Description of problem: ------------------------ In Fedora 28 Workstation, the GRUB loader is buggy. After booting in Windows, there is a "TPM Error 2" when booting Fedora, and then system hangs. Version-Release number of selected component (if applicable): Fedora 28 Workstation X86_64 How reproducible: SOLID Steps to Reproduce: 1. Install Fedora 28 x86_64, with a Windows 10 Partition 2. Boot Fedora : it works, boots normally 3. Boot Windows 10: it works, boots normally, but modify TPM register 4. Boot Fedora : it fails with "TPM Error 2"... and hangs! Actual results: Need to reset the BIOS, clear the TPM to be able to boot again ! Expected results: Additional info: ----------------- 1) Matt Garrett documented this issue one year ago, as : https://bugzilla.redhat.com/attachment.cgi?id=1160008&action=diff 2) A nice workaround may be to use an older, Fedora 17 set of packages for Grub, but dependencies problems are complex... 3) Grub-customizer does not work, but the grub-customizer package from Fedora 27, seems to work juts fine : a simple workaround...
I have the same issue with my laptop and fedora. Its an HP Zbook 17 G1. It hangs on grub with "TPM Error 2". On my case that's coming from another linux distro, not coming from Windows. I had to switch to Ubuntu because of this. On dmesg i have this regarding TPM (This is from ubuntu since i cant use fedora anymore) tpm_tis 00:01: 1.2 TPM (device-id 0xB, rev-id 16) It worked fine with fedora 27. The problem came after fedora 28.
*** Bug 1582811 has been marked as a duplicate of this bug. ***
A similar problem on a few years old HP Elitebook 2540p (running in BIOS mode): 1. On cold boot, the grub screen shows up, but the keyboard is unresponsive and the countdown to boot doesn't decrease. It I press 20 or so random keys, I hear the "beep" emitted by the BIOS when the keyboard input buffer is full. 2. If I press CTRL-ALT-DEL, the system reboots and shows "error: TPM error 2, disabling TPM". This was with grub2-pc-2.02-34.fc28.x86_64. I've also tried the rawhide version (grub2-pc-2.02-37.fc29), and I have the same symptoms. I then disabled the TPM in the BIOS and grub2 started working. I finally reenabled the TPM, reset it to the factory state and cleared all the credentials (I only use Linux, and only have the TPM enabled for the TPM RNG, so the TPM didn't hold any data). And after that grub2 seems to be happy. Further data point, this laptop was running F27 before and never had any grub issues.
Correction: on this system (HP Elitebook 2540p), grub2 will only work correctly if the TPM is disabled in the BIOS. Otherwise it hangs as described in comment 3.
I've experienced the same issue with two older HP laptops that I've re-installed with F28 recently. Namely, HP EliteBook 8560p and HP EliteBook 8530p. The symptoms were as described by Philippe: (In reply to Philippe Troin from comment #3) > 1. On cold boot, the grub screen shows up, but the keyboard is unresponsive > and the countdown to boot doesn't decrease. It I press 20 or so random > keys, I hear the "beep" emitted by the BIOS when the keyboard input buffer > is full. > 2. If I press CTRL-ALT-DEL, the system reboots and shows "error: TPM error > 2, disabling TPM". > Further data point, this laptop was running F27 before and never had any > grub issues. Likewise, both systems were running F27 before and never had any GRUB issues. Completely disabling the TPM in the BIOS fixed the issue on both laptops. Clearly, this is a major regression on (at least) older HP EliteBook laptops. I'm afraid a large number of Fedora users might not be on the level of finding these kind of bug reports and applying the work-arounds described in them to start using their laptops again.
Met the same issue with EliteBook 2570p with Fedora 29 Beta.
My reasonably modern elitebook 840 g2 has the same problem. After a fresh F28 install I needed to disable the TPM, otherwise I was getting "TPM error 2. Disabling TPM" in GRUB. Interestingly, on the same machine, after updating an existing installation of F27 to 28, I did not have the issue.
I hit the same issue on a HP ProBook 450G2. By default, the TPM is enabled in the bios and locked meaning by default you cannot disable it. I was unable to boot my fresh FC29 install. After some search, I found that TPM can be enabled once the bios password is set. I was then able to disable TPM and disabled the password after that. The system boots now normally. Looks like many HP systems are hit by this bug. I would be cool to have a fix for it.
This behavior is a downstream patch made by CoreOS. It would be cool to have authors & support taking care of it. Having computers that stalls at bootloader time sucks a lot.
Error 2 is TCG_PC_LOGOVERFLOW aka "there is insufficient memory to create the log entry". Extracted from https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCSpecificSpecification_v1_1.pdf While reading the TrustedGrub implementation, EAX is not read and so such error isn't fatal.
I really wonder if a TCG_PC_LOGOVERFLOW should be that fatal
There was a PR on this topic in trusted grub : https://github.com/Rohde-Schwarz-Cybersecurity/TrustedGRUB2/pull/55
(In reply to Erwan Velu from comment #12) > There was a PR on this topic in trusted grub : > https://github.com/Rohde-Schwarz-Cybersecurity/TrustedGRUB2/pull/55 The TGRUB_NOEVENTLOG approach they have is surely what we need here.
This message is a reminder that Fedora 28 is nearing its end of life. On 2019-May-28 Fedora will stop maintaining and issuing updates for Fedora 28. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '28'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 28 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Following up with comment 3: For the record, Fedora 30 has no issues booting with TPM enabled. This issue seems to be fixed for me.
Fedora 28 changed to end-of-life (EOL) status on 2019-05-28. Fedora 28 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.