Bug 1769215 - tpm2-abrmd[3026]: ERROR:tcti:src/tss2-tcti/tcti-device.c:439:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: No such file or directory
Summary: tpm2-abrmd[3026]: ERROR:tcti:src/tss2-tcti/tcti-device.c:439:Tss2_Tcti_Device...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: tpm2-abrmd
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Yunying Sun
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-11-06 07:59 UTC by Mikhail
Modified: 2020-02-03 10:48 UTC (History)
11 users (show)

Fixed In Version: tpm2-abrmd-2.2.0-4.fc31
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-01-18 20:54:14 UTC
Type: Bug


Attachments (Terms of Use)
$ journalctl -u tpm2-abrmd.service -b (10.10 MB, text/plain)
2019-11-06 07:59 UTC, Mikhail
no flags Details

Description Mikhail 2019-11-06 07:59:03 UTC
Created attachment 1633223 [details]
$ journalctl -u tpm2-abrmd.service -b

Description of problem:

Nov 06 01:20:43 localhost.localdomain systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon...
Nov 06 01:20:43 localhost.localdomain tpm2-abrmd[3026]: ERROR:tcti:src/tss2-tcti/tcti-device.c:439:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: No such file or directory
Nov 06 01:20:43 localhost.localdomain tpm2-abrmd[3026]: failed to initialize device TCTI context: 0xa000a
Nov 06 01:20:43 localhost.localdomain tpm2-abrmd[3026]: init_thread_func: failed to create TCTI with name "libtss2-tcti-device.so.0" and conf "(null)"
Nov 06 01:20:43 localhost.localdomain tpm2-abrmd[3026]: g_bus_unown_name: assertion 'owner_id > 0' failed
Nov 06 01:20:43 localhost.localdomain systemd[1]: tpm2-abrmd.service: Main process exited, code=exited, status=1/FAILURE
Nov 06 01:20:43 localhost.localdomain systemd[1]: tpm2-abrmd.service: Failed with result 'exit-code'.
Nov 06 01:20:43 localhost.localdomain systemd[1]: Failed to start TPM2 Access Broker and Resource Management Daemon.
Nov 06 01:20:48 localhost.localdomain systemd[1]: tpm2-abrmd.service: Service RestartSec=5s expired, scheduling restart.
Nov 06 01:20:48 localhost.localdomain systemd[1]: tpm2-abrmd.service: Scheduled restart job, restart counter is at 1.
Nov 06 01:20:49 localhost.localdomain systemd[1]: Stopped TPM2 Access Broker and Resource Management Daemon.



Version-Release number of selected component (if applicable):
$ rpm -q tpm2-abrmd
tpm2-abrmd-2.2.0-2.fc31.x86_64


How reproducible:
Always.

Comment 1 Yunying Sun 2019-11-06 09:08:32 UTC
According to this line, it seems there's no tpm device available on your machine:
ERROR:tcti:src/tss2-tcti/tcti-device.c:439:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: No such file or directory

You will need a working /dev/tpm* device(either discrete hardware TPM module on board, or a firmware simulated one like PTT on Intel platforms) before using tpm2-abrmd.

Refer to: https://github.com/tpm2-software/tpm2-abrmd/issues/642

Comment 2 Mikhail 2019-11-06 09:44:48 UTC
Yes on my machine no tpm device.
But why this service try starting every five seconds?
I did not change default distribution settings.


$ systemctl status tpm2-abrmd.service
● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
   Loaded: loaded (/usr/lib/systemd/system/tpm2-abrmd.service; disabled; vendor preset: disabled)
   Active: activating (auto-restart) (Result: exit-code) since Wed 2019-11-06 14:41:37 +05; 305ms ago
  Process: 111094 ExecStart=/usr/sbin/tpm2-abrmd (code=exited, status=1/FAILURE)
 Main PID: 111094 (code=exited, status=1/FAILURE)
      CPU: 6ms

Comment 3 Yunying Sun 2019-11-28 05:15:12 UTC
Adding tpm2-abrmd maintainer Philip. 
@Philip, would you be able to help clarifying? Or maybe it's a valid issue to be addressed? Thank you.

Comment 4 Chris Murphy 2019-12-03 05:26:53 UTC
I'm seeing this on Fedora 31 with tpm2-abrmd-2.2.0-2.fc31.x86_64, which is installed by default on Fedora Workstation 31. If tpm2-abrmd expects to find a TPM2, and can't silence itself after some reasonable number of attempts or time frame, then it needs to be removed from the default package set.

Comment 5 Chris Murphy 2019-12-03 06:37:59 UTC
I wonder if this is related to bug 1776030 and/or bug 1776030, because I see references:

'failed to allocate dbus proxy object: Error calling StartServiceByName for com.intel.tss2.Tabrmd: Timeout was reached'

$ dmesg | grep -i tpm
[    0.000000] efi:  SMBIOS=0x3a57a000  ESRT=0x3a57d718  ACPI 2.0=0x3affe014  PROP=0x229ce278  TPMEventLog=0x22728018 
[    0.017799] ACPI: TPM2 0x000000003AFF9000 000034 (v03 HPQOEM INSYDE   00000000 HP   00040000)
[    1.002049] tpm_crb MSFT0101:00: can't request region for resource [mem 0x3af5b000-0x3af5b02f]
[    1.002052] tpm_crb: probe of MSFT0101:00 failed with error -16
[    1.121088] ima: No TPM chip found, activating TPM-bypass!

