0 Replies Latest reply on Jun 3, 2016 2:00 AM by mohamedshaharris_intel

    How to disable TPM in kernel configuration MI3.1

    mohamedshaharris_intel

      You can disable the message by changing kernel config, rebuild the kernel, make your image and deploy on target.

      The messages:

       

      [   11.677422] IMA: No TPM chip found, activating TPM-bypass!

      [  151.708246] seal_ownercert_loop: Timeout, No TPM chip found, activating TPM-bypass!

       

      Here we give the steps:

       

      1) Open this config file:

      </project>/bitbake_build/tmp/work/intel_baytrail_64-wrs-linux/linux-windriver/3.14-r0/linux-intel_baytrail_64-idp-build/.config

       

      2) You need to change config setting to "=n". Below are the lists:

       

      CONFIG_HW_RANDOM_TPM=n

      CONFIG_TCG_TPM=n

      CONFIG_TCG_TIS=n

      CONFIG_TCG_TIS_I2C_ATMEL=n

      CONFIG_TCG_TIS_I2C_INFINEON=n

      CONFIG_TCG_TIS_I2C_NUVOTON=n

      CONFIG_TCG_INFINEON=n

      CONFIG_TCG_ST33_I2C=n

      CONFIG_TRUSTED_KEYS=n

      CONFIG_ENCRYPTED_KEYS=n

      CONFIG_KEYS_DEBUG_PROC_KEYS=n

      CONFIG_OWNERCERT_LOADER=n

      CONFIG_INTEGRITY=n

      CONFIG_INTEGRITY_SIGNATURE=n

      CONFIG_IMA=n

      CONFIG_IMA_MEASURE_PCR_IDX=n

      CONFIG_IMA_SIG_TEMPLATE=n

      CONFIG_IMA_DEFAULT_TEMPLATE=n

      CONFIG_IMA_DEFAULT_HASH_SHA256=n

      CONFIG_IMA_DEFAULT_HASH=n

      CONFIG_IMA_APPRAISE=n

      CONFIG_CRYPTO_HASH_INFO=n

      CONFIG_CLZ_TAB=n

      CONFIG_MPILIB=n

      CONFIG_SIGNATURE=n

       

      3) After finish editing, save the config file.

      4) Run "make linux-windriver.rebuild".

      5) Run "make fs" to rebuild your image.

      6) Deploy your image to target.

      7) Clarify the TPM message by run "dmesg |grep TPM"

       

      For your information, on this kernel configuration, we have removed the TPM and IMA.

       

      Last Validated Info

      IDP3.1
      RCPL0015
      DeviceDK300