Bug 2231734

Summary: tpm_crb regression in kernel 6.5.0
Product: [Fedora] Fedora Reporter: Carl Roth <roth>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: acaringi, adscvr, airlied, alciregi, amessina, bskeggs, hdegoede, hpa, jacoporossettij.r.6, jarod, josef, kernel-maint, lgoncalv, linville, masami256, mchehab, pb, ptalbert, scweaver, sly.midnight, steved
Target Milestone: ---Keywords: Regression
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-09-18 14:48:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Carl Roth 2023-08-13 17:19:22 UTC 
1. Please describe the problem:

This is on a Fedora Silverblue system on an HP laptop (14-dq0xxx). In its working state the system was secure-booted with the root device unlocked via TPM (systemd-cryptenroll). After a recent ostree update the TPM module will not load and systemd-cryptenroll reports "no TPM devices".

2. What is the Version-Release number of the kernel:

6.5.0-0.rc5.20230811git25aa0bebba72.40.fc40.x86_64

3. Did it work previously in Fedora? If so, what kernel version did the issue
   *first* appear?  Old kernels are available for download at
   https://koji.fedoraproject.org/koji/packageinfo?packageID=8 :

known working version
6.5.0-0.rc2.17.fc39.x86_64

4. Can you reproduce this issue? If so, please provide the steps to reproduce
   the issue below:

- boot the system
- test for TPM presence with 'systemd-cryptenroll --tpm2-device=list'

5. Does this problem occur with the latest Rawhide kernel? To install the
   Rawhide kernel, run ``sudo dnf install fedora-repos-rawhide`` followed by
   ``sudo dnf update --enablerepo=rawhide kernel``:


6. Are you running any modules that not shipped with directly Fedora's kernel?:

no

7. Please attach the kernel logs. You can get the complete kernel log
   for a boot with ``journalctl --no-hostname -k > dmesg.txt``. If the
   issue occurred on a previous boot, use the journalctl ``-b`` flag.

System information:

[root@hp-14-dq0xxx tpm]# dmidecode
...
Handle 0x0001, DMI type 1, 27 bytes
System Information
        Manufacturer: HP
        Product Name: HP Laptop 14-dq0xxx
        Version:  
        Serial Number: 5CD9482K06
        UUID: 39444335-3834-4b32-3036-364b38344435
        Wake-up Type: Reserved
        SKU Number: 8BA38UA#ABA
        Family: 103C_5335KV HP Notebook
...
Handle 0x0018, DMI type 43, 31 bytes
TPM Device
        Vendor ID: CTNI
        Specification Version: 2.0
        Firmware Revision: 403.0
        Description: INTEL
        Characteristics:
                Family configurable via platform software support
        OEM-specific Information: 0x00000000
...

[root@hp-14-dq0xxx tpm]# rpm-ostree status
State: busy
AutomaticUpdates: stage; rpm-ostreed-automatic.timer: no runs since boot
Transaction: upgrade
  Initiator: caller :1.132
Deployments:
● fedora:fedora/rawhide/x86_64/silverblue
                  Version: Rawhide.20230812.n.0 (2023-08-12T05:52:50Z)
               BaseCommit: b3333d8260208af568375b62f848502270a240bb29d6ae222037aad6d2484d74
             GPGSignature: Valid signature by 115DF9AEF857853EE8445D0A0727707EA15B79CC
          LayeredPackages: efitools gnome-tweaks guestfs-tools libvirt-daemon pam_yubico pass pesign sbsigntools virt-install
                           virt-manager virt-top virt-viewer ykclient ykpers yubico-piv-tool yubikey-manager
                           yubikey-personalization-gui
                Initramfs: --force-add tpm2-tss 

  fedora:fedora/rawhide/x86_64/silverblue
                  Version: Rawhide.20230719.n.0 (2023-07-19T06:07:43Z)
               BaseCommit: a9c89f00d1612591c822df0d3d5e1c3b0ba59c2961258b282e2e68614aefef2f
             GPGSignature: Valid signature by E8F23996F23218640CB44CBE75CF5AC418B8E74C
          LayeredPackages: efitools gnome-tweaks guestfs-tools libvirt-daemon pam_yubico pass pesign sbsigntools virt-install
                           virt-manager virt-top virt-viewer ykclient ykpers yubico-piv-tool yubikey-manager
                           yubikey-personalization-gui
                Initramfs: --force-add tpm2-tss 

Working ostree version is     Rawhide.20230719.n.0 (2023-07-19T06:07:43Z)
Non-working ostree version is Rawhide.20230812.n.0 (2023-08-12T05:52:50Z)