Comment 6 Javier Martinez Canillas 2019-12-03 11:52:42 UTC
This seems to have been fixed upstream:

https://github.com/tpm2-software/tpm2-abrmd/pull/669/

I've updated the tpm2-abrmd package to 2.3.0, cherry-picked the commits from that pull-request and did the following scratch build for you to test:

https://koji.fedoraproject.org/koji/taskinfo?taskID=39422034

Comment 7 Philip Tricca 2019-12-03 15:52:45 UTC
I'm working on a few other related bug fixes. Should have a 2.3.1 bugfix in RC before the holiday.

Comment 8 Chris Murphy 2019-12-03 19:07:55 UTC
> https://koji.fedoraproject.org/koji/taskinfo?taskID=39422034

This does fix the journal spamming; although the unit does still fail, which for a default package is a release criterion violation. I'm not sure why it started failing only after F31 release though; it's as if it's being poked differently by fwupd? fwupd has been updated since release.

And oops on comment 5, the other possibly related bug is bug 1731758.

Comment 9 Javier Martinez Canillas 2019-12-03 23:29:47 UTC
> 
> This does fix the journal spamming; although the unit does still fail, which

Yes, even with the upstream fix the service will still fail to start, it just will avoid the retry. That's why I suggested in https://github.com/tpm2-software/tpm2-abrmd/pull/669/#issuecomment-561111842 that we should add a ConditionPathExistsGlob=/dev/tpm* option to the [Unit] section.

Comment 10 Javier Martinez Canillas 2019-12-03 23:31:55 UTC
(In reply to Chris Murphy from comment #5)

[snip]

> 
> $ dmesg | grep -i tpm
> [    0.000000] efi:  SMBIOS=0x3a57a000  ESRT=0x3a57d718  ACPI 2.0=0x3affe014
> PROP=0x229ce278  TPMEventLog=0x22728018 
> [    0.017799] ACPI: TPM2 0x000000003AFF9000 000034 (v03 HPQOEM INSYDE  
> 00000000 HP   00040000)
> [    1.002049] tpm_crb MSFT0101:00: can't request region for resource [mem
> 0x3af5b000-0x3af5b02f]
> [    1.002052] tpm_crb: probe of MSFT0101:00 failed with error -16

This seems to be an issue with the TPM driver that fails to probe, which leads to the TPM character device not being present.

But I would file a separate bug for this kernel bug.

Comment 11 Chris Murphy 2019-12-04 01:53:49 UTC
Yep. Filed that in 2016.
https://bugzilla.kernel.org/show_bug.cgi?id=185631

Also posted to linux-integrity@
https://www.spinics.net/lists/linux-integrity/msg04971.html

At least as it relates to Fedora Workstation, I'd say any use of the TPM by Fedora without express use permission must be completely safe in a dual boot context as there's every reason to believe it's "in use" by Windows. I have no idea if a TPM can be shared or in what conditions it can't be.

Comment 12 Yunying Sun 2020-01-08 05:12:26 UTC
Noticed Javier's fixes for this issue has been merged upstream since 2.3.1-rc0(https://github.com/tpm2-software/tpm2-abrmd/pull/676).
With that suppose both issues(the daemon startup failure when no tpm device available, and the loopless restart) could be fixed.

Comment 13 Javier Martinez Canillas 2020-01-08 10:45:17 UTC
(In reply to Yunying Sun from comment #12)
> Noticed Javier's fixes for this issue has been merged upstream since
> 2.3.1-rc0(https://github.com/tpm2-software/tpm2-abrmd/pull/676).
> With that suppose both issues(the daemon startup failure when no tpm device
> available, and the loopless restart) could be fixed.

Yes, I think that those fixes should address this bugzilla and even bugs like #1788558 since the daemon won't enter a restart loop anymore.

Comment 14 Yunying Sun 2020-01-13 09:58:49 UTC
I just backported the fix and rebuild the package. New RPMs are available at:
https://koji.fedoraproject.org/koji/taskinfo?taskID=40468842

Please help to try it out, and update here whether it fixes the issue or not. Thanks.

Comment 15 Yunying Sun 2020-01-14 06:09:34 UTC
Updated 2.2.0-4 RPM available at:
https://koji.fedoraproject.org/koji/buildinfo?buildID=1428972
This issue is supposed to be fixed. Please help to verify. Thanks.

If all issues fixed, adding Karma +1 could speed up the updated RPM available for F31:
https://bodhi.fedoraproject.org/updates/FEDORA-2020-fbf5351fe3

Comment 16 Al Pacifico 2020-01-14 15:26:42 UTC
I am still seeing it at Tue 14 Jan 2020 03:26:27 PM UTC

Comment 17 Fedora Update System 2020-01-16 19:50:53 UTC
tpm2-abrmd-2.2.0-4.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-fbf5351fe3

Comment 18 Fedora Update System 2020-01-18 20:54:14 UTC
tpm2-abrmd-2.2.0-4.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

Comment 19 Yunying Sun 2020-02-03 10:48:50 UTC
tpm2-abrmd-2.2.0-4 is now availalbe for F31. If the issue gets fixed, is it to close this ticket?


Note You need to log in before you can comment on or make changes to this bug.