Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp11149166imu; Mon, 31 Dec 2018 14:21:03 -0800 (PST) X-Google-Smtp-Source: AFSGD/Uk3Lh0NQhYhAAuBUcMiOl+NIz/XjqUK5/pyZsIPO19lvqnEVpDyYrje3lipsYh/EQsrZ9J X-Received: by 2002:a62:5486:: with SMTP id i128mr38579653pfb.215.1546294863240; Mon, 31 Dec 2018 14:21:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546294863; cv=none; d=google.com; s=arc-20160816; b=RE9l3ZzUezKGchfKyZIlLa4axKfhWmJvfhwpqHf1FSpGefVjBHHN/EJ7gfPykFH06G XfGDYODciTpOvAbNu8v4BbPwLzJ+ry1wSZNubIcopAE1qGpJVDAVQDFisWrY3QYdyzEk dthGQJRwSEON8mqUrg5dTh50uJsfpa4iuMOk2J6xCkps8U+E8wJKdNyoUopr7kUYFaAh 5x90i2Cj+KrwfJTJ/zaabUX2ax9WMfbPA5lSADQhN2Vh6Q+omyZAXxsq8H52i5zj3H/a IIKdEvjrYDjzYG87kG+mgOnRmmasBi/98UOiS8n6yoknQ79mEVVjkEUooaz3YJ6/GbuV +rmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:to:from:subject; bh=Ffbqn4N5IbhIO8UFATgQ+CW9q1p6YOtSGsZ9/42q7LE=; b=ZE2uXAdqINmmgN6FTRJvwhUC+7aVTasM/IPoYu6LXGGewjKLTpphhhG1GnYsczpqmt LZcE3+dZMe6PbsqNuaEh8mTrwe6PeTvCCeysSrKrTkkfep/ivRYp6rvFIDp8SXzHq+ex andbp+f1a059jPp8/VvN9mx2bWu1R+23IWz5s4w+D5urf/ppcSXGsgO3VBucfSg1aiNm 2iLbTPXBXCO3boOSFgDnyumTe3hgcZQp2rBrHQX42VUjdLfTAlxR2vTR0BNA5Ko7Znzt LUBNTgIieZosRv4vGsTrk//j4mvdHK+HrxDgHAEh+Dv8rDBJ20GID/XAQHH60YJ3ETIV rRog== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u24si6969257pgj.489.2018.12.31.14.20.48; Mon, 31 Dec 2018 14:21:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728060AbeLaVSB (ORCPT + 99 others); Mon, 31 Dec 2018 16:18:01 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:48538 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727801AbeLaVSA (ORCPT ); Mon, 31 Dec 2018 16:18:00 -0500 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wBVLDPUX045765 for ; Mon, 31 Dec 2018 16:18:00 -0500 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 2pqku3prtt-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 31 Dec 2018 16:18:00 -0500 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 31 Dec 2018 21:17:57 -0000 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 31 Dec 2018 21:17:53 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id wBVLHqBR55640138 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 31 Dec 2018 21:17:52 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4D3E34C040; Mon, 31 Dec 2018 21:17:52 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 84E274C046; Mon, 31 Dec 2018 21:17:50 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.106.78]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 31 Dec 2018 21:17:50 +0000 (GMT) Subject: Re: tpm_tis TPM2.0 not detected on cold boot From: Mimi Zohar To: Michael =?ISO-8859-1?Q?Niew=F6hner?= , Jarkko Sakkinen , James Bottomley , peterhuewe@gmx.de, jgg@ziepe.ca, arnd@arndb.de, linux-integrity@vger.kernel.org, linux-kernel , Nayna Jain , Ken Goldman Date: Mon, 31 Dec 2018 16:17:39 -0500 In-Reply-To: <912668ea1d74f526f78f03f562fdaf17fc06f62c.camel@mniewoehner.de> References: <1f281756bb1f041e55be8dd090670a1a7b1d1c94.camel@mniewoehner.de> <1545519232.3940.115.camel@linux.ibm.com> <1546140837.4069.81.camel@linux.ibm.com> <912668ea1d74f526f78f03f562fdaf17fc06f62c.camel@mniewoehner.de> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 18123121-0012-0000-0000-000002DFE678 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18123121-0013-0000-0000-000021169ECC Message-Id: <1546291059.4069.158.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-12-31_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=807 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812310182 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 2018-12-30 at 14:22 +0100, Michael Niewöhner wrote: > > difference is that on a cold boot, the TPM takes longer to initialize. > > Well, as I said. Waiting for 10, 20 or even 60 seconds in the boot manager does > not solve the problem. So the problem is NOT that the TPM takes longer to > initialize. Even adding a delay of 20 seconds before TPM init does not solve > that while that should be more than enough time. The purpose of commenting out the TPM2 selftest was to minimize the TPM initialization delay, so that the TPM is ready before IMA.  After James' patch that wasn't needed anymore. Looking back at this thread, I see you're using systemd-boot, not grub2.  When you commented out the systemd-boot timeout, IMA found the TPM.  The question is why isn't the TPM ready with the timeout before IMA (like above)?  Has systemd-boot done the selftest? Mimi