* IMA Reports No TPM Device @ 2024-06-07 7:19 Thangavel, Karthik 2024-06-18 10:24 ` Thangavel, Karthik 0 siblings, 1 reply; 4+ messages in thread From: Thangavel, Karthik @ 2024-06-07 7:19 UTC (permalink / raw) To: linux-security-module@vger.kernel.org, linux-spi@vger.kernel.org Cc: Gaddipati, Naveen, Narra, Bharath Kumar Hi, We are booting linux v6.1.30 on Xilinx ZynqMP SoC which is using ARM-A53. We want to run IMA on TPM device connected over SPI interface. During booting found that IMA reports "No TPM chip found". Please find the below logs which shows IMA subsystem init called before TPM device. [ 0.000000] Linux version 6.1.30-xilinx-v2023.2 (oe-user@oe-host) (aarch64-xilinx-linux-gcc (GCC) 12.2.0, GNU ld (GNU Binutils) 2.39.0.20220819) #1 SMP Fri Sep 22 10:41:01 UTC 2023 [ 0.000000] Machine model: xlnx,zynqmp ... [ 2.561405] ima: No TPM chip found, activating TPM-bypass! [ 2.567199] ima: Allocated hash algorithm: sha256 ... [ 3.727105] tpm_tis_spi spi1.0: 2.0 TPM (device-id 0x1B, rev-id 22) [ 3.764152] tpm tpm0: starting up the TPM manually ... In security/integrity/ima/ima_main.c late_initcall(init_ima); /* Start IMA after the TPM is available */ As per above comment line IMA should start after TPM is available. But we are observing the opposite behavior. Please let us know how to fix this issue. -Karthik ^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: IMA Reports No TPM Device 2024-06-07 7:19 IMA Reports No TPM Device Thangavel, Karthik @ 2024-06-18 10:24 ` Thangavel, Karthik 2024-06-18 12:42 ` Roberto Sassu 0 siblings, 1 reply; 4+ messages in thread From: Thangavel, Karthik @ 2024-06-18 10:24 UTC (permalink / raw) To: linux-security-module@vger.kernel.org, linux-spi@vger.kernel.org Cc: Gaddipati, Naveen, Narra, Bharath Kumar Hi, Can you pls let us know how to resolve this issue. Looks many reported the same issue in forums. Regards, Karthik > -----Original Message----- > From: Thangavel, Karthik > Sent: Friday, June 7, 2024 12:49 PM > To: linux-security-module@vger.kernel.org; linux-spi@vger.kernel.org > Cc: Gaddipati, Naveen <naveen.gaddipati@amd.com>; Narra, Bharath Kumar > <BharathKumar.Narra@amd.com> > Subject: IMA Reports No TPM Device > > Hi, > > We are booting linux v6.1.30 on Xilinx ZynqMP SoC which is using ARM-A53. > We want to run IMA on TPM device connected over SPI interface. > During booting found that IMA reports "No TPM chip found". > > Please find the below logs which shows IMA subsystem init called before TPM > device. > > > [ 0.000000] Linux version 6.1.30-xilinx-v2023.2 (oe-user@oe-host) (aarch64- > xilinx-linux-gcc (GCC) 12.2.0, GNU ld (GNU Binutils) 2.39.0.20220819) #1 SMP Fri > Sep 22 10:41:01 UTC 2023 > [ 0.000000] Machine model: xlnx,zynqmp > ... > [ 2.561405] ima: No TPM chip found, activating TPM-bypass! > [ 2.567199] ima: Allocated hash algorithm: sha256 > ... > [ 3.727105] tpm_tis_spi spi1.0: 2.0 TPM (device-id 0x1B, rev-id 22) > [ 3.764152] tpm tpm0: starting up the TPM manually > ... > > In security/integrity/ima/ima_main.c > late_initcall(init_ima); /* Start IMA after the TPM is available */ > > As per above comment line IMA should start after TPM is available. > But we are observing the opposite behavior. > Please let us know how to fix this issue. > > -Karthik ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: IMA Reports No TPM Device 2024-06-18 10:24 ` Thangavel, Karthik @ 2024-06-18 12:42 ` Roberto Sassu 2024-07-10 11:12 ` Thangavel, Karthik 0 siblings, 1 reply; 4+ messages in thread From: Roberto Sassu @ 2024-06-18 12:42 UTC (permalink / raw) To: Thangavel, Karthik, linux-security-module@vger.kernel.org, linux-spi@vger.kernel.org Cc: Gaddipati, Naveen, Narra, Bharath Kumar On Tue, 2024-06-18 at 10:24 +0000, Thangavel, Karthik wrote: > Hi, > > Can you pls let us know how to resolve this issue. > Looks many reported the same issue in forums. Hi this discussion seems to be related: https://lore.kernel.org/all/1550753358.17768.85.camel@linux.ibm.com/t/#m5fd27cc9c80e90e781ccc5e1c3e693014d0278a2 Maybe there could be suggestions that apply to your case. We can also resume the discussion, if the fix is not yet upstreamed. Roberto > Regards, > Karthik > > > -----Original Message----- > > From: Thangavel, Karthik > > Sent: Friday, June 7, 2024 12:49 PM > > To: linux-security-module@vger.kernel.org; linux-spi@vger.kernel.org > > Cc: Gaddipati, Naveen <naveen.gaddipati@amd.com>; Narra, Bharath Kumar > > <BharathKumar.Narra@amd.com> > > Subject: IMA Reports No TPM Device > > > > Hi, > > > > We are booting linux v6.1.30 on Xilinx ZynqMP SoC which is using ARM-A53. > > We want to run IMA on TPM device connected over SPI interface. > > During booting found that IMA reports "No TPM chip found". > > > > Please find the below logs which shows IMA subsystem init called before TPM > > device. > > > > > > [ 0.000000] Linux version 6.1.30-xilinx-v2023.2 (oe-user@oe-host) (aarch64- > > xilinx-linux-gcc (GCC) 12.2.0, GNU ld (GNU Binutils) 2.39.0.20220819) #1 SMP Fri > > Sep 22 10:41:01 UTC 2023 > > [ 0.000000] Machine model: xlnx,zynqmp > > ... > > [ 2.561405] ima: No TPM chip found, activating TPM-bypass! > > [ 2.567199] ima: Allocated hash algorithm: sha256 > > ... > > [ 3.727105] tpm_tis_spi spi1.0: 2.0 TPM (device-id 0x1B, rev-id 22) > > [ 3.764152] tpm tpm0: starting up the TPM manually > > ... > > > > In security/integrity/ima/ima_main.c > > late_initcall(init_ima); /* Start IMA after the TPM is available */ > > > > As per above comment line IMA should start after TPM is available. > > But we are observing the opposite behavior. > > Please let us know how to fix this issue. > > > > -Karthik ^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: IMA Reports No TPM Device 2024-06-18 12:42 ` Roberto Sassu @ 2024-07-10 11:12 ` Thangavel, Karthik 0 siblings, 0 replies; 4+ messages in thread From: Thangavel, Karthik @ 2024-07-10 11:12 UTC (permalink / raw) To: Roberto Sassu, linux-security-module@vger.kernel.org, linux-spi@vger.kernel.org Cc: Gaddipati, Naveen, Narra, Bharath Kumar Hi, Patch in below link helped us to resolve this issue, https://community.infineon.com/t5/OPTIGA-TPM/i-MX8MP-with-TPM-SLB9670/td-p/403949#. Now TPM driver is probed before IMA test. Regards, Karthik > -----Original Message----- > From: Roberto Sassu <roberto.sassu@huaweicloud.com> > Sent: Tuesday, June 18, 2024 6:12 PM > To: Thangavel, Karthik <karthik.thangavel@amd.com>; linux-security- > module@vger.kernel.org; linux-spi@vger.kernel.org > Cc: Gaddipati, Naveen <naveen.gaddipati@amd.com>; Narra, Bharath Kumar > <BharathKumar.Narra@amd.com> > Subject: Re: IMA Reports No TPM Device > > On Tue, 2024-06-18 at 10:24 +0000, Thangavel, Karthik wrote: > > Hi, > > > > Can you pls let us know how to resolve this issue. > > Looks many reported the same issue in forums. > > Hi > > this discussion seems to be related: > > https://lore.kernel.org/all/1550753358.17768.85.camel@linux.ibm.com/t/#m5fd > 27cc9c80e90e781ccc5e1c3e693014d0278a2 > > > Maybe there could be suggestions that apply to your case. We can also resume > the discussion, if the fix is not yet upstreamed. > > Roberto > > > Regards, > > Karthik > > > > > -----Original Message----- > > > From: Thangavel, Karthik > > > Sent: Friday, June 7, 2024 12:49 PM > > > To: linux-security-module@vger.kernel.org; linux-spi@vger.kernel.org > > > Cc: Gaddipati, Naveen <naveen.gaddipati@amd.com>; Narra, Bharath > > > Kumar <BharathKumar.Narra@amd.com> > > > Subject: IMA Reports No TPM Device > > > > > > Hi, > > > > > > We are booting linux v6.1.30 on Xilinx ZynqMP SoC which is using ARM-A53. > > > We want to run IMA on TPM device connected over SPI interface. > > > During booting found that IMA reports "No TPM chip found". > > > > > > Please find the below logs which shows IMA subsystem init called > > > before TPM device. > > > > > > > > > [ 0.000000] Linux version 6.1.30-xilinx-v2023.2 (oe-user@oe-host) > (aarch64- > > > xilinx-linux-gcc (GCC) 12.2.0, GNU ld (GNU Binutils) > > > 2.39.0.20220819) #1 SMP Fri Sep 22 10:41:01 UTC 2023 > > > [ 0.000000] Machine model: xlnx,zynqmp > > > ... > > > [ 2.561405] ima: No TPM chip found, activating TPM-bypass! > > > [ 2.567199] ima: Allocated hash algorithm: sha256 > > > ... > > > [ 3.727105] tpm_tis_spi spi1.0: 2.0 TPM (device-id 0x1B, rev-id 22) > > > [ 3.764152] tpm tpm0: starting up the TPM manually > > > ... > > > > > > In security/integrity/ima/ima_main.c > > > late_initcall(init_ima); /* Start IMA after the TPM is available */ > > > > > > As per above comment line IMA should start after TPM is available. > > > But we are observing the opposite behavior. > > > Please let us know how to fix this issue. > > > > > > -Karthik ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-07-10 11:12 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-06-07 7:19 IMA Reports No TPM Device Thangavel, Karthik 2024-06-18 10:24 ` Thangavel, Karthik 2024-06-18 12:42 ` Roberto Sassu 2024-07-10 11:12 ` Thangavel, Karthik
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).