Here are logs from a working kernel:

[root@hp-14-dq0xxx toolbox]# dmesg | grep -i 'secure\|tpm\|trusted'
[    0.000000] Command line: BOOT_IMAGE=(hd0,gpt3)/ostree/fedora-7c178c0dcd8dd4fb117f6389a0a30b0d3eb84348fa827d7b79934f5fda7e76de/vmlinuz-6.5.0-0.rc2.17.fc39.x86_64 rd.luks.uuid=luks-aeaa0b4f-14f4-404c-a3a8-72b625280a37 rhgb quiet root=UUID=257fd0b9-8918-4a1a-97e8-47d117321e3f rootflags=subvol=root rw ostree=/ostree/boot.1/fedora/7c178c0dcd8dd4fb117f6389a0a30b0d3eb84348fa827d7b79934f5fda7e76de/0 rd.luks.options=discard,tpm2-device=auto,tpm2-pin=yes
[    0.000000] efi: ACPI 2.0=0x78477000 ACPI=0x78477000 TPMFinalLog=0x784cc000 SMBIOS=0x79b4c000 SMBIOS 3.0=0x79b4b000 MEMATTR=0x728df118 ESRT=0x74bd4e18 MOKvar=0x79b62000 RNG=0x7846e018 TPMEventLog=0x6e195018 
[    0.000000] secureboot: Secure boot enabled
[    0.000000] Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7
[    0.014307] secureboot: Secure boot enabled
[    0.014589] ACPI: TPM2 0x0000000078494810 000034 (v04 HPQOEM 864D     00000001 HP   00000000)
[    0.014706] ACPI: Reserving TPM2 table memory at [mem 0x78494810-0x78494843]
[    0.104376] Kernel command line: BOOT_IMAGE=(hd0,gpt3)/ostree/fedora-7c178c0dcd8dd4fb117f6389a0a30b0d3eb84348fa827d7b79934f5fda7e76de/vmlinuz-6.5.0-0.rc2.17.fc39.x86_64 rd.luks.uuid=luks-aeaa0b4f-14f4-404c-a3a8-72b625280a37 rhgb quiet root=UUID=257fd0b9-8918-4a1a-97e8-47d117321e3f rootflags=subvol=root rw ostree=/ostree/boot.1/fedora/7c178c0dcd8dd4fb117f6389a0a30b0d3eb84348fa827d7b79934f5fda7e76de/0 rd.luks.options=discard,tpm2-device=auto,tpm2-pin=yes
[    0.614012] Initialise system trusted keyrings
[    2.185669] Key type trusted registered
[    2.193197] integrity: Loaded X.509 cert 'HP Inc.: HP UEFI Secure Boot DB 2017: d9c01b50cfcae89d3b05345c163aa76e5dd589e7'
[    2.209108] integrity: Loaded X.509 cert 'Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42'
[    2.703367] systemd[1]: systemd 254~rc2-4.fc39 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[    3.962585] sdhci: Secure Digital Host Controller Interface driver
[   22.163179] systemd[1]: systemd 254~rc2-4.fc39 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[   24.002743] systemd[1]: systemd-pcrmachine.service - TPM2 PCR Machine ID Measurement was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f).

[root@hp-14-dq0xxx toolbox]# systemd-cryptenroll --tpm2-device=list
PATH        DEVICE      DRIVER 
/dev/tpmrm0 MSFT0101:00 tpm_crb


