On Thu, Mar 22, 2018 at 12:20:33PM -0400, Stefan Berger wrote: > I tried to convert the IMA code to look up a TPM chip and use it until > shutdown, when it releases it before device_shutdown(). Ideally this would > work but because of xen-front's resume code it doesn't. There the chip is > unregistered upon domU resume (tpmfront_resume calls tpmfron_remove) and for > that reason IMA cannot be holding onto that chip until shutdown. Well removing the TPM during resume seems totally wrong, don't do that. Jason
