On Mon, 2024-04-22 at 14:27 +0300, Mikko Rapeli wrote: > Userspace needs to know if TPM kernel drivers need to be loaded > and related services started early in the boot if TPM device > is used and available. This says what but not why. We already have module autoloading that works correctly for TPM devices, so why is this needed? We do have a chicken and egg problem with IMA in that the TPM driver needs to be present *before* any filesystem, including the one the TPM modules would be on, is mounted so executions can be measured into IMA (meaning that if you use IMA the TPM drivers must be built in) but this sounds to be something different. However, because of the IMA problem, most distributions don't end up compiling TPM drivers as modules anyway. Is what you want simply that tpm modules be loaded earlier? James
