NVIDIA: [Config]: Ensure the TPM is available before IMA initializes #11
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Andrea Righi <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Andrea Righi <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Andrea Righi <[email protected]>
With the new annotations schema we don't need to adjust annotations via local-mangle anymore. Same about copying configs via copy-files. Signed-off-by: Andrea Righi <[email protected]>
Include debian.master/config/annotations and run updateconfigs. Signed-off-by: Andrea Righi <[email protected]>
Ignore: yes Signed-off-by: Andrea Righi <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2019126 Properties: no-test-build Signed-off-by: Andrea Righi <[email protected]>
Signed-off-by: Andrea Righi <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Andrea Righi <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Andrea Righi <[email protected]>
…dversion" This patch is required by Rust and it can potentially break user-space. It is safer to revert this in all the kernel backported to old releases. Signed-off-by: Andrea Righi <[email protected]>
Ignore: yes Signed-off-by: Andrea Righi <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2021604 Properties: no-test-build Signed-off-by: Andrea Righi <[email protected]>
Signed-off-by: Andrea Righi <[email protected]>
Ignore: yes Signed-off-by: Luke Nowakowski-Krijger <[email protected]>
We don't want to support or build rust in Jammy so override it in the local-mangle. Ignore: yes Signed-off-by: Luke Nowakowski-Krijger <[email protected]>
Using the default gcc-11 compiler in Jammy changes some gcc features so update them in the annotations. Ignore: yes Signed-off-by: Luke Nowakowski-Krijger <[email protected]>
Ignore: yes Signed-off-by: Luke Nowakowski-Krijger <[email protected]>
Replace the micellaneous changelog entries with an earlier revert with proper title and LP bug. Also move "enable rust only in the master kernel for amd64" commit to generic packaging resync. Ignore: yes Signed-off-by: Luke Nowakowski-Krijger <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2024539 Properties: no-test-build Signed-off-by: Luke Nowakowski-Krijger <[email protected]>
Signed-off-by: Luke Nowakowski-Krijger <[email protected]>
The build dependencies are configured to install rust, so it will be considered available. This should be as it is set in the parent. Ignore: yes Signed-off-by: Stefan Bader <[email protected]>
Fixup build adjusting the expected config setting for CONFIG_RUST_IS_AVAILABLE. The rust package gets installed by the build dependencies, so it will be available. We just not enable things for HWE kernels. Signed-off-by: Stefan Bader <[email protected]>
Change URL locations in getabis to linux-hwe-6.2, add new entry to the build#2 PPA, and drop the development URLs. Ignore: yes Signed-off-by: Stefan Bader <[email protected]>
Ignore: yes Signed-off-by: Stefan Bader <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2026752 Properties: no-test-build Signed-off-by: Stefan Bader <[email protected]>
Signed-off-by: Stefan Bader <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Stefan Bader <[email protected]>
With updated pahole we have Rust potentially available. Adjust the annotations file to keep it disabled. Ignore: yes Signed-off-by: Stefan Bader <[email protected]>
This feature is now available in Lunar and Jammy so we no longer need an adjustment for the HWE kernel. Ignore: yes Signed-off-by: Stefan Bader <[email protected]>
Signed-off-by: Ian May <[email protected]>
…ULT_GOV_PERFORMANCE and CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND for NVIDIA workloads Signed-off-by: Brad Figg <[email protected]> Acked-by: Ian May <[email protected]> Acked-by: Jacob Martin <[email protected]> Signed-off-by: Ian May <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1982519 With this change, the NFS driver would be enabled to support GPUDirectStorage(GDS). The change is around frwr_map and frwr_unmap in the NFS driver, where the IO request is first intercepted to check for GDS pages and if it is a GDS page then the request is served by GDS driver component called nvidia-fs, else the request would be served by the standard NFS driver code. Acked-by: Prashant Prabhu <[email protected]> Acked-by: Rebanta Mitra <[email protected]> Signed-off-by: Sourab Gupta <[email protected]> Acked-by: Brad Figg <[email protected]> Acked-by: Ian May <[email protected]> Acked-by: Jacob Martin <[email protected]> Signed-off-by: Ian May <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2029878 Properties: no-test-build Signed-off-by: Ian May <[email protected]>
…23.07.17) BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Ian May <[email protected]>
Signed-off-by: Ian May <[email protected]>
Signed-off-by: Ian May <[email protected]>
