Created attachment 1633223 [details] $ journalctl -u tpm2-abrmd.service -b Description of problem: Nov 06 01:20:43 localhost.localdomain systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon... Nov 06 01:20:43 localhost.localdomain tpm2-abrmd[3026]: ERROR:tcti:src/tss2-tcti/tcti-device.c:439:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: No such file or directory Nov 06 01:20:43 localhost.localdomain tpm2-abrmd[3026]: failed to initialize device TCTI context: 0xa000a Nov 06 01:20:43 localhost.localdomain tpm2-abrmd[3026]: init_thread_func: failed to create TCTI with name "libtss2-tcti-device.so.0" and conf "(null)" Nov 06 01:20:43 localhost.localdomain tpm2-abrmd[3026]: g_bus_unown_name: assertion 'owner_id > 0' failed Nov 06 01:20:43 localhost.localdomain systemd[1]: tpm2-abrmd.service: Main process exited, code=exited, status=1/FAILURE Nov 06 01:20:43 localhost.localdomain systemd[1]: tpm2-abrmd.service: Failed with result 'exit-code'. Nov 06 01:20:43 localhost.localdomain systemd[1]: Failed to start TPM2 Access Broker and Resource Management Daemon. Nov 06 01:20:48 localhost.localdomain systemd[1]: tpm2-abrmd.service: Service RestartSec=5s expired, scheduling restart. Nov 06 01:20:48 localhost.localdomain systemd[1]: tpm2-abrmd.service: Scheduled restart job, restart counter is at 1. Nov 06 01:20:49 localhost.localdomain systemd[1]: Stopped TPM2 Access Broker and Resource Management Daemon. Version-Release number of selected component (if applicable): $ rpm -q tpm2-abrmd tpm2-abrmd-2.2.0-2.fc31.x86_64 How reproducible: Always.
According to this line, it seems there's no tpm device available on your machine: ERROR:tcti:src/tss2-tcti/tcti-device.c:439:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: No such file or directory You will need a working /dev/tpm* device(either discrete hardware TPM module on board, or a firmware simulated one like PTT on Intel platforms) before using tpm2-abrmd. Refer to: https://github.com/tpm2-software/tpm2-abrmd/issues/642
Yes on my machine no tpm device. But why this service try starting every five seconds? I did not change default distribution settings. $ systemctl status tpm2-abrmd.service ● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon Loaded: loaded (/usr/lib/systemd/system/tpm2-abrmd.service; disabled; vendor preset: disabled) Active: activating (auto-restart) (Result: exit-code) since Wed 2019-11-06 14:41:37 +05; 305ms ago Process: 111094 ExecStart=/usr/sbin/tpm2-abrmd (code=exited, status=1/FAILURE) Main PID: 111094 (code=exited, status=1/FAILURE) CPU: 6ms
Adding tpm2-abrmd maintainer Philip. @Philip, would you be able to help clarifying? Or maybe it's a valid issue to be addressed? Thank you.
I'm seeing this on Fedora 31 with tpm2-abrmd-2.2.0-2.fc31.x86_64, which is installed by default on Fedora Workstation 31. If tpm2-abrmd expects to find a TPM2, and can't silence itself after some reasonable number of attempts or time frame, then it needs to be removed from the default package set.
I wonder if this is related to bug 1776030 and/or bug 1776030, because I see references: 'failed to allocate dbus proxy object: Error calling StartServiceByName for com.intel.tss2.Tabrmd: Timeout was reached' $ dmesg | grep -i tpm [ 0.000000] efi: SMBIOS=0x3a57a000 ESRT=0x3a57d718 ACPI 2.0=0x3affe014 PROP=0x229ce278 TPMEventLog=0x22728018 [ 0.017799] ACPI: TPM2 0x000000003AFF9000 000034 (v03 HPQOEM INSYDE 00000000 HP 00040000) [ 1.002049] tpm_crb MSFT0101:00: can't request region for resource [mem 0x3af5b000-0x3af5b02f] [ 1.002052] tpm_crb: probe of MSFT0101:00 failed with error -16 [ 1.121088] ima: No TPM chip found, activating TPM-bypass!