Here are logs from a non-working kernel:
[root@hp-14-dq0xxx toolbox]# dmesg | grep -i 'secure\|tpm\|trusted'
[    0.000000] Command line: BOOT_IMAGE=(hd0,gpt3)/ostree/fedora-9227060068e668fa57d8f9377abf696ea916ddebee1a2735fe4ddddba7c778e3/vmlinuz-6.5.0-0.rc5.20230811git25aa0bebba72.40.fc40.x86_64 rd.luks.uuid=luks-aeaa0b4f-14f4-404c-a3a8-72b625280a37 rhgb quiet root=UUID=257fd0b9-8918-4a1a-97e8-47d117321e3f rootflags=subvol=root rw ostree=/ostree/boot.0/fedora/9227060068e668fa57d8f9377abf696ea916ddebee1a2735fe4ddddba7c778e3/0 rd.luks.options=discard,tpm2-device=auto,tpm2-pin=yes
[    0.000000] efi: ACPI 2.0=0x78477000 ACPI=0x78477000 TPMFinalLog=0x784cc000 SMBIOS=0x79b4c000 SMBIOS 3.0=0x79b4b000 MEMATTR=0x728df118 ESRT=0x74bd4e18 MOKvar=0x79b62000 RNG=0x7846e018 TPMEventLog=0x6e195018 
[    0.000000] secureboot: Secure boot enabled
[    0.000000] Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7
[    0.014800] secureboot: Secure boot enabled
[    0.015102] ACPI: TPM2 0x0000000078494810 000034 (v04 HPQOEM 864D     00000001 HP   00000000)
[    0.015228] ACPI: Reserving TPM2 table memory at [mem 0x78494810-0x78494843]
[    0.104956] Kernel command line: BOOT_IMAGE=(hd0,gpt3)/ostree/fedora-9227060068e668fa57d8f9377abf696ea916ddebee1a2735fe4ddddba7c778e3/vmlinuz-6.5.0-0.rc5.20230811git25aa0bebba72.40.fc40.x86_64 rd.luks.uuid=luks-aeaa0b4f-14f4-404c-a3a8-72b625280a37 rhgb quiet root=UUID=257fd0b9-8918-4a1a-97e8-47d117321e3f rootflags=subvol=root rw ostree=/ostree/boot.0/fedora/9227060068e668fa57d8f9377abf696ea916ddebee1a2735fe4ddddba7c778e3/0 rd.luks.options=discard,tpm2-device=auto,tpm2-pin=yes
[    0.647120] Initialise system trusted keyrings
[    2.125716] tpm_crb: probe of MSFT0101:00 failed with error 378
[    2.224239] integrity: Loaded X.509 cert 'HP Inc.: HP UEFI Secure Boot DB 2017: d9c01b50cfcae89d3b05345c163aa76e5dd589e7'
[    2.240044] integrity: Loaded X.509 cert 'Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42'
[    2.240050] ima: No TPM chip found, activating TPM-bypass!
[    2.680381] systemd[1]: systemd 254.1-2.fc40 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[    3.927989] sdhci: Secure Digital Host Controller Interface driver
[   50.790432] systemd[1]: systemd 254.1-2.fc40 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[   52.649977] systemd[1]: systemd-pcrmachine.service - TPM2 PCR Machine ID Measurement was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f).

[root@hp-14-dq0xxx toolbox]# systemd-cryptenroll --tpm2-device=list
No suitable TPM2 devices found.


Reproducible: Always
Comment 1 jacoporossettij.r.6 2023-08-19 12:14:47 UTC 
This issue is also present on Fedora 38 with kernel 6.4.11-200.fc38.x86_64
Reverting back to 6.4.10 fixes the issue.

The problem seems to be related with tpm_crb.

Here are the logs of the non-working kernel:

[    0.000000] Command line: BOOT_IMAGE=(hd0,gpt2)/vmlinuz-6.4.11-200.fc38.x86_64 root=UUID=c2585b1d-9569-409a-b862-5339ef1e9b70 ro rootflags=subvol=root rd.luks.uuid=luks-62fbba82-18d9-4903-a4e6-e300bea48e3a rd.luks.options=tpm2-device=auto rhgb quiet intel_iommu=on iommu=pt rd.driver.blacklist=nouveau modprobe.blacklist=nouveau nvidia-drm.modeset=1
[    0.000000] efi: ACPI=0x70b03000 ACPI 2.0=0x70b03014 TPMFinalLog=0x70b9c000 SMBIOS=0x73ca2000 SMBIOS 3.0=0x73ca1000 MEMATTR=0x64620018 ESRT=0x6722e898 MOKvar=0x73c6a000 RNG=0x70a45018 TPMEventLog=0x64601018 
[    0.013460] ACPI: TPM2 0x0000000070A4B000 00004C (v04 MSI_NB MEGABOOK 00000001 AMI  00000000)
[    0.013483] ACPI: Reserving TPM2 table memory at [mem 0x70a4b000-0x70a4b04b]
[    0.039065] Kernel command line: BOOT_IMAGE=(hd0,gpt2)/vmlinuz-6.4.11-200.fc38.x86_64 root=UUID=c2585b1d-9569-409a-b862-5339ef1e9b70 ro rootflags=subvol=root rd.luks.uuid=luks-62fbba82-18d9-4903-a4e6-e300bea48e3a rd.luks.options=tpm2-device=auto rhgb quiet intel_iommu=on iommu=pt rd.driver.blacklist=nouveau modprobe.blacklist=nouveau nvidia-drm.modeset=1
[    1.055485] tpm_crb: probe of MSFT0101:00 failed with error 378
[    1.122348] ima: No TPM chip found, activating TPM-bypass!
[    1.423589] systemd[1]: systemd 253.7-1.fc38 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[   56.020348] systemd[1]: systemd 253.7-1.fc38 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[   56.560945] systemd[1]: systemd-pcrmachine.service - TPM2 PCR Machine ID Measurement was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f).
Comment 2 Anthony Messina 2023-08-19 15:43:22 UTC 
Same issue here with 6.4.11 on an Intel NUC

$ dmesg |grep -i tpm
[    0.000000] efi: TPMFinalLog=0x7aa17000 ACPI 2.0=0x7a234000 ACPI=0x7a234000 SMBIOS=0x7ae04000 SMBIOS 3.0=0x7ae03000 MEMATTR=0x78212018 ESRT=0x7ae00b18 MOKvar=0x7ae1e000 RNG=0x7a233018 TPMEventLog=0x69652018 
[    0.008741] ACPI: TPM2 0x000000007A26BE48 000034 (v04 INTEL  NUC7i7BN 0000005B AMI  00000000)
[    0.008764] ACPI: Reserving TPM2 table memory at [mem 0x7a26be48-0x7a26be7b]
[    0.768308] tpm_crb: probe of MSFT0101:00 failed with error 378
[    0.817857] ima: No TPM chip found, activating TPM-bypass!
[    1.252433] systemd[1]: systemd 253.7-1.fc38 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[   30.752441] systemd[1]: systemd 253.7-1.fc38 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[   31.496026] systemd[1]: systemd-pcrmachine.service - TPM2 PCR Machine ID Measurement was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f).
Comment 3 Reilly Hall 2023-08-20 02:42:41 UTC 
Same issue on a different Intel NUC as well (does not appear to be affecting my Dell laptop that appears to be making use of the tpm_tis module instead)

[    0.000000] efi: TPMFinalLog=0x6efb6000 ACPI 2.0=0x6ef3c000 ACPI=0x6ef3c000 SMBIOS=0x6fde4000 SMBIOS 3.0=0x6fde3000 ESRT=0x6fdab418 MEMATTR=0x6d0b9418 MOKvar=0x6fe12000 RNG=0x6ef3b018 TPMEventLog=0x5eaa5018 
[    0.009560] ACPI: TPM2 0x000000006EF86BC0 000034 (v04 INTEL  NUC8i7HN 00000046 AMI  00000000)
[    0.009590] ACPI: Reserving TPM2 table memory at [mem 0x6ef86bc0-0x6ef86bf3]
[    0.887961] tpm_crb: probe of MSFT0101:00 failed with error 378
[    1.020531] ima: No TPM chip found, activating TPM-bypass!
[    1.391079] systemd[1]: systemd 253.7-1.fc38 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[   16.396434] systemd[1]: systemd 253.7-1.fc38 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP -GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[   17.133216] systemd[1]: systemd-pcrmachine.service - TPM2 PCR Machine ID Measurement was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f).
Comment 4 Peter Bieringer 2023-08-22 18:37:07 UTC 
Having similar problem, but on Fedora 38

TPM is working with kernel-6.4.10-200.fc38.x86_64

TPM is broken with kernel-6.4.11-200.fc38.x86_64

dmesg shows:
[    1.154139] tpm_crb: probe of MSFT0101:00 failed with error 378

as result, no /dev/tpm* devices are existing

BIOS Information
	Vendor: American Megatrends Inc.
	Version: P1.70
	Release Date: 08/13/2021

Base Board Information
	Manufacturer: ASRock
	Product Name: J4125-ITX

TPM Device
	Vendor ID: CTNI
	Specification Version: 2.0
	Firmware Revision: 403.0
	Description: INTEL
Comment 5 Scott Weaver 2023-08-25 18:10:55 UTC 
Thanks for reporting this. This is a known issue upstream and being discussed. 

https://lore.kernel.org/stable/20230821140230.1168-1-mario.limonciello@amd.com/
https://bugzilla.kernel.org/show_bug.cgi?id=217804

I don't believe a patch has landed yet.

