Public bug reported: Hi,
With all updates installed to Ubuntu disco it is impossible to use TPM2 device on the machine. Most of the TPM2 commands seem to fail due to Linux kernel having async access problem that is fixed in linux kernel 5.0.10 release. With previous Ubuntu releases I was able to utilize TPM2 but now this has regressed for disco release. tpm2-tools package's github ticket describes the problem: https://github.com/tpm2-software/tpm2-tools/issues/1356 Official kernel's includes the fix: https://github.com/torvalds/linux/commit/7110629263469b4664d00b38ef80a656eddf3637#diff-694c702fe379e115a3c42d926cedf6de Could you please include the fix from 5.0.10 in forthcoming Ubuntu kernel update to fix the TPM 2.0 regression? How to reproduce ---------------- You may want to execute those commands as a root or alternative add yourself to tss group. (ubuntu's tpm2tss setup does not work so easily yet). Those commands from tpm2-tools issue can be used to test it out: $ tpm2_nvlist ERROR: GetCapability:Get NV Index list Error. TPM Error:0xa0008 ERROR: Unable to run tpm2_nvlist $ tpm2_pcrlist ERROR: GetCapability: Get PCR allocation status Error. TPM Error:0xa000a...... ERROR: Unable to run tpm2_pcrlist Both of those commands should work nicely and produce list of NV objects (nvlist) or PCR register contents (pcrlist). Latter one is probably easier to see that it works. Note: randomly some commands may progress so try them multiple times if it happens to success. More complex commands seems to have better rate to fail. This randomness is due to async nature of the problem that was fixed. What you are required to have in hardware: - TPM 2.0 chip so that: $ ls -1 /dev/tpm* /dev/tpm0 /dev/tpmrm0 Easiest is to have either laptop with integrated tpm 2.0 which is not in active use or then desktop with tpm 2.0 addon card (or integrated solution) where it is not in active use. Commands listed above can also be safely executed on TPM 2.0 enabled system without causing problems. With other commands I would be more cautious especially with TPM 2.0 enabled system if you are not familiar with TPM2 commands. What packages you need to install (may require some more): - tpm2-tools - libtss2-udev - libtss2-tcti-tabrmd0 Thanks, Vesa Jääskeläinen ProblemType: Bug DistroRelease: Ubuntu 19.04 Package: linux-image-5.0.0-17-generic 5.0.0-17.18 ProcVersionSignature: Ubuntu 5.0.0-17.18-generic 5.0.8 Uname: Linux 5.0.0-17-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.10-0ubuntu27 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC1: chaac 2503 F.... pulseaudio /dev/snd/controlC0: chaac 2503 F.... pulseaudio CurrentDesktop: ubuntu:GNOME Date: Tue Jun 18 22:52:14 2019 HibernationDevice: RESUME=UUID=1c9f002c-f771-48de-8e73-c73ee21a6410 InstallationDate: Installed on 2018-09-02 (289 days ago) InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) MachineType: System manufacturer System Product Name ProcFB: 0 EFI VGA ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.0.0-17-generic root=UUID=383abbcb-8fac-4f16-a3bd-2747d4f334cf ro quiet splash vt.handoff=1 RelatedPackageVersions: linux-restricted-modules-5.0.0-17-generic N/A linux-backports-modules-5.0.0-17-generic N/A linux-firmware 1.178.1 RfKill: SourcePackage: linux UpgradeStatus: Upgraded to disco on 2019-04-19 (60 days ago) dmi.bios.date: 12/12/2017 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 0606 dmi.board.asset.tag: Default string dmi.board.name: ROG STRIX Z370-F GAMING dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: Rev X.0x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr0606:bd12/12/2017:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnROGSTRIXZ370-FGAMING:rvrRevX.0x:cvnDefaultstring:ct3:cvrDefaultstring: dmi.product.family: To be filled by O.E.M. dmi.product.name: System Product Name dmi.product.sku: SKU dmi.product.version: System Version dmi.sys.vendor: System manufacturer ** Affects: linux (Ubuntu) Importance: Undecided Status: Confirmed ** Tags: amd64 apport-bug disco -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1833297 Title: Ubuntu 19.04's Linux kernel 