NVIDIA: [Config]: Ensure the TPM is available before IMA initializes

jamieNguyenNVIDIA · nvidia-bfigg · commit fd8173b864f3 · 2023-10-02T08:44:36.000-07:00
BugLink: https://bugs.launchpad.net/bugs/2037688 Set the following configs: CONFIG_SPI_TEGRA210_QUAD=y CONFIG_TCG_TIS_SPI=y On Grace systems, the IMA driver emits the following log: ima: No TPM chip found, activating TPM-bypass! This occurs because the IMA driver initializes before we are able to detect the TPM. This will always be the case when the drivers required to communicate with the TPM, spi_tegra210_quad and tpm_tis_spi, are built as modules. Having these drivers as built-ins ensures that the TPM is available before the IMA driver initializes. Signed-off-by: Jamie Nguyen <jamien@nvidia.com> Acked-by: Brad Figg <bfigg@nvidia.com> Acked-by: Ian May <ian.may@canonical.com> Acked-by: Jacob Martin <jacob.martin@canonical.com> Signed-off-by: Brad Figg <bfigg@nvidia.com>
diff --git a/debian.nvidia-6.2/config/annotations b/debian.nvidia-6.2/config/annotations
@@ -27,6 +27,11 @@ CONFIG_PREEMPT_VOLUNTARY                        note<'required for nvidia worklo
 CONFIG_RUST                                     policy<{'amd64': 'n', 'arm64': '-'}>
 CONFIG_RUST                                     note<'required to enable Rust support, LP: #1993183'>
 
+CONFIG_SPI_TEGRA210_QUAD                        policy<{'arm64': 'y'}>
+CONFIG_SPI_TEGRA210_QUAD                        note<'ensures the TPM is available before the IMA driver initializes'>
+
+CONFIG_TCG_TIS_SPI                              policy<{'arm64': 'y'}>
+CONFIG_TCG_TIS_SPI                              note<'ensures the TPM is available before the IMA driver initializes'>
 
 # ---- Annotations without notes ----
 
