IMA Reports No TPM Device
Thangavel, Karthik
karthik.thangavel at amd.com
Fri Jun 7 07:19:24 UTC 2024
Hi,
We are booting linux v6.1.30 on Xilinx ZynqMP SoC which is using ARM-A53.
We want to run IMA on TPM device connected over SPI interface.
During booting found that IMA reports "No TPM chip found".
Please find the below logs which shows IMA subsystem init
called before TPM device.
[ 0.000000] Linux version 6.1.30-xilinx-v2023.2 (oe-user at oe-host) (aarch64-xilinx-linux-gcc (GCC) 12.2.0, GNU ld (GNU Binutils) 2.39.0.20220819) #1 SMP Fri Sep 22 10:41:01 UTC 2023
[ 0.000000] Machine model: xlnx,zynqmp
...
[ 2.561405] ima: No TPM chip found, activating TPM-bypass!
[ 2.567199] ima: Allocated hash algorithm: sha256
...
[ 3.727105] tpm_tis_spi spi1.0: 2.0 TPM (device-id 0x1B, rev-id 22)
[ 3.764152] tpm tpm0: starting up the TPM manually
...
In security/integrity/ima/ima_main.c
late_initcall(init_ima); /* Start IMA after the TPM is available */
As per above comment line IMA should start after TPM is available.
But we are observing the opposite behavior.
Please let us know how to fix this issue.
-Karthik
More information about the Linux-security-module-archive
mailing list