Bug 1782546
Summary: | No support for TPM1.2 devices | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Scott Dodson <sdodson> |
Component: | RHCOS | Assignee: | Colin Walters <walters> |
Status: | CLOSED ERRATA | QA Contact: | Michael Nguyen <mnguyen> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.3.0 | CC: | bbreard, chris.liles, dsanzmor, dustymabe, imcleod, jligon, miabbott, mifiedle, mnguyen, nstielau, pehunt, sdodson, walters |
Target Milestone: | --- | Keywords: | TestBlocker |
Target Release: | 4.3.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1775388 | Environment: | |
Last Closed: | 2020-01-23 11:18:55 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1775388 | ||
Bug Blocks: | 1773108, 1776011 |
Description
Scott Dodson
2019-12-11 20:09:46 UTC
*** Bug 1776011 has been marked as a duplicate of this bug. *** Marking as test blocker for bare metal installs based on latest comments in https://bugzilla.redhat.com/show_bug.cgi?id=1776011 Verified on 43.81.201912201253.0. Successfully booted RHCOS using swtpm TPM1.2. The disk is not encrypted as expected. Red Hat Enterprise Linux CoreOS 43.81.201912201253.0 Part of OpenShift 4.3, RHCOS is a Kubernetes native operating system managed by the Machine Config Operator (`clusteroperator/machine-config`). WARNING: Direct SSH access to machines is not recommended; instead, make configuration changes via `machineconfig` objects: https://docs.openshift.com/container-platform/4.3/architecture/architecture-rhcos.l --- [core@ibm-p8-kvm-03-guest-02 ~]$ journalctl --list-boots -1 b7161a5b5ee64aa2a3371c5652b656e5 Fri 2019-12-20 21:03:21 UTC—Fri 2019-12-20 > 0 7188b245b2c8464091ad13b5e9454ee3 Fri 2019-12-20 21:10:36 UTC—Fri 2019-12-20 > [core@ibm-p8-kvm-03-guest-02 ~]$ journalctl -b 0 | grep -i tpm Dec 20 21:10:36 localhost kernel: tpm_tis 00:05: 1.2 TPM (device-id 0x1, rev-id 1) [core@ibm-p8-kvm-03-guest-02 ~]$ journalctl -b -1 | grep -i tpm Dec 20 21:03:21 localhost kernel: tpm_tis 00:05: 1.2 TPM (device-id 0x1, rev-id 1) /luks_root 8-kvm-03-guest-02 ~]$ sudo cryptsetup luksDump /dev/disk/by-partlabel/ LUKS header information Version: 2 Epoch: 5 Metadata area: 16384 [bytes] Keyslots area: 16744448 [bytes] UUID: 00000000-0000-4000-a000-000000000002 Label: crypt_rootfs Subsystem: (no subsystem) Flags: (no flags) Data segments: 0: crypt offset: 16777216 [bytes] length: (whole device) cipher: cipher_null-ecb sector: 512 [bytes] Keyslots: 0: luks2 Key: 256 bits Priority: normal Cipher: cipher_null-ecb Cipher key: 256 bits PBKDF: argon2i Time cost: 4 Memory: 524288 Threads: 1 Salt: ca 47 41 ce 4a ea 6c 4d 5e c2 f9 38 6b b4 9e 9a da 91 5c b8 9a 48 ce 34 40 fd 12 b6 f4 87 a9 1b AF stripes: 4000 AF hash: sha256 Area offset:32768 [bytes] Area length:131072 [bytes] Digest ID: 0 Tokens: 9: coreos Keyslot: 0 Digests: 0: pbkdf2 Hash: sha256 Iterations: 233639 Salt: 83 41 bf 8e d1 24 0e ec 87 06 8e fd d6 8f 28 90 fe 37 20 92 35 98 97 74 7e 2c c1 5e 05 b4 97 88 Digest: 83 58 c7 e3 25 bd 08 48 3d fa f0 0c 66 76 2b 30 f4 36 3e 25 dd f0 cf 03 c7 61 1e 87 a0 34 2f 86 [core@ibm-p8-kvm-03-guest-02 ~]$ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sr0 11:0 1 1024M 0 rom vda 252:0 0 16G 0 disk |-vda1 252:1 0 384M 0 part /boot |-vda2 252:2 0 127M 0 part /boot/efi |-vda3 252:3 0 1M 0 part `-vda4 252:4 0 15.5G 0 part `-coreos-luks-root-nocrypt 253:0 0 15.5G 0 dm /sysroot [core@ibm-p8-kvm-03-guest-02 ~]$ [core@ibm-p8-kvm-03-guest-02 ~]$ rpm-ostree status State: idle AutomaticUpdates: disabled Deployments: * ostree://55dd68051ff5ba92436b6e5c79bb2d1c9abcf8ca34c0409cbf67fad9290dea5c Version: 43.81.201912201253.0 (2019-12-20T12:58:42Z) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0062 |