Description of problem: In Fedora 31, Grub2 measures the Kernel, Kernel Command Line, and the Initramfs in the TPM PCRs 8 and 9. In Fedora 32, this measurements are not there. Version-Release number of selected component (if applicable): [test@fedora-server-32 attestation]$ rpm -qa grub* kernel* | sort grub2-common-2.04-16.fc32.noarch grub2-efi-x64-2.04-16.fc32.x86_64 grub2-tools-2.04-16.fc32.x86_64 grub2-tools-efi-2.04-16.fc32.x86_64 grub2-tools-extra-2.04-16.fc32.x86_64 grub2-tools-minimal-2.04-16.fc32.x86_64 grubby-8.40-40.fc32.x86_64 kernel-5.6.12-300.fc32.x86_64 kernel-5.6.6-300.fc32.x86_64 kernel-core-5.6.12-300.fc32.x86_64 kernel-core-5.6.6-300.fc32.x86_64 kernel-modules-5.6.12-300.fc32.x86_64 kernel-modules-5.6.6-300.fc32.x86_64 kernel-tools-5.6.7-300.fc32.x86_64 kernel-tools-libs-5.6.7-300.fc32.x86_64 How reproducible: Install Fedora 32, and use tpm2-tools commands to get the PCR states Steps to Reproduce: 1. tpm2_pcrread 2. Inspect the PCR 8 and 9 Actual results: PCRs 8 and 9 are empty [test@fedora-server-32 attestation]$ tpm2_pcrread sha1: 0 : 0x7C59F01D96DAECF87F114A5682EEF89BC2CE9F40 1 : 0x446291AEEAA190DE212415F5B05C69B20FF8EB64 2 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 3 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 4 : 0x09E8FA10955C386E96FB817393F79C750F323F24 5 : 0xA0CAE707F89FF91A958427A4B571632F46C0D11F 6 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 7 : 0x253B0B5E3613566DEED618F7BB81F22D8346CFC2 8 : 0x0000000000000000000000000000000000000000 9 : 0x0000000000000000000000000000000000000000 10: 0xDD423541294B2518D15FEF4877ABF96CC22C949C 11: 0x0000000000000000000000000000000000000000 12: 0x0000000000000000000000000000000000000000 13: 0x0000000000000000000000000000000000000000 14: 0x0000000000000000000000000000000000000000 15: 0x0000000000000000000000000000000000000000 16: 0x0000000000000000000000000000000000000000 17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 23: 0x0000000000000000000000000000000000000000 Expected results: PCRs 8 and 9 should be populated with the Kernel and Initramfs associated measurements Additional info:
The /sys/kernel/security/tpm0/binary_bios_measurements file does not show any logs for PCR 8 and 9
Created attachment 1689132 [details] [PATCH] tpm: Don't propagate TPM measurement errors to the verifiers layer Thanks for reporting this. When the grub2 package was rebased to 2.04, the Fedora downstream tpm patches were dropped since upstream now has tpm measurement support in a new tpm module that uses the verifiers framework hooks. And we forgot to build this new tpm module in the EFI binary, I'll update the package to do this. One side effect of using the verifiers framework though is that if the measurements fail, GRUB won't be able to open the files since the errors from the tpm module are propagated to the verifiers framework. This means that a firmware with a buggy tpm support will prevent the machine to boot, which was not the case with the downstream patches we used to carry. I will also include the attached patch, to make the measurements errors non-fatal and allow the system to boot even if these fail. I've now tested the tpm support when the module is built-in and it works correctly, I see that PCR 8 and 9 contain hashes for all banks and replaying the event log digests matches all the PCR values (modulo PCR 10 