TPM: enabling the tpm as builtin in trusty
Tim Gardner
tim.gardner at canonical.com
Wed Jan 15 15:36:04 UTC 2014
On 01/15/2014 08:19 AM, Mimi Zohar wrote:
> On Wed, 2014-01-15 at 07:03 -0700, Tim Gardner wrote:
>> On 01/14/2014 01:04 PM, Mimi Zohar wrote:
>>> Hi,
>>>
>>> Thank you for enabling IMA/IMA-appraisal! Enabling IMA requires the
>>> TPM, if enabled, to be builtin. I'm curious if this will be the first
>>> release with the TPM being builtin?
>>>
>>> thanks,
>>>
>>> Mimi
>>>
>>>
>>
>> Mimi - Ubuntu has not had IMA enabled in any kernel to date (except for
>> Trusty 3.13) because of the runtime overhead imposed by this config
>> option. Recent development has improved that situation considerably.
>
> Cool!
>
>> The
>> Trusty kernel now has the following TPM config options on all arches
>> that support the driver:
>>
>> CONFIG_HW_RANDOM_TPM=m
>> CONFIG_TCG_IBMVTPM=y
>> CONFIG_TCG_TPM=y
>
> Just making sure that you're aware, that there were problems with the
> TPM being builtin, a while ago, because of buggy TPMs. All of the known
> problems were supposedly resolved.
> (https://bugzilla.redhat.com/show_bug.cgi?id=746097)
>
> thanks,
>
> Mimi
>
I was not aware of that specific bug, but hopefully all has been
resolved as of 3.13.
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list