Re: Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fr, 16.02.24 11:28, Mikko Rapeli (mikko.rapeli@xxxxxxxxxx) wrote:

> Support for fTPM devices is problematic. First, the kernel support must be modules
> but loading needs to be specially handled after starting tee-supplicant. For normal
> boot udev handles optee detection and triggers tee-supplicant@teepriv0.service
> startup which unloads tpm_ftpm_tee kernel module, starts tee-supplicant and then
> loads the kernel module again. After this RPMB works. To do the same in initramfs, I added
> Wants: and After: dependencies from systemd-repart.service, systemd-cryptsetup@.service,
> systemd-pcrmachine.service and systemd-pcrphase-initrd.service:

Kernel module unloading is not supposed to happen in clean
codepaths. It's a debug/development feature, it's not safe to do as
part of regular boot.

But why do you need an unload a kernel module at all? that smells...

Lennart

--
Lennart Poettering, Berlin
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux