On Tue, 2024-06-18 at 10:24 +0000, Thangavel, Karthik wrote:

Hi,

Can you pls let us know how to resolve this issue. 
Looks many reported the same issue in forums.

Hi

this discussion seems to be related:

https://lore.kernel.org/all/1550753358.17768.85.camel@linux.ibm.com/t/#m5fd27cc9c80e90e781ccc5e1c3e693014d0278a2 (local)


Maybe there could be suggestions that apply to your case. We can also
resume the discussion, if the fix is not yet upstreamed.

Roberto

Regards,
Karthik

quoted

-----Original Message-----
From: Thangavel, Karthik
Sent: Friday, June 7, 2024 12:49 PM
To: linux-security-module@vger.kernel.org; linux-spi@vger.kernel.org
Cc: Gaddipati, Naveen <redacted>; Narra, Bharath Kumar
[off-list ref]
Subject: IMA Reports No TPM Device

Hi,

We are booting linux v6.1.30 on Xilinx ZynqMP SoC which is using ARM-A53.
We want to run IMA on TPM device connected over SPI interface.
During booting found that IMA reports "No TPM chip found".

Please find the below logs which shows IMA subsystem init called before TPM
device.


[    0.000000] Linux version 6.1.30-xilinx-v2023.2 (oe-user@oe-host) (aarch64-
xilinx-linux-gcc (GCC) 12.2.0, GNU ld (GNU Binutils) 2.39.0.20220819) #1 SMP Fri
Sep 22 10:41:01 UTC 2023
[    0.000000] Machine model: xlnx,zynqmp
...
[    2.561405] ima: No TPM chip found, activating TPM-bypass!
[    2.567199] ima: Allocated hash algorithm: sha256
...
[    3.727105] tpm_tis_spi spi1.0: 2.0 TPM (device-id 0x1B, rev-id 22)
[    3.764152] tpm tpm0: starting up the TPM manually
...

In security/integrity/ima/ima_main.c
late_initcall(init_ima);	/* Start IMA after the TPM is available */

As per above comment line IMA should start after TPM is available.
But we are observing the opposite behavior.
Please let us know how to fix this issue.

-Karthik