On Sun, 2018-12-30 at 14:22 +0100, Michael Niewöhner wrote: > > difference is that on a cold boot, the TPM takes longer to initialize. > > Well, as I said. Waiting for 10, 20 or even 60 seconds in the boot manager does > not solve the problem. So the problem is NOT that the TPM takes longer to > initialize. Even adding a delay of 20 seconds before TPM init does not solve > that while that should be more than enough time. The purpose of commenting out the TPM2 selftest was to minimize the TPM initialization delay, so that the TPM is ready before IMA. After James' patch that wasn't needed anymore. Looking back at this thread, I see you're using systemd-boot, not grub2. When you commented out the systemd-boot timeout, IMA found the TPM. The question is why isn't the TPM ready with the timeout before IMA (like above)? Has systemd-boot done the selftest? Mimi