Signed-off-by: Ian May <[email protected]>
Ignore: yes Signed-off-by: Ian May <[email protected]>
There is a compile error with the current nvidia-fs package. Removing module inclusion until resolved. Signed-off-by: Ian May <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2029878 Properties: no-test-build Signed-off-by: Ian May <[email protected]>
Signed-off-by: Ian May <[email protected]>
This reverts commit 8805fa9. Acked-by: Jose Ogando <[email protected]> Acked-by: Ian May <[email protected]> Signed-off-by: Brad Figg <[email protected]>
…rnel BugLink: https://bugs.launchpad.net/bugs/1982519 With this change, the NVMe and NVMeOF driver would be enabled to support GPUDirectStorage(GDS). The change is around nvme/nvme rdma map_data() and unmap_data(), where the IO request is first intercepted to check for GDS pages and if it is a GDS page then the request is served by GDS driver component called nvidia-fs, else the request would be served by the standard NVMe driver code. Signed-off-by: Sourab Gupta <[email protected]> Acked-by: Rebanta Mitra <[email protected]> Acked-by: Prashant Prabhu <[email protected]> Acked-by: Brad Figg <[email protected]> Acked-by: Jose Ogando <[email protected]> Acked-by: Ian May <[email protected]> Signed-off-by: Brad Figg <[email protected]>
… a pasid support BugLink: https://bugs.launchpad.net/bugs/2031320 When an iommu_domain is set to IOMMU_DOMAIN_IDENTITY, the driver would skip the allocation of a CD table and set the CONFIG field of the STE to STRTAB_STE_0_CFG_BYPASS. This works well for devices that only have one substream, i.e. PASID disabled. However, there could be a use case, for a pasid capable device, that allows bypassing the translation at the default substream while still enabling the pasid feature, which means the driver should not skip the allocation of a CD table nor simply bypass the CONFIG field. Instead, the S1DSS field should be set to STRTAB_STE_1_S1DSS_BYPASS and the SHCFG field should be set to STRTAB_STE_1_SHCFG_INCOMING. Add s1dss in struct arm_smmu_s1_cfg, to allow a configuration in the finalise() to support this use case. Also, according to "13.5 Summary of attribute/permission configuration fields" in the reference manual, the SHCFG field value is irrelevant. So, set the SHCFG field of the STE always to STRTAB_STE_1_SHCFG_INCOMING for simplification. Signed-off-by: Nicolin Chen <[email protected]> Reviewed-by: Pritesh Raithatha <[email protected]> Acked-by: Jamie Nguyen <[email protected]> Acked-by: Nicolin Chen <[email protected]> Acked-by: Brad Figg <[email protected]> Acked-by: Jose Ogando <[email protected]> Acked-by: Ian May <[email protected]> Signed-off-by: Brad Figg <[email protected]>
Ignore: yes Signed-off-by: Ian May <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2031342 Properties: no-test-build Signed-off-by: Ian May <[email protected]>
Signed-off-by: Brad Figg <[email protected]> Signed-off-by: Ian May <[email protected]>
Signed-off-by: Brad Figg <[email protected]> Signed-off-by: Ian May <[email protected]>
Signed-off-by: Ian May <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2031584 Signed-off-by: Sourab Gupta <[email protected]> Acked-by: Brad Figg <[email protected]> Acked-by: Ian May <[email protected]> Acked-by: Jacob Martin <[email protected]> Signed-off-by: Brad Figg <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Brad Figg <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/1786013 Signed-off-by: Brad Figg <[email protected]>
Signed-off-by: Brad Figg <[email protected]>
Ignore: yes Signed-off-by: Brad Figg <[email protected]>
BugLink: https://bugs.launchpad.net/bugs/2033312 Properties: no-test-build Signed-off-by: Brad Figg <[email protected]>
Signed-off-by: Brad Figg <[email protected]>
Set the following configs: CONFIG_SPI_TEGRA210_QUAD=y CONFIG_TCG_TIS_SPI=y On Grace systems, the IMA driver emits the following log: ima: No TPM chip found, activating TPM-bypass! This occurs because the IMA driver initializes before we are able to detect the TPM. This will always be the case when the drivers required to communicate with the TPM, spi_tegra210_quad and tpm_tis_spi, are built as modules. Having these drivers as built-ins ensures that the TPM is available before the IMA driver initializes. Signed-off-by: Jamie Nguyen <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Set the following configs:
CONFIG_SPI_TEGRA210_QUAD=y
CONFIG_TCG_TIS_SPI=y
On Grace systems, the IMA driver emits the following log:
ima: No TPM chip found, activating TPM-bypass!
This occurs because the IMA driver initializes before we are able to detect the TPM. This will always be the case when the drivers required to communicate with the TPM, spi_tegra210_quad and tpm_tis_spi, are built as modules.
Having these drivers as built-ins ensures that the TPM is available before the IMA driver initializes.