On Fri, Jun 29, 2018 at 09:31:41AM -0600, Jason Gunthorpe wrote:

On Fri, Jun 29, 2018 at 06:10:02PM +0300, Jarkko Sakkinen wrote:

quoted

Do not allow to compile TPM core as a module. TPM defines a root of
trust for integrity and keyring subsystems and should be always
available and not be loaded from the user space. There is no a
reasonable use case for a loadable module existing.

Signed-off-by: Jarkko Sakkinen <redacted>
---
 drivers/char/tpm/Kconfig | 2 +-
 include/linux/tpm.h      | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

This doesn't really make sense..

The kconfig method is that if IMA requires TPM it should declare so
and TPM will become non-modular because IMA is non-modular.

There are lots of legitimate use cases for TPM that don't involve IMA
or keyring.

In what context would it make sense to have TPM core as a module? I
forgot to add RFC tag this patch. Did not meant to push it to
mainline but more to rise up the discussion.

/Jarkko