Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp2239820lqt; Mon, 22 Apr 2024 05:48:27 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUbkYz6JmE2yVEak5XgcbCccNNWHKkScOFDITDIqZbPrxLfoXRR9BdLZtUSODICeevyMk6aiQ8Oqpd55x6vnreBPg9Nv9AmLm4Nqss/Vg== X-Google-Smtp-Source: AGHT+IFXchGFDeNBQBfPpl8XOddB05WBzNHpqAuOewP79VSbxGC3HJiDkQYG35UlZXrWTZ/NcSZX X-Received: by 2002:a17:90a:c254:b0:2a7:4e38:70e9 with SMTP id d20-20020a17090ac25400b002a74e3870e9mr7789893pjx.13.1713790107397; Mon, 22 Apr 2024 05:48:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713790107; cv=pass; d=google.com; s=arc-20160816; b=IziQhkpRnjqlGTAZIQqPoZGzoxJr5ZO0yim/wOQFExNYuaJWj5DRXBoQMH83piDshQ CPqnpwdjDuoo/CPoi53hOLsWo4+sec7womJHIhyrbktVtBVvICka/NDzxoEO+Kz+AlNA 6xommVrM8GQLjsjbmHcykoOWaiNBQ8cl2OV+NA3Vg7AIrxYKeEOKMI+l8CrB601TiOaJ tn8NrHceLcmu2qCfXo2OxbA1B+SjfZxJ9X5Ukn7PL5/bZG2u16BjCGUAH0xDHmAZJEZU IaXvy2lvzorA9rswZt+Lh7xuLdK4yjXsna9UafjWoZhdPMdDDI/+VKX4vaNRfuF+HsMC MezA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:user-agent:references:in-reply-to :date:cc:to:from:subject:message-id:dkim-signature:dkim-signature; bh=iQwopnIrgK1vHtnndo3G8vPEWNpEDU9Md/7e5XftBbM=; fh=6/xbxq17SCcYMcxn7G2bMRPZk6BaccwgYcDniQadLjQ=; b=NKsvlvKxJnFhORPoKA5eX9MpiVUkGLtfZSmNx/16IMD6xMHi2SgJKrkJphuGasUxOP X+J3jhD8+17DZ56RdRUqQM9Kgewxb6vuDlG5lhwB5GQXKlxjZF/E5ETa+Gk1wO1s8CxX vsduLGh2IJrOJvloflbId499UfQsjrp5nwhWgJACjkbyKvYIyLAnSGpb03qdSyHs8y5t HUAKc9LOZOWpxNVDa3MO/BTrCz73z0Yg6qTBRTFU4+XxqG07SnM75bx1427tnhTu1LX/ RKCoqv3jwaTBAhVFIQKenRvBtEYV2XeCRMEPoegi3tUiPwn5945XUo9AHNz97mnnN8xu K76Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=vmnu2zzK; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=vmnu2zzK; arc=pass (i=1 spf=pass spfdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dmarc=pass fromdomain=hansenpartnership.com); spf=pass (google.com: domain of linux-kernel+bounces-153360-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-153360-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id c10-20020a17090a8d0a00b002ad580daa2dsi3013127pjo.90.2024.04.22.05.48.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Apr 2024 05:48:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-153360-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=vmnu2zzK; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=vmnu2zzK; arc=pass (i=1 spf=pass spfdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dmarc=pass fromdomain=hansenpartnership.com); spf=pass (google.com: domain of linux-kernel+bounces-153360-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-153360-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id F1A1BB24652 for ; Mon, 22 Apr 2024 12:45:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9D8E914A4CE; Mon, 22 Apr 2024 12:42:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="vmnu2zzK"; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="vmnu2zzK" Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1C76914A0A3; Mon, 22 Apr 2024 12:42:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=96.44.175.130 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713789766; cv=none; b=qMN1rmyxSf1cU8dmOPf8SjfaBV9uPxn+y3EZqBjkJCo90b61xnAlig/VBKRiS7GVKuCE/5ENBZ0+XLIEPEwuTqD+BlEpQB2wHC1gQ4VdD9bNPw95IcdCW4UvTo+YvJ47pbhaClsUseiqXhNdszV6VVcJM1WQrqHFtufUDJdU3uQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713789766; c=relaxed/simple; bh=eLPBVgVLHtZoIwSikYHS9+/VqRYyuQb/X9rEDXUkyq8=; h=Message-ID:Subject:From:To:Cc:Date:In-Reply-To:References: Content-Type:MIME-Version; b=MKXXXyqQgpzAsUK8tBhHLTl9siL28Ochx2Nxuk8WRsb0hiKO+QhvD+RPeKhOWPiv8Houtudb9lF9I1TCBlJqexZRhBTGyAxQ4/3KyoK/UkdrPcshYptIBlwjwmd0ZgyWAUunQXiX+0jrelA5q1mdR0vANGmSNqCX5kQFlHvVODo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=HansenPartnership.com; spf=pass smtp.mailfrom=HansenPartnership.com; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b=vmnu2zzK; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b=vmnu2zzK; arc=none smtp.client-ip=96.44.175.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=HansenPartnership.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=HansenPartnership.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1713789764; bh=eLPBVgVLHtZoIwSikYHS9+/VqRYyuQb/X9rEDXUkyq8=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=vmnu2zzKcABpFlPx1X0yhrr/pvNmCqH9ygfBE9h1//eTRG4NHkT5xUmvhn4W5qGRa cjk6nrWzkiC3xM5d+T9OcQWotXciiMw7GTGIBgBTlXKQAlbeSoEikdzsveawmyVekV Me0rvO+n0TvUMVrxpYvtZfiFJc6Xek4SKUCi1jbM= Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 426E41281DBE; Mon, 22 Apr 2024 08:42:44 -0400 (EDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavis, port 10024) with ESMTP id HrCx1R4F-lCE; Mon, 22 Apr 2024 08:42:44 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1713789764; bh=eLPBVgVLHtZoIwSikYHS9+/VqRYyuQb/X9rEDXUkyq8=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=vmnu2zzKcABpFlPx1X0yhrr/pvNmCqH9ygfBE9h1//eTRG4NHkT5xUmvhn4W5qGRa cjk6nrWzkiC3xM5d+T9OcQWotXciiMw7GTGIBgBTlXKQAlbeSoEikdzsveawmyVekV Me0rvO+n0TvUMVrxpYvtZfiFJc6Xek4SKUCi1jbM= Received: from [172.20.13.230] (wsip-184-177-54-3.hr.hr.cox.net [184.177.54.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 5DE3D1280393; Mon, 22 Apr 2024 08:42:43 -0400 (EDT) Message-ID: <6e751959b9056884c1b9d3ba23e303d1737d8763.camel@HansenPartnership.com> Subject: Re: [PATCH] efi: expose TPM event log to userspace via sysfs From: James Bottomley To: Mikko Rapeli , Ard Biesheuvel , linux-efi@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ilias Apalodimas , Lennart Poettering Date: Mon, 22 Apr 2024 08:42:41 -0400 In-Reply-To: <20240422112711.362779-1-mikko.rapeli@linaro.org> References: <20240422112711.362779-1-mikko.rapeli@linaro.org> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit On Mon, 2024-04-22 at 14:27 +0300, Mikko Rapeli wrote: > Userspace needs to know if TPM kernel drivers need to be loaded > and related services started early in the boot if TPM device > is used and available. This says what but not why. We already have module autoloading that works correctly for TPM devices, so why is this needed? We do have a chicken and egg problem with IMA in that the TPM driver needs to be present *before* any filesystem, including the one the TPM modules would be on, is mounted so executions can be measured into IMA (meaning that if you use IMA the TPM drivers must be built in) but this sounds to be something different. However, because of the IMA problem, most distributions don't end up compiling TPM drivers as modules anyway. Is what you want simply that tpm modules be loaded earlier? James