IMA Reports No TPM Device

Tue Jun 18 12:42:06 UTC 2024

On Tue, 2024-06-18 at 10:24 +0000, Thangavel, Karthik wrote:
> Hi,
> 
> Can you pls let us know how to resolve this issue. 
> Looks many reported the same issue in forums.

Hi

this discussion seems to be related:

https://lore.kernel.org/all/1550753358.17768.85.camel@linux.ibm.com/t/#m5fd27cc9c80e90e781ccc5e1c3e693014d0278a2

Maybe there could be suggestions that apply to your case. We can also
resume the discussion, if the fix is not yet upstreamed.

Roberto

> Regards,
> Karthik
> 
> > -----Original Message-----
> > From: Thangavel, Karthik
> > Sent: Friday, June 7, 2024 12:49 PM
> > To: linux-security-module at vger.kernel.org; linux-spi at vger.kernel.org
> > Cc: Gaddipati, Naveen <naveen.gaddipati at amd.com>; Narra, Bharath Kumar
> > <BharathKumar.Narra at amd.com>
> > Subject: IMA Reports No TPM Device
> > 
> > Hi,
> > 
> > We are booting linux v6.1.30 on Xilinx ZynqMP SoC which is using ARM-A53.
> > We want to run IMA on TPM device connected over SPI interface.
> > During booting found that IMA reports "No TPM chip found".
> > 
> > Please find the below logs which shows IMA subsystem init called before TPM
> > device.
> > 
> > 
> > [    0.000000] Linux version 6.1.30-xilinx-v2023.2 (oe-user at oe-host) (aarch64-
> > xilinx-linux-gcc (GCC) 12.2.0, GNU ld (GNU Binutils) 2.39.0.20220819) #1 SMP Fri
> > Sep 22 10:41:01 UTC 2023
> > [    0.000000] Machine model: xlnx,zynqmp
> > ...
> > [    2.561405] ima: No TPM chip found, activating TPM-bypass!
> > [    2.567199] ima: Allocated hash algorithm: sha256
> > ...
> > [    3.727105] tpm_tis_spi spi1.0: 2.0 TPM (device-id 0x1B, rev-id 22)
> > [    3.764152] tpm tpm0: starting up the TPM manually
> > ...
> > 
> > In security/integrity/ima/ima_main.c
> > late_initcall(init_ima);	/* Start IMA after the TPM is available */
> > 
> > As per above comment line IMA should start after TPM is available.
> > But we are observing the opposite behavior.
> > Please let us know how to fix this issue.
> > 
> > -Karthik