Re: ima - wait for tpm load

From: Ken Goldman
Date: Mon Jun 28 2021 - 18:04:37 EST

Next message: Dmitry Baryshkov: "Re: [PATCH] kbuild: allow checking single device tree file"
Previous message: Nick Desaulniers: "Re: [PATCH v3] kallsyms: strip LTO suffixes from static functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/10/2021 4:31 PM, Mimi Zohar wrote:

As I recall "extend" works pretty much from the beginning. There's no
need to wait for the self test to complete. Registering the TPM early
might be enough without having to wait. Or maybe check the selftest
result.

TPM 2.0 depends somewhat on the type of self test - there are several
options. They will in some sense block other commands that use
the angorithm.

The TPM is permitted to do an extend before the hash algorithm is
tested (just not return a result) but I don't think it's required.

So:

- self test
- extend

may permit the extend to proceed while the self test is
happening, but it may not.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Next message: Dmitry Baryshkov: "Re: [PATCH] kbuild: allow checking single device tree file"
Previous message: Nick Desaulniers: "Re: [PATCH v3] kallsyms: strip LTO suffixes from static functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]