[OpenPower-Firmware] [PATCH] linux: configure CONFIG_I2C_OPAL as in-built.
Nayna Jain
nayna at linux.ibm.com
Thu Sep 24 04:25:06 AEST 2020
Currently, skiroot_defconfig CONFIG_I2C_OPAL is built as a loadable
module rather than builtin, even if CONFIG_I2C=y is defined. This
results in a delay in the TPM initialization, causing IMA to go into
TPM bypass mode. As a result, the IMA measurements are added to the
measurement list, but do not extend the TPM. Because of this, it is
impossible to verify or attest to the system's integrity, either from
skiroot or the target Host OS.
Reported-by: Mimi Zohar <zohar at linux.ibm.com>
Signed-off-by: Nayna Jain <nayna at linux.ibm.com>
---
openpower/configs/linux/skiroot_defconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/openpower/configs/linux/skiroot_defconfig b/openpower/configs/linux/skiroot_defconfig
index 44309e12..a555adb2 100644
--- a/openpower/configs/linux/skiroot_defconfig
+++ b/openpower/configs/linux/skiroot_defconfig
@@ -216,7 +216,7 @@ CONFIG_I2C=y
CONFIG_I2C_CHARDEV=y
# CONFIG_I2C_HELPER_AUTO is not set
CONFIG_I2C_ALGOBIT=y
-CONFIG_I2C_OPAL=m
+CONFIG_I2C_OPAL=y
CONFIG_PPS=y
CONFIG_SENSORS_IBMPOWERNV=m
CONFIG_DRM=m
--
2.17.1
More information about the OpenPower-Firmware
mailing list