On Thu, Mar 22, 2018 at 08:57:59PM -0400, Stefan Berger wrote: > On 03/22/2018 05:39 PM, Jason Gunthorpe wrote: > >On Thu, Mar 22, 2018 at 12:20:33PM -0400, Stefan Berger wrote: > >>I tried to convert the IMA code to look up a TPM chip and use it until > >>shutdown, when it releases it before device_shutdown(). Ideally this would > >>work but because of xen-front's resume code it doesn't. There the chip is > >>unregistered upon domU resume (tpmfront_resume calls tpmfron_remove) and for > >>that reason IMA cannot be holding onto that chip until shutdown. > >Well removing the TPM during resume seems totally wrong, don't do > >that. > > though that's what seems to be happening: Sure, but that is totally wrong, Xen shouldn't do that. Don't design core interfaces around an insane driver, you were on the right path to have IMA hold a chip handle not use a chip index. That is a long standing needed cleanup. Xen, IMA and suspend will just not be compatible until someone fixes that driver. And maybe that is for the best, perhaps that remove thing is some statement that TPM state does not preserve across suspend/resume. Who knows. Jason