5.0.0-17 has regressed TPM2 functionality Status in linux package in Ubuntu: Confirmed Bug description: Hi, With all updates installed to Ubuntu disco it is impossible to use TPM2 device on the machine. Most of the TPM2 commands seem to fail due to Linux kernel having async access problem that is fixed in linux kernel 5.0.10 release. With previous Ubuntu releases I was able to utilize TPM2 but now this has regressed for disco release. tpm2-tools package's github ticket describes the problem: https://github.com/tpm2-software/tpm2-tools/issues/1356 Official kernel's includes the fix: https://github.com/torvalds/linux/commit/7110629263469b4664d00b38ef80a656eddf3637#diff-694c702fe379e115a3c42d926cedf6de Could you please include the fix from 5.0.10 in forthcoming Ubuntu kernel update to fix the TPM 2.0 regression? How to reproduce ---------------- You may want to execute those commands as a root or alternative add yourself to tss group. (ubuntu's tpm2tss setup does not work so easily yet). Those commands from tpm2-tools issue can be used to test it out: $ tpm2_nvlist ERROR: GetCapability:Get NV Index list Error. TPM Error:0xa0008 ERROR: Unable to run tpm2_nvlist $ tpm2_pcrlist ERROR: GetCapability: Get PCR allocation status Error. TPM Error:0xa000a...... ERROR: Unable to run tpm2_pcrlist Both of those commands should work nicely and produce list of NV objects (nvlist) or PCR register contents (pcrlist). Latter one is probably easier to see that it works. Note: randomly some commands may progress so try them multiple times if it happens to success. More complex commands seems to have better rate to fail. This randomness is due to async nature of the problem that was fixed. What you are required to have in hardware: - TPM 2.0 chip so that: $ ls -1 /dev/tpm* /dev/tpm0 /dev/tpmrm0 Easiest is to have either laptop with integrated tpm 2.0 which is not in active use or then desktop with tpm 2.0 addon card (or integrated solution) where it is not in active use. Commands listed above can also be safely executed on TPM 2.0 enabled system without causing problems. With other commands I would be more cautious especially with TPM 2.0 enabled system if you are not familiar with TPM2 commands. What packages you need to install (may require some more): - tpm2-tools - libtss2-udev - libtss2-tcti-tabrmd0 Thanks, Vesa Jääskeläinen ProblemType: Bug DistroRelease: Ubuntu 19.04 Package: linux-image-5.0.0-17-generic 5.0.0-17.18 ProcVersionSignature: Ubuntu 5.0.0-17.18-generic 5.0.8 Uname: Linux 5.0.0-17-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.10-0ubuntu27 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC1: chaac 2503 F.... pulseaudio /dev/snd/controlC0: chaac 2503 F.... pulseaudio CurrentDesktop: ubuntu:GNOME Date: Tue Jun 18 22:52:14 2019 HibernationDevice: RESUME=UUID=1c9f002c-f771-48de-8e73-c73ee21a6410 InstallationDate: Installed on 2018-09-02 (289 days ago) InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) MachineType: System manufacturer System Product Name ProcFB: 0 EFI VGA ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.0.0-17-generic root=UUID=383abbcb-8fac-4f16-a3bd-2747d4f334cf ro quiet splash vt.handoff=1 RelatedPackageVersions: linux-restricted-modules-5.0.0-17-generic N/A linux-backports-modules-5.0.0-17-generic N/A linux-firmware 1.178.1 RfKill: SourcePackage: linux UpgradeStatus: Upgraded to disco on 2019-04-19 (60 days ago) dmi.bios.date: 12/12/2017 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 0606 dmi.board.asset.tag: Default string dmi.board.name: ROG STRIX Z370-F GAMING dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: Rev X.0x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr0606:bd12/12/2017:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnROGSTRIXZ370-FGAMING:rvrRevX.0x:cvnDefaultstring:ct3:cvrDefaultstring: dmi.product.family: To be filled by O.E.M. dmi.product.name: System Product Name dmi.product.sku: SKU dmi.product.version: System Version dmi.sys.vendor: System manufacturer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1833297/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
