On Fri, Mar 04, 2011 at 11:44:18AM -0300, Rajiv Andrade wrote:Polling is the alternative option there already, in case the TPM doesn't get anThe bug was that when running the kernel with IMA, at boot time, itAt boot time, why don't you just poll? Maybe I'm missing something.
issues 3 TPM commands IIRC, given the 2 min timeout,
when the TPM didn't respond due to it not working with interrupts
for example, the boot hang for 6 minutes.
Or you could just simply use a different default timeout during theThat's true, but it would be disabled at the bootloader command line, same place
boot sequence, or simply tell your IMA users to disable it, since if
you are just hacking the TPM to do a fast fail, the IMA is going to be
broken anyway, right?
Ah.. completely different story then, I thought you were seeing the timeouts forThanks, it is. HZ isn't enough time for this TPM/setup to have shortYes, but you're probably doing different TPM operations than I am....
timeout commands to succeed, including
the tpm_get_timeouts(). I was skeptic at first that this would be
the reason since I have the same machine,
and was working for me, the reason I asked for these parameters
setup attempts.
I'm not trying to do IMA, I'm trying to login to a WPA2 protected
network where the private key needed to authenticate to the enterprise
wireless network is locked in the TPM.