IMA fails due to not existing TPM eventhough it exists and functions

I’m currently trying to perform integrity measurement using a TPM (SLB 9670) on a Raspberry Pi 3 model B+.
I have the TPM installed and working properly since I can execute some basic commands like tpm2_getrandom() and so on. Now I want to perform an integrity measurement using IMA, and I have recompiled the new kernel with the following config:

CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_INTEGRITY=y
CONFIG_IMA=y
CONFIG_IMA_MEASURE_PCR_IDX=10
CONFIG_IMA_AUDIT=y
CONFIG_IMA_LSM_RULES=y
CONFIG_IMA_WRITE_POLICY=y
CONFIG_IMA_READ_POLICY=y
CONFIG_IMA_APPRAISE=y
CONFIG_IMA_APPRAISE_BOOTPARAM=y
CONFIG_HW_RANDOM_TPM=y
CONFIG_TCG_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS=y

but the ima for some reason still doesn’t detect the TPM and gives the errors:


I have also tried to compile another version of the kernel where I change the code line in devices/clk/bcm/clk-bcm2835:
from: postcore_initcall(__bcm2835_clk_driver_init); to subsys_initcall(__bcm2835_clk_driver_init);
But it still didn’t work.
Please help!

You will probably have better results asking on another forum - this one is for Kubernetes and its ecosystem.

ah ok thanks, do you have any examples? :slight_smile: