From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 69CA51946B; Wed, 27 Nov 2024 06:46:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732690008; cv=none; b=SqusmlIHlllGpXSk7FSqLZt+N60zXL+mmQHsHQsrjfZjmSYUzdtmPxwydHI9L7+otGjO4OQY/o7L12k9XteEvqNHqk2mgNbnDwb5dTeW/74KwwoNDY06hucTAGmXvdXCzMIRZ5/Xp4o7yzqNdW0cYHJ6Bk7nt6BHlUlAloSR3TA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732690008; c=relaxed/simple; bh=oHnJjxaEwM0uzGCa4H8g9sV3ZeN5fUEKc5tb1XjA07s=; h=Message-ID:Date:MIME-Version:Subject:To:References:From:Cc: In-Reply-To:Content-Type; b=h5pc3l6d1lDt38QS6nhrF3pehwf3jsPezl6MbfQtuyJDAinpZrOtnS5iUtdI30Ue4WL00pa1aKcCya5zWBAhHh5i7uRl+J5HK3B1XhL/cbLz22BYWsxiItEeLBvG4D1BfW7NaTZEby6ZD8w/rrZeArEyGG+Xzn2+PW9gjyHz16M= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=rry29Y4e; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="rry29Y4e" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 48C44C4CED9; Wed, 27 Nov 2024 06:46:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732690007; bh=oHnJjxaEwM0uzGCa4H8g9sV3ZeN5fUEKc5tb1XjA07s=; h=Date:Subject:To:References:From:Cc:In-Reply-To:From; b=rry29Y4eB8Sk8gZsMwxjQ0U6OHN51hU9w1C/WlXWzmIUYLCuam2nnhlnirWZyaWf1 f2qXqP0DesUNu7Xs9C8Mvgivqcd1pTpWkUNAb2zRgJctMjW6JKaps294pEk7c8+tav Pt5pEpvb312SCAYeUnEND3lM8GGTG7RTMdTxzMdAPlhcjHlBqxzr+6Kxvv9K+d49O2 Wj3Inq2sufxS/qSVGe+ZcCugn7OxqTVRdO67GxV2jsBhikP6YBBMdUlL6q8taTvys9 /jBqr1y6wXD6oZbm3cngGtijJDxk+Yk2zykiHM3+YePotbgvh9pHzWwCby9Q0eaioZ FOSgx57SeZ58w== Message-ID: <9c893c52-e960-4f30-98ce-ba7d873145bb@kernel.org> Date: Wed, 27 Nov 2024 07:46:44 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: TPM/EFI issue [Was: Linux 6.12] To: Linus Torvalds , Linux Kernel Mailing List References: Content-Language: en-US From: Jiri Slaby Autocrypt: addr=jirislaby@kernel.org; keydata= xsFNBE6S54YBEACzzjLwDUbU5elY4GTg/NdotjA0jyyJtYI86wdKraekbNE0bC4zV+ryvH4j rrcDwGs6tFVrAHvdHeIdI07s1iIx5R/ndcHwt4fvI8CL5PzPmn5J+h0WERR5rFprRh6axhOk rSD5CwQl19fm4AJCS6A9GJtOoiLpWn2/IbogPc71jQVrupZYYx51rAaHZ0D2KYK/uhfc6neJ i0WqPlbtIlIrpvWxckucNu6ZwXjFY0f3qIRg3Vqh5QxPkojGsq9tXVFVLEkSVz6FoqCHrUTx wr+aw6qqQVgvT/McQtsI0S66uIkQjzPUrgAEtWUv76rM4ekqL9stHyvTGw0Fjsualwb0Gwdx ReTZzMgheAyoy/umIOKrSEpWouVoBt5FFSZUyjuDdlPPYyPav+hpI6ggmCTld3u2hyiHji2H cDpcLM2LMhlHBipu80s9anNeZhCANDhbC5E+NZmuwgzHBcan8WC7xsPXPaiZSIm7TKaVoOcL 9tE5aN3jQmIlrT7ZUX52Ff/hSdx/JKDP3YMNtt4B0cH6ejIjtqTd+Ge8sSttsnNM0CQUkXps w98jwz+Lxw/bKMr3NSnnFpUZaxwji3BC9vYyxKMAwNelBCHEgS/OAa3EJoTfuYOK6wT6nadm YqYjwYbZE5V/SwzMbpWu7Jwlvuwyfo5mh7w5iMfnZE+vHFwp/wARAQABzSFKaXJpIFNsYWJ5 IDxqaXJpc2xhYnlAa2VybmVsLm9yZz7CwXcEEwEIACEFAlW3RUwCGwMFCwkIBwIGFQgJCgsC BBYCAwECHgECF4AACgkQvSWxBAa0cEnVTg//TQpdIAr8Tn0VAeUjdVIH9XCFw+cPSU+zMSCH eCZoA/N6gitEcnvHoFVVM7b3hK2HgoFUNbmYC0RdcSc80pOF5gCnACSP9XWHGWzeKCARRcQR 4s5YD8I4VV5hqXcKo2DFAtIOVbHDW+0okOzcecdasCakUTr7s2fXz97uuoc2gIBB7bmHUGAH XQXHvdnCLjDjR+eJN+zrtbqZKYSfj89s/ZHn5Slug6w8qOPT1sVNGG+eWPlc5s7XYhT9z66E l5C0rG35JE4PhC+tl7BaE5IwjJlBMHf/cMJxNHAYoQ1hWQCKOfMDQ6bsEr++kGUCbHkrEFwD UVA72iLnnnlZCMevwE4hc0zVhseWhPc/KMYObU1sDGqaCesRLkE3tiE7X2cikmj/qH0CoMWe gjnwnQ2qVJcaPSzJ4QITvchEQ+tbuVAyvn9H+9MkdT7b7b2OaqYsUP8rn/2k1Td5zknUz7iF