On Tue Nov 26, 2024 at 1:42 PM EET, Christian Heusel wrote: > On 24/10/25 05:47PM, Jarkko Sakkinen wrote: > > Yeah, this is on the list. > > > > See: https://bugzilla.kernel.org/show_bug.cgi?id=219383#c5 > > > > I had a fix for the AMD boot-time issue already over a month ago > > but unfortunately took time to get enough feedback. > > > > BR, Jarkko > > I'm not sure if this is supposed to be fixed, but AFAIK we hoped that > the patchset that was mentioned in bugzilla also helped this issue. > > The reporter said that the bug is still present in 6.12.1, so this might > need further poking 🤔 I'd suggest a workaround for the time being. In 6.12 we added this for (heavy) IMA use: tpm.disable_pcr_integrity= [HW,TPM] Do not protect PCR registers from unintended physical access, or interposers in the bus by the means of having an integrity protected session wrapped around TPM2_PCR_Extend command. Consider this in a situation where TPM is heavily utilized by IMA, thus protection causing a major performance hit, and the space where machines are deployed is by other means guarded. Similarly it might make sense to have "tpm.disable_random_integrity" that disables the feature introduced by the failing commit. What do you think? > > Cheers, > Chris BR, Jarkko