that is used by IMA and so extended by the kernel after the final event log has been read). $ tpm2_pcrread sha1: 0 : 0xFD86F66C962477BE205B45B8AF0454C4BCE49C54 1 : 0xE2EA6486EEFCBE87BEA6637F30C58DFEC251174C 2 : 0x980C89B1FA748A3DE35EA590DDCCA1DA611FA7A3 3 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 4 : 0x02EDA721B03D290E04B29E9D5503883228748F5C 5 : 0x1084FDBF27E76FACC24A5B425944317F17A798F7 6 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 7 : 0x4037336FA7BC0EABE3778FCFFF5FCD0EE6ADCDE3 8 : 0x1E8E9ECF10DC6035CDECC3E89C8D44117CE854FC 9 : 0x2DA518066E204ECBD5EE5EC1ABBEAA70D39B8307 10: 0x80FE0ACB3116CDF0E43B1381FA9B641B8018D151 11: 0x0000000000000000000000000000000000000000 12: 0x0000000000000000000000000000000000000000 13: 0x0000000000000000000000000000000000000000 14: 0x0000000000000000000000000000000000000000 15: 0x0000000000000000000000000000000000000000 16: 0x0000000000000000000000000000000000000000 17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 23: 0x0000000000000000000000000000000000000000 sha256: 0 : 0xCDF1A756E97456E3460D54E49EBAB47AC2CC8C5CD6AD2EB3A798A45EDDA64D5B 1 : 0x1D4854DF2712EF3B5814EBE3D371CF3F1915D6C73510960759CFF95CE6581010 2 : 0x3758CBE00711DFC96DEB7AE22B478308A892A84CDB8C1FA1A7DDD948DEAADEFF 3 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969 4 : 0x46FE0810ED3F7CE2E8326E1FEA197998D6974B0B3C0B3E9742F026C94CBF5FEA 5 : 0x548926E5798F0BD918F8ECDD05324D818045648464005CBDABF992D606FD95B7 6 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969 7 : 0xB5710BF57D25623E4019027DA116821FA99F5C81E9E38B87671CC574F9281439 8 : 0xC87422DF52EAC072BD8F2AD53DBF665D7247C4BFB7E60ABB7D645E93D1466F81 9 : 0x5DDFA180687759055A3079839D302129B4C3535A00003154656E43E6B52C6C0A 10: 0x8A65167AA0DDF00376C3D2B6B12B85443FD40843D0FDB1CD32ACFC345506DE13 11: 0x0000000000000000000000000000000000000000000000000000000000000000 12: 0x0000000000000000000000000000000000000000000000000000000000000000 13: 0x0000000000000000000000000000000000000000000000000000000000000000 14: 0x0000000000000000000000000000000000000000000000000000000000000000 15: 0x0000000000000000000000000000000000000000000000000000000000000000 16: 0x0000000000000000000000000000000000000000000000000000000000000000 17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 23: 0x0000000000000000000000000000000000000000000000000000000000000000 $ tsseventextend -sim -if /sys/kernel/security/tpm0/binary_bios_measurements -v ... algorithmId TPM_ALG_SHA1 PCR 00: fd 86 f6 6c 96 24 77 be 20 5b 45 b8 af 04 54 c4 bc e4 9c 54 PCR 01: e2 ea 64 86 ee fc be 87 be a6 63 7f 30 c5 8d fe c2 51 17 4c PCR 02: 98 0c 89 b1 fa 74 8a 3d e3 5e a5 90 dd cc a1 da 61 1f a7 a3 PCR 03: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36 PCR 04: 02 ed a7 21 b0 3d 29 0e 04 b2 9e 9d 55 03 88 32 28 74 8f 5c PCR 05: 10 84 fd bf 27 e7 6f ac c2 4a 5b 42 59 44 31 7f 17 a7 98 f7 PCR 06: b2 a8 3b 0e bf 2f 83 74 29 9a 5b 2b df c3 1e a9 55 ad 72 36 PCR 07: 40 37 33 6f a7 bc 0e ab e3 77 8f cf ff 5f cd 0e e6 ad cd e3 PCR 08: 1e 8e 9e cf 10 dc 60 35 cd ec c3 e8 9c 8d 44 11 7c e8 54 fc PCR 09: 2d a5 18 06 6e 20 4e cb d5 ee 5e c1 ab be aa 70 d3 9b 83 07 PCR 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 19: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 22: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 algorithmId TPM_ALG_SHA256 PCR 00: cd f1 a7 56 e9 