NVIDIA: [Config]: Ensure the TPM is available before IMA initializes #11
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
With the new annotations schema we don't need to adjust annotations via local-mangle anymore. Same about copying configs via copy-files. Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Include debian.master/config/annotations and run updateconfigs. Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Ignore: yes Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2019126 Properties: no-test-build Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
…dversion" This patch is required by Rust and it can potentially break user-space. It is safer to revert this in all the kernel backported to old releases. Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Ignore: yes Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2021604 Properties: no-test-build Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Ignore: yes Signed-off-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>
We don't want to support or build rust in Jammy so override it in the local-mangle. Ignore: yes Signed-off-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>
Using the default gcc-11 compiler in Jammy changes some gcc features so update them in the annotations. Ignore: yes Signed-off-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>
Ignore: yes Signed-off-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>
Replace the micellaneous changelog entries with an earlier revert with proper title and LP bug. Also move "enable rust only in the master kernel for amd64" commit to generic packaging resync. Ignore: yes Signed-off-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2024539 Properties: no-test-build Signed-off-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>
Signed-off-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>
The build dependencies are configured to install rust, so it will be considered available. This should be as it is set in the parent. Ignore: yes Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Fixup build adjusting the expected config setting for CONFIG_RUST_IS_AVAILABLE. The rust package gets installed by the build dependencies, so it will be available. We just not enable things for HWE kernels. Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Change URL locations in getabis to linux-hwe-6.2, add new entry to the build#2 PPA, and drop the development URLs. Ignore: yes Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Ignore: yes Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2026752 Properties: no-test-build Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
With updated pahole we have Rust potentially available. Adjust the annotations file to keep it disabled. Ignore: yes Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
This feature is now available in Lunar and Jammy so we no longer need an adjustment for the HWE kernel. Ignore: yes Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Ian May <ian.may@canonical.com>
…ULT_GOV_PERFORMANCE and CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND for NVIDIA workloads Signed-off-by: Brad Figg <bfigg@nvidia.com> Acked-by: Ian May <ian.may@canonical.com> Acked-by: Jacob Martin <jacob.martin@canonical.com> Signed-off-by: Ian May <ian.may@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1982519 With this change, the NFS driver would be enabled to support GPUDirectStorage(GDS). The change is around frwr_map and frwr_unmap in the NFS driver, where the IO request is first intercepted to check for GDS pages and if it is a GDS page then the request is served by GDS driver component called nvidia-fs, else the request would be served by the standard NFS driver code. Acked-by: Prashant Prabhu <prashantp@nvidia.com> Acked-by: Rebanta Mitra <rmitra@nvidia.com> Signed-off-by: Sourab Gupta <sougupta@nvidia.com> Acked-by: Brad Figg <bfigg@nvidia.com> Acked-by: Ian May <ian.may@canonical.com> Acked-by: Jacob Martin <jacob.martin@canonical.com> Signed-off-by: Ian May <ian.may@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2029878 Properties: no-test-build Signed-off-by: Ian May <ian.may@canonical.com>
…23.07.17) BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Ian May <ian.may@canonical.com>
Signed-off-by: Ian May <ian.may@canonical.com>
Signed-off-by: Ian May <ian.may@canonical.com>
Signed-off-by: Ian May <ian.may@canonical.com>
Ignore: yes Signed-off-by: Ian May <ian.may@canonical.com>
There is a compile error with the current nvidia-fs package. Removing module inclusion until resolved. Signed-off-by: Ian May <ian.may@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2029878 Properties: no-test-build Signed-off-by: Ian May <ian.may@canonical.com>
