On 10/11/24 11:05 AM, Stefan Berger wrote:
To avoid the following types of error messages from the TPM driver, suspend
PCR extends once the reboot notifier has been called. This avoids trying to
use the TPM after the TPM subsystem has been shut down.
[111707.685315][ T1] ima: Error Communicating to TPM chip, result: -19
[111707.685960][ T1] ima: Error Communicating to TPM chip, result: -19
This error could be observed on a ppc64 machine running SuSE Linux.
Signed-off-by: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx>
Some of the code is taken from Tushar's series:
https://lore.kernel.org/linux-integrity/20240214153827.1087657-1-tusharsu@xxxxxxxxxxxxxxxxxxx/T/#m2d5f23959510ea2ada534febe03beff4a3f97ac7
See patch 6/8.
Tushar's series is still needed for carrying the log across kexec
properly since without it it can still happen that the state of the PCR
10 does not match with the IMA log if a new measurements is taken after
the freezing of the log (currently at 'kexec load') and before the
'kexec exec'.
