On Fri, Apr 24, 2026 at 04:25:31PM -0400, Mimi Zohar wrote:
Thanks, Jonathan!
On Fri, 2026-04-24 at 14:24 +0100, Jonathan McDowell wrote:
-static int __init init_ima(void)
+static int __init init_ima(bool late)
{
int error;
@@ -1247,10 +1247,26 @@ static int __init init_ima(void)
return 0;
}
+ /*
+ * If we found the TPM during our first attempt, or we know there's no
+ * TPM, nothing further to do
+ */
Perhaps it's just me, but the comment wording is a bit off. Could I change it
to: If we either found the TPM or knew there's no TPM during our first attempt,
nothing futher to do.
No objections to that updated wording from me.
Otherwise the patch looks good.
Mimi
+ if (late && (ima_tpm_chip || !IS_ENABLED(CONFIG_TCG_TPM)))
+ return 0;
+
+ ima_tpm_chip = tpm_default_chip();
+ if (!ima_tpm_chip && !late && IS_ENABLED(CONFIG_TCG_TPM)) {
+ pr_debug("TPM not available, will try later\n");
+ return -EPROBE_DEFER;
+ }
+
+ if (!ima_tpm_chip)
+ pr_info("No TPM chip found, activating TPM-bypass!\n");
+
J.
--
Revd Jonathan McDowell, ULC | Run like hell!