Signed-off-by: Ian May <ian.may@canonical.com>
This reverts commit 8805fa9. Acked-by: Jose Ogando <jose.ogando@canonical.com> Acked-by: Ian May <ian.may@canonical.com> Signed-off-by: Brad Figg <bfigg@nvidia.com>
…rnel BugLink: https://bugs.launchpad.net/bugs/1982519 With this change, the NVMe and NVMeOF driver would be enabled to support GPUDirectStorage(GDS). The change is around nvme/nvme rdma map_data() and unmap_data(), where the IO request is first intercepted to check for GDS pages and if it is a GDS page then the request is served by GDS driver component called nvidia-fs, else the request would be served by the standard NVMe driver code. Signed-off-by: Sourab Gupta <sougupta@nvidia.com> Acked-by: Rebanta Mitra <rmitra@nvidia.com> Acked-by: Prashant Prabhu <prashantp@nvidia.com> Acked-by: Brad Figg <bfigg@nvidia.com> Acked-by: Jose Ogando <jose.ogando@canonical.com> Acked-by: Ian May <ian.may@canonical.com> Signed-off-by: Brad Figg <bfigg@nvidia.com>
… a pasid support BugLink: https://bugs.launchpad.net/bugs/2031320 When an iommu_domain is set to IOMMU_DOMAIN_IDENTITY, the driver would skip the allocation of a CD table and set the CONFIG field of the STE to STRTAB_STE_0_CFG_BYPASS. This works well for devices that only have one substream, i.e. PASID disabled. However, there could be a use case, for a pasid capable device, that allows bypassing the translation at the default substream while still enabling the pasid feature, which means the driver should not skip the allocation of a CD table nor simply bypass the CONFIG field. Instead, the S1DSS field should be set to STRTAB_STE_1_S1DSS_BYPASS and the SHCFG field should be set to STRTAB_STE_1_SHCFG_INCOMING. Add s1dss in struct arm_smmu_s1_cfg, to allow a configuration in the finalise() to support this use case. Also, according to "13.5 Summary of attribute/permission configuration fields" in the reference manual, the SHCFG field value is irrelevant. So, set the SHCFG field of the STE always to STRTAB_STE_1_SHCFG_INCOMING for simplification. Signed-off-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Pritesh Raithatha <praithatha@nvidia.com> Acked-by: Jamie Nguyen <jamien@nvidia.com> Acked-by: Nicolin Chen <nicolinc@nvidia.com> Acked-by: Brad Figg <bfigg@nvidia.com> Acked-by: Jose Ogando <jose.ogando@canonical.com> Acked-by: Ian May <ian.may@canonical.com> Signed-off-by: Brad Figg <bfigg@nvidia.com>
Ignore: yes Signed-off-by: Ian May <ian.may@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2031342 Properties: no-test-build Signed-off-by: Ian May <ian.may@canonical.com>
Signed-off-by: Brad Figg <bfigg@nvidia.com> Signed-off-by: Ian May <ian.may@canonical.com>
Signed-off-by: Brad Figg <bfigg@nvidia.com> Signed-off-by: Ian May <ian.may@canonical.com>
Signed-off-by: Ian May <ian.may@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2031584 Signed-off-by: Sourab Gupta <sougupt@nvidia.com> Acked-by: Brad Figg <bfigg@nvidia.com> Acked-by: Ian May <ian.may@canonical.com> Acked-by: Jacob Martin <jacob.martin@canonical.com> Signed-off-by: Brad Figg <bfigg@nvidia.com>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Brad Figg <bfigg@nvidia.com>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Brad Figg <bfigg@nvidia.com>
Signed-off-by: Brad Figg <bfigg@nvidia.com>
Ignore: yes Signed-off-by: Brad Figg <bfigg@nvidia.com>
BugLink: https://bugs.launchpad.net/bugs/2033312 Properties: no-test-build Signed-off-by: Brad Figg <bfigg@nvidia.com>
Signed-off-by: Brad Figg <bfigg@nvidia.com>
Set the following configs: CONFIG_SPI_TEGRA210_QUAD=y CONFIG_TCG_TIS_SPI=y On Grace systems, the IMA driver emits the following log: ima: No TPM chip found, activating TPM-bypass! This occurs because the IMA driver initializes before we are able to detect the TPM. This will always be the case when the drivers required to communicate with the TPM, spi_tegra210_quad and tpm_tis_spi, are built as modules. Having these drivers as built-ins ensures that the TPM is available before the IMA driver initializes. Signed-off-by: Jamie Nguyen <jamien@nvidia.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Set the following configs:
CONFIG_SPI_TEGRA210_QUAD=y
CONFIG_TCG_TIS_SPI=y
On Grace systems, the IMA driver emits the following log:
ima: No TPM chip found, activating TPM-bypass!
This occurs because the IMA driver initializes before we are able to detect the TPM. This will always be the case when the drivers required to communicate with the TPM, spi_tegra210_quad and tpm_tis_spi, are built as modules.
Having these drivers as built-ins ensures that the TPM is available before the IMA driver initializes.