Hi Petr, On Thu, 2025-02-20 at 19:46 +0100, Petr Vorel wrote:
> Is it this considered as a security feature? If yes, than failures on vanilla > kernel are ok, we just need to later add kernel hashes to let testers know > about > missing backports. If it's a feature (not to be backported) we should test new > feature only on newer kernels. I posted these LTP patches as RFC since the kernel patches themselves haven't been upstreamed. I'm still waiting for some kernel patch reviews. Posting these LTP patches might help with that. Having multiple open-writers or ToMToU violations doesn't provide any benefit in terms of attestation. It just clutters the audit log and the IMA measurement list. Not extending the TPM would be a performance improvement. I'm not sure it would be classified as a security feature or bug fix. Mimi
