Re: [PATCH] security/keys/trusted: Allow operation without hardware TPM

From: James Bottomley
Date: Mon Mar 18 2019 - 20:25:00 EST


On Mon, 2019-03-18 at 16:45 -0700, Dan Williams wrote:
> Rather than fail initialization of the trusted.ko module, arrange for
> the module to load, but rely on trusted_instantiate() to fail
> trusted-key operations.

What actual problem is this fixing? To me it would seem like an
enhancement to make the trusted module fail at load time if there's no
TPM rather than waiting until first use to find out it can never work.
Is there some piece of user code that depends on the successful
insertion of trusted.ko?

James