
>
> o TPM Dependency: IMA integrates tightly with the TPM to record measurements
> into PCRs. The TPM must be initialized early (ideally before init_ima()),
> which aligns with IMA being built-in.
>
> o Security Model: IMA is part of a Trusted Computing Base (TCB). Making it a
> module would weaken the security model, as a potentially compromised system
> could delay or tamper with its initialization.
>
> IMA must be built-in to ensure it starts measuring from the earliest possible
> point in boot which inturn implies TPM must be initialised and ready to use
> before IMA.
>
> To enable integration of tpm_event_log with the IMA subsystem, the TPM drivers
> (tpm_crb and tpm_crb_ffa) also needs to be built-in. However with FF-A driver
> also being initialised at device initcall level, it can lead to an
> initialization order issue where:
> - crb_acpi_driver_init() may run before tpm_crb_ffa_driver()_init and ffa_init()
> - As a result, probing the TPM device via CRB over FFA is deferred
> - ima_init() (called as a late initcall) runs before deferred probe completes,
> IMA fails to find the TPM and logs the below error:
>
> | ima: No TPM chip found, activating TPM-bypass!
>
> Eventually it fails to generate boot_aggregate with PCR values.
>
> Because of the above stated dependency, the ffa driver needs to initialised
> before tpm_crb_ffa module to ensure IMA finds the TPM successfully when
> present.
>
> Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
> ---
> drivers/firmware/arm_ffa/driver.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/firmware/arm_ffa/driver.c b/drivers/firmware/arm_ffa/driver.c
> index fe55613a8ea9..1a690b8186df 100644
> --- a/drivers/firmware/arm_ffa/driver.c
> +++ b/drivers/firmware/arm_ffa/driver.c
> @@ -2058,7 +2058,7 @@ static int __init ffa_init(void)
> kfree(drv_info);
> return ret;
> }
> -module_init(ffa_init);
> +rootfs_initcall(ffa_init);
>
> static void __exit ffa_exit(void)
> {
> --
> LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}
>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
BR, Jarkko
next prev parent reply other threads:[~2025-06-24 23:39 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-18 10:23 [PATCH v4 0/2] generate boot_aggregate log in IMA with TPM using CRB over FF-A Yeoreum Yun
2025-06-18 10:23 ` [PATCH v4 1/2] firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall Yeoreum Yun
2025-06-22 12:22 ` Mimi Zohar
2025-06-24 23:29 ` Jarkko Sakkinen [this message]
2025-06-18 10:23 ` [PATCH v4 2/2] tpm: tpm_crb_ffa: try to probe tpm_crb_ffa when it's built-in Yeoreum Yun
2025-06-22 12:23 ` Mimi Zohar
2025-06-24 23:29 ` Jarkko Sakkinen
2025-06-25 10:37 ` Yeoreum Yun
2025-06-25 17:03 ` Jarkko Sakkinen
2025-06-24 23:28 ` [PATCH v4 0/2] generate boot_aggregate log in IMA with TPM using CRB over FF-A Jarkko Sakkinen
2025-06-25 10:36 ` Yeoreum Yun
2025-06-25 16:59 ` Jarkko Sakkinen
2025-06-25 17:01 ` Jarkko Sakkinen
2025-06-25 19:35 ` Sudeep Holla
2025-06-25 21:47 ` Jarkko Sakkinen
2025-06-26 19:53 ` Sudeep Holla
2025-07-02 22:24 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aFs0wHrcQPFFmZYz@kernel.org \
--to=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=stuart.yoder@arm.com \
--cc=sudeep.holla@arm.com \
--cc=yeoreum.yun@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.