oJ0Z9wPTl6tDfF8phaMIPISYrhceVOIoL+rWfaikhBulZTIT5ihieY9nQOw6vhOfWkYvv0Dl o4GRnb2ybPQpfEs7WtetOsUgiUbfljTgILFw3CsPW8JESOGQc0Pv8ieznIighqPPFz9g+zSu Ss/rpcsqag5n9rQp/H3WW5zKUpeYcKGaPDp/vSUovMcjp8USIhzBBrmI7UWAtuedG9prjqfO wU0ETpLnhgEQAM+cDWLL+Wvc9cLhA2OXZ/gMmu7NbYKjfth1UyOuBd5emIO+d4RfFM02XFTI t4MxwhAryhsKQQcA4iQNldkbyeviYrPKWjLTjRXT5cD2lpWzr+Jx7mX7InV5JOz1Qq+P+nJW YIBjUKhI03ux89p58CYil24Zpyn2F5cX7U+inY8lJIBwLPBnc9Z0An/DVnUOD+0wIcYVnZAK DiIXODkGqTg3fhZwbbi+KAhtHPFM2fGw2VTUf62IHzV+eBSnamzPOBc1XsJYKRo3FHNeLuS8 f4wUe7bWb9O66PPFK/RkeqNX6akkFBf9VfrZ1rTEKAyJ2uqf1EI1olYnENk4+00IBa+BavGQ 8UW9dGW3nbPrfuOV5UUvbnsSQwj67pSdrBQqilr5N/5H9z7VCDQ0dhuJNtvDSlTf2iUFBqgk 3smln31PUYiVPrMP0V4ja0i9qtO/TB01rTfTyXTRtqz53qO5dGsYiliJO5aUmh8swVpotgK4 /57h3zGsaXO9PGgnnAdqeKVITaFTLY1ISg+Ptb4KoliiOjrBMmQUSJVtkUXMrCMCeuPDGHo7 39Xc75lcHlGuM3yEB//htKjyprbLeLf1y4xPyTeeF5zg/0ztRZNKZicgEmxyUNBHHnBKHQxz 1j+mzH0HjZZtXjGu2KLJ18G07q0fpz2ZPk2D53Ww39VNI/J9ABEBAAHCwV8EGAECAAkFAk6S 54YCGwwACgkQvSWxBAa0cEk3tRAAgO+DFpbyIa4RlnfpcW17AfnpZi9VR5+zr496n2jH/1ld wRO/S+QNSA8qdABqMb9WI4BNaoANgcg0AS429Mq0taaWKkAjkkGAT7mD1Q5PiLr06Y/+Kzdr 90eUVneqM2TUQQbK+Kh7JwmGVrRGNqQrDk+gRNvKnGwFNeTkTKtJ0P8jYd7P1gZb9Fwj9YLx jhn/sVIhNmEBLBoI7PL+9fbILqJPHgAwW35rpnq4f/EYTykbk1sa13Tav6btJ+4QOgbcezWI wZ5w/JVfEJW9JXp3BFAVzRQ5nVrrLDAJZ8Y5ioWcm99JtSIIxXxt9FJaGc1Bgsi5K/+dyTKL wLMJgiBzbVx8G+fCJJ9YtlNOPWhbKPlrQ8+AY52Aagi9WNhe6XfJdh5g6ptiOILm330mkR4g W6nEgZVyIyTq3ekOuruftWL99qpP5zi+eNrMmLRQx9iecDNgFr342R9bTDlb1TLuRb+/tJ98 f/bIWIr0cqQmqQ33FgRhrG1+Xml6UXyJ2jExmlO8JljuOGeXYh6ZkIEyzqzffzBLXZCujlYQ DFXpyMNVJ2ZwPmX2mWEoYuaBU0JN7wM+/zWgOf2zRwhEuD3A2cO2PxoiIfyUEfB9SSmffaK/ S4xXoB6wvGENZ85Hg37C7WDNdaAt6Xh2uQIly5grkgvWppkNy4ZHxE+jeNsU7tg= Cc: =?UTF-8?Q?Peter_H=C3=BCwe?= , Jarkko Sakkinen , Jason Gunthorpe , linux-integrity@vger.kernel.org, Ard Biesheuvel , "linux-efi@vger.kernel.org" In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc TPM + EFI guys. On 17. 11. 24, 23:26, Linus Torvalds wrote: > But before the merge window opens, please give this a quick test to > make sure we didn't mess anything up. The shortlog below gives you the > summary for the last week, and nothing really jumps out at me. A > number of last-minute reverts, and some random fairly small fixes > fairly spread out in the tree. Hi, there is a subtle bug in 6.12 wrt TPM (in TPM, EFI, or perhaps in something else): https://bugzilla.suse.com/show_bug.cgi?id=1233752 Our testing (openQA) fails with 6.12: https://openqa.opensuse.org/tests/4657304#step/trup_smoke/26 The last good is with 6.11.7: https://openqa.opensuse.org/tests/4648526 In sum: TPM is supposed to provide a key for decrypting the root partitition, but fails for some reason. It's extremely hard (so far) to reproduce outside of openQA (esp. when trying custom kernels). Most of the 6.12 TPM stuff already ended in (good) 6.11.7. I tried to revert: 423893fcbe7e tpm: Disable TPM on tpm2_create_primary() failure from 6.12 but that still fails. We are debugging this further, this is just so you know. Or maybe you have some immediate ideas? thanks, -- js suse labs