From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31DBDC43387 for ; Mon, 31 Dec 2018 21:18:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 0C33421019 for ; Mon, 31 Dec 2018 21:18:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727801AbeLaVSC (ORCPT ); Mon, 31 Dec 2018 16:18:02 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:53390 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727405AbeLaVSB (ORCPT ); Mon, 31 Dec 2018 16:18:01 -0500 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wBVLDQAK067275 for ; Mon, 31 Dec 2018 16:18:00 -0500 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 2pqtnagevs-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 31 Dec 2018 16:18:00 -0500 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 31 Dec 2018 21:17:57 -0000 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 31 Dec 2018 21:17:53 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id wBVLHqBR55640138 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 31 Dec 2018 21:17:52 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4D3E34C040; Mon, 31 Dec 2018 21:17:52 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 84E274C046; Mon, 31 Dec 2018 21:17:50 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.106.78]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 31 Dec 2018 21:17:50 +0000 (GMT) Subject: Re: tpm_tis TPM2.0 not detected on cold boot From: Mimi Zohar To: Michael =?ISO-8859-1?Q?Niew=F6hner?= , Jarkko Sakkinen , James Bottomley , peterhuewe@gmx.de, jgg@ziepe.ca, arnd@arndb.de, linux-integrity@vger.kernel.org, linux-kernel , Nayna Jain , Ken Goldman Date: Mon, 31 Dec 2018 16:17:39 -0500 In-Reply-To: <912668ea1d74f526f78f03f562fdaf17fc06f62c.camel@mniewoehner.de> References: <1f281756bb1f041e55be8dd090670a1a7b1d1c94.camel@mniewoehner.de> <1545519232.3940.115.camel@linux.ibm.com> <1546140837.4069.81.camel@linux.ibm.com> <912668ea1d74f526f78f03f562fdaf17fc06f62c.camel@mniewoehner.de> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 18123121-0012-0000-0000-000002DFE678 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18123121-0013-0000-0000-000021169ECC Message-Id: <1546291059.4069.158.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-12-31_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=824 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812310182 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On Sun, 2018-12-30 at 14:22 +0100, Michael Niewöhner wrote: > > difference is that on a cold boot, the TPM takes longer to initialize. > > Well, as I said. Waiting for 10, 20 or even 60 seconds in the boot manager does > not solve the problem. So the problem is NOT that the TPM takes longer to > initialize. Even adding a delay of 20 seconds before TPM init does not solve > that while that should be more than enough time. The purpose of commenting out the TPM2 selftest was to minimize the TPM initialization delay, so that the TPM is ready before IMA.  After James' patch that wasn't needed anymore. Looking back at this thread, I see you're using systemd-boot, not grub2.  When you commented out the systemd-boot timeout, IMA found the TPM.  The question is why isn't the TPM ready with the timeout before IMA (like above)?  Has systemd-boot done the selftest? Mimi