On Mon, Jun 18, 2018 at 01:33:06PM -0600, Jason Gunthorpe wrote: > > > +module_param(override_rng_quality, short, 0644); > > > > Should this be 600 i.e. not to leak this information? > > There is a real push these days against adding module parameters, and > apparently, IMA can't function with TPM as a module. > > Are you sure this shouldn't be done in some other way? Maybe a sysfs file would be a better choice for this? /Jarkko