Re: ima - wait for tpm load
From: Ken Goldman
Date: Mon Jun 28 2021 - 18:04:37 EST
On 6/10/2021 4:31 PM, Mimi Zohar wrote:
As I recall "extend" works pretty much from the beginning. There's no
need to wait for the self test to complete. Registering the TPM early
might be enough without having to wait. Or maybe check the selftest
result.
TPM 2.0 depends somewhat on the type of self test - there are several
options. They will in some sense block other commands that use
the angorithm.
The TPM is permitted to do an extend before the hash algorithm is
tested (just not return a result) but I don't think it's required.
So:
- self test
- extend
may permit the extend to proceed while the self test is
happening, but it may not.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature