Re: [PATCH] efi: expose TPM event log to userspace via sysfs
From: James Bottomley
Date: Mon Apr 22 2024 - 08:45:18 EST
On Mon, 2024-04-22 at 14:27 +0300, Mikko Rapeli wrote:
> Userspace needs to know if TPM kernel drivers need to be loaded
> and related services started early in the boot if TPM device
> is used and available.
This says what but not why. We already have module autoloading that
works correctly for TPM devices, so why is this needed?
We do have a chicken and egg problem with IMA in that the TPM driver
needs to be present *before* any filesystem, including the one the TPM
modules would be on, is mounted so executions can be measured into IMA
(meaning that if you use IMA the TPM drivers must be built in) but this
sounds to be something different. However, because of the IMA problem,
most distributions don't end up compiling TPM drivers as modules
anyway.
Is what you want simply that tpm modules be loaded earlier?
James