Scott
Comment 6 Peter Bieringer 2023-08-26 10:58:49 UTC 
issue still exists in kernel-6.4.12-200.fc38.x86_64
Comment 7 jacoporossettij.r.6 2023-09-03 08:21:24 UTC 
issue persists in kernel 6.4.13-200.fc38.x86_64
Comment 8 Scott Weaver 2023-09-07 02:34:49 UTC 
I believe the patch is now in the most recent rawhide, Fedora 6.4.15 and Fedora 6.5.2 kernel builds.
Comment 9 Carl Roth 2023-09-07 15:17:49 UTC 
Verified that this works (at the kernel level) in latest Silverblue (rawhide)

roth@ce-link-94-c8-d5:~$ uname -r
6.6.0-0.rc0.20230906git65d6e954e378.8.fc40.x86_64

roth@ce-link-94-c8-d5:~$ rpm-ostree status
State: idle
AutomaticUpdates: stage; rpm-ostreed-automatic.timer: no runs since boot
Deployments:
● fedora:fedora/rawhide/x86_64/silverblue
                  Version: Rawhide.20230907.n.0 (2023-09-07T05:52:19Z)
               BaseCommit: df94f7797ba31c5e147a42ce5fbf5887ab0b51e92f29fd6bbbbb68406d2cd9da
             GPGSignature: Valid signature by 115DF9AEF857853EE8445D0A0727707EA15B79CC
          LayeredPackages: efitools gnome-tweaks guestfs-tools libvirt-daemon pam_yubico pesign sbsigntools virt-install
                           virt-manager virt-top virt-viewer ykclient ykpers yubico-piv-tool yubikey-manager
                           yubikey-personalization-gui
                Initramfs: --force-add tpm2-tss 

oth@ce-link-94-c8-d5:~$ dmesg | grep -i 'secure\|tpm'
[    0.000000] Command line: BOOT_IMAGE=(hd0,gpt3)/ostree/fedora-a404504c269260a0539db946a176355f81aaed1302d1e64ca57af2e1c1b4d111/vmlinuz-6.6.0-0.rc0.20230906git65d6e954e378.8.fc40.x86_64 rd.luks.uuid=luks-aeaa0b4f-14f4-404c-a3a8-72b625280a37 rhgb quiet root=UUID=257fd0b9-8918-4a1a-97e8-47d117321e3f rootflags=subvol=root rw ostree=/ostree/boot.0/fedora/a404504c269260a0539db946a176355f81aaed1302d1e64ca57af2e1c1b4d111/0 rd.luks.options=discard,tpm2-device=auto,tpm2-pin=yes
[    0.000000] efi: ACPI 2.0=0x78477000 ACPI=0x78477000 TPMFinalLog=0x784cc000 SMBIOS=0x79b4c000 SMBIOS 3.0=0x79b4b000 MEMATTR=0x728e3218 ESRT=0x74bd4e98 MOKvar=0x79b62000 RNG=0x7846e018 TPMEventLog=0x6de27018 
[    0.000000] secureboot: Secure boot enabled
[    0.000000] Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7
[    0.013790] secureboot: Secure boot enabled
[    0.014049] ACPI: TPM2 0x0000000078494810 000034 (v04 HPQOEM 864D     00000001 HP   00000000)
[    0.014165] ACPI: Reserving TPM2 table memory at [mem 0x78494810-0x78494843]

roth@ce-link-94-c8-d5:~$ cat /sys/class/tpm/tpm0/tpm_version_major 
2

systemd-cryptenroll still thinks there is no TPM device but the kernel appears OK

roth@ce-link-94-c8-d5:~$ systemd-cryptenroll --tpm2-device=list
No suitable TPM2 devices found.
Comment 10 Carl Roth 2023-09-07 16:31:05 UTC 
Not sure if the systemd-cryptenroll regression is different or the same bug, but filed https://bugzilla.redhat.com/show_bug.cgi?id=2237908 just in case.
Comment 11 Carl Roth 2023-09-07 17:34:31 UTC 
OK this looks like a kernel bug still. See https://bugzilla.redhat.com/show_bug.cgi?id=2237908 and the notes related to "/sys/class/tpmrm" vs "/sys/class/tmprm"
Comment 12 Carl Roth 2023-09-07 18:19:06 UTC 
typo appears to be in

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d2e8071bed0befa3304acb01edd4a228d81fc4d2
Comment 13 Scott Weaver 2023-09-11 14:33:32 UTC 
A fix has been submitted upstream: https://lore.kernel.org/all/20230908140629.2930150-1-jforbes@fedoraproject.org/
Comment 14 jacoporossettij.r.6 2023-09-14 08:02:56 UTC 
Bug seems to have been fixed on kernel 6.4.15-200.fc38.x86_64
Comment 15 Scott Weaver 2023-09-14 17:35:49 UTC 
The fix for the /sys/class/tpmrm typo should be fixed in today's rawhide kernel build.
kernel-6.6.0-0.rc1.20230914gitaed8aee11130.16.fc40