This seems to have been fixed upstream: https://github.com/tpm2-software/tpm2-abrmd/pull/669/ I've updated the tpm2-abrmd package to 2.3.0, cherry-picked the commits from that pull-request and did the following scratch build for you to test: https://koji.fedoraproject.org/koji/taskinfo?taskID=39422034
I'm working on a few other related bug fixes. Should have a 2.3.1 bugfix in RC before the holiday.
> https://koji.fedoraproject.org/koji/taskinfo?taskID=39422034 This does fix the journal spamming; although the unit does still fail, which for a default package is a release criterion violation. I'm not sure why it started failing only after F31 release though; it's as if it's being poked differently by fwupd? fwupd has been updated since release. And oops on comment 5, the other possibly related bug is bug 1731758.
> > This does fix the journal spamming; although the unit does still fail, which Yes, even with the upstream fix the service will still fail to start, it just will avoid the retry. That's why I suggested in https://github.com/tpm2-software/tpm2-abrmd/pull/669/#issuecomment-561111842 that we should add a ConditionPathExistsGlob=/dev/tpm* option to the [Unit] section.
(In reply to Chris Murphy from comment #5) [snip] > > $ dmesg | grep -i tpm > [ 0.000000] efi: SMBIOS=0x3a57a000 ESRT=0x3a57d718 ACPI 2.0=0x3affe014 > PROP=0x229ce278 TPMEventLog=0x22728018 > [ 0.017799] ACPI: TPM2 0x000000003AFF9000 000034 (v03 HPQOEM INSYDE > 00000000 HP 00040000) > [ 1.002049] tpm_crb MSFT0101:00: can't request region for resource [mem > 0x3af5b000-0x3af5b02f] > [ 1.002052] tpm_crb: probe of MSFT0101:00 failed with error -16 This seems to be an issue with the TPM driver that fails to probe, which leads to the TPM character device not being present. But I would file a separate bug for this kernel bug.
Yep. Filed that in 2016. https://bugzilla.kernel.org/show_bug.cgi?id=185631 Also posted to linux-integrity@ https://www.spinics.net/lists/linux-integrity/msg04971.html At least as it relates to Fedora Workstation, I'd say any use of the TPM by Fedora without express use permission must be completely safe in a dual boot context as there's every reason to believe it's "in use" by Windows. I have no idea if a TPM can be shared or in what conditions it can't be.
Noticed Javier's fixes for this issue has been merged upstream since 2.3.1-rc0(https://github.com/tpm2-software/tpm2-abrmd/pull/676). With that suppose both issues(the daemon startup failure when no tpm device available, and the loopless restart) could be fixed.
(In reply to Yunying Sun from comment #12) > Noticed Javier's fixes for this issue has been merged upstream since > 2.3.1-rc0(https://github.com/tpm2-software/tpm2-abrmd/pull/676). > With that suppose both issues(the daemon startup failure when no tpm device > available, and the loopless restart) could be fixed. Yes, I think that those fixes should address this bugzilla and even bugs like #1788558 since the daemon won't enter a restart loop anymore.
I just backported the fix and rebuild the package. New RPMs are available at: https://koji.fedoraproject.org/koji/taskinfo?taskID=40468842 Please help to try it out, and update here whether it fixes the issue or not. Thanks.
Updated 2.2.0-4 RPM available at: https://koji.fedoraproject.org/koji/buildinfo?buildID=1428972 This issue is supposed to be fixed. Please help to verify. Thanks. If all issues fixed, adding Karma +1 could speed up the updated RPM available for F31: https://bodhi.fedoraproject.org/updates/FEDORA-2020-fbf5351fe3
I am still seeing it at Tue 14 Jan 2020 03:26:27 PM UTC
tpm2-abrmd-2.2.0-4.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-fbf5351fe3
tpm2-abrmd-2.2.0-4.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.
tpm2-abrmd-2.2.0-4 is now availalbe for F31. If the issue gets fixed, is it to close this ticket?