[PATCH] ima: debugging late_initcall_sync measurements
Mimi Zohar
zohar at linux.ibm.com
Mon May 4 05:02:48 PDT 2026
On Sun, 2026-05-03 at 12:46 -0400, Paul Moore wrote:
> Regardless, assuming you always want IMA to leverage a TPMs when they
> exist, your reply suggests that using an initcall based IMA init
> scheme, even a late-sync initcall, may not be sufficient because
> deferred TPM initialization could happen later, yes?
Well yeah. The TPM could be configured as a module, but that scenario is not of
interest. That's way too late. The case being addressed in this patch set is
when the TPM driver tries to initialize at device_initcall, returns
EPROBE_DEFER, and is retried at deferred_probe_initcall (late_initcall). Since
ordering within an initcall is not supported, this patch attempts to initialize
IMA at late_initcall and similarly retries, in this case, at late_initcall_sync.
Mimi
More information about the linux-arm-kernel
mailing list