On 11/29/24 9:44 PM, Jarkko Sakkinen wrote:
On Tue Nov 26, 2024 at 1:42 PM EET, Christian Heusel wrote:
On 24/10/25 05:47PM, Jarkko Sakkinen wrote:
Yeah, this is on the list.
See: https://bugzilla.kernel.org/show_bug.cgi?id=219383#c5
I had a fix for the AMD boot-time issue already over a month ago
but unfortunately took time to get enough feedback.
BR, Jarkko
I'm not sure if this is supposed to be fixed, but AFAIK we hoped that
the patchset that was mentioned in bugzilla also helped this issue.
The reporter said that the bug is still present in 6.12.1, so this might
need further poking 🤔
I'd suggest a workaround for the time being.
In 6.12 we added this for (heavy) IMA use:
tpm.disable_pcr_integrity= [HW,TPM]
Do not protect PCR registers from unintended physical
access, or interposers in the bus by the means of
having an integrity protected session wrapped around
TPM2_PCR_Extend command. Consider this in a situation
where TPM is heavily utilized by IMA, thus protection
causing a major performance hit, and the space where
machines are deployed is by other means guarded.
Similarly it might make sense to have "tpm.disable_random_integrity"
that disables the feature introduced by the failing commit.
I am wondering what could be the not-so-obvious root cause for this?
Could it be due to a (TPM or RNG-related) lock? I guess the audio
popping could occur if an application cannot meet timing requirements
when it runs into some sort of blocking lock...
What do you think?
> >>
Cheers,
Chris
BR, Jarkko