74 56 e3 46 0d 54 e4 9e ba b4 7a c2 cc 8c 5c d6 ad 2e b3 a7 98 a4 5e dd a6 4d 5b PCR 01: 1d 48 54 df 27 12 ef 3b 58 14 eb e3 d3 71 cf 3f 19 15 d6 c7 35 10 96 07 59 cf f9 5c e6 58 10 10 PCR 02: 37 58 cb e0 07 11 df c9 6d eb 7a e2 2b 47 83 08 a8 92 a8 4c db 8c 1f a1 a7 dd d9 48 de aa de ff PCR 03: 3d 45 8c fe 55 cc 03 ea 1f 44 3f 15 62 be ec 8d f5 1c 75 e1 4a 9f cf 9a 72 34 a1 3f 19 8e 79 69 PCR 04: 46 fe 08 10 ed 3f 7c e2 e8 32 6e 1f ea 19 79 98 d6 97 4b 0b 3c 0b 3e 97 42 f0 26 c9 4c bf 5f ea PCR 05: 54 89 26 e5 79 8f 0b d9 18 f8 ec dd 05 32 4d 81 80 45 64 84 64 00 5c bd ab f9 92 d6 06 fd 95 b7 PCR 06: 3d 45 8c fe 55 cc 03 ea 1f 44 3f 15 62 be ec 8d f5 1c 75 e1 4a 9f cf 9a 72 34 a1 3f 19 8e 79 69 PCR 07: b5 71 0b f5 7d 25 62 3e 40 19 02 7d a1 16 82 1f a9 9f 5c 81 e9 e3 8b 87 67 1c c5 74 f9 28 14 39 PCR 08: c8 74 22 df 52 ea c0 72 bd 8f 2a d5 3d bf 66 5d 72 47 c4 bf b7 e6 0a bb 7d 64 5e 93 d1 46 6f 81 PCR 09: 5d df a1 80 68 77 59 05 5a 30 79 83 9d 30 21 29 b4 c3 53 5a 00 00 31 54 65 6e 43 e6 b5 2c 6c 0a PCR 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 19: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 22: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR 23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
FEDORA-2020-3d8097c044 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-3d8097c044
FEDORA-2020-3d8097c044 has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-3d8097c044` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-3d8097c044 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
I have applied the upgrade [test@fedora-server-32 ~]$ sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-3d8097c044 Last metadata expiration check: 0:02:40 ago on Tue 19 May 2020 09:08:44 AM PDT. No security updates needed, but 26 updates available Dependencies resolved. Nothing to do. Complete! [test@fedora-server-32 ~]$ rpm -qa grub2* grub2-tools-extra-2.04-17.fc32.x86_64 grub2-tools-minimal-2.04-17.fc32.x86_64 grub2-tools-2.04-17.fc32.x86_64 grub2-efi-x64-2.04-17.fc32.x86_64 grub2-common-2.04-17.fc32.noarch grub2-tools-efi-2.04-17.fc32.x86_64 But the issue persists [test@fedora-server-32 ~]$ tpm2_pcrread sha1: 0 : 0x7C59F01D96DAECF87F114A5682EEF89BC2CE9F40 1 : 0x446291AEEAA190DE212415F5B05C69B20FF8EB64 2 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 3 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 4 : 0x09E8FA10955C386E96FB817393F79C750F323F24 5 : 0xA0CAE707F89FF91A958427A4B571632F46C0D11F 6 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 7 : 0x253B0B5E3613566DEED618F7BB81F22D8346CFC2 8 : 0x0000000000000000000000000000000000000000 9 : 0x0000000000000000000000000000000000000000 10: 0xDD423541294B2518D15FEF4877ABF96CC22C949C This are the digests of my installed grub2 and shim: [test@fedora-server-32 ~]$ sudo sha256sum /boot/efi/EFI/fedora/grubx64.efi 3f320de45a53a46670df67bf812d2dc8daebde0af0381629a064c89aacf077a3 /boot/efi/EFI/fedora/grubx64.efi [test@fedora-server-32 ~]$ sudo sha256sum /boot/efi/EFI/fedora/shimx64-fedora.efi 02f23f490f9d2df4ac77de0ecbec0cc471d4b903a95037d7844aa4fda5536bb7 /boot/efi/EFI/fedora/shimx64-fedora.efi Are they correctly installed? is there any additional configuration I should do? Thanks
(In reply to nicolasoliver03 from comment #5) [snip] > > [test@fedora-server-32 ~]$ sudo sha256sum /boot/efi/EFI/fedora/grubx64.efi > 3f320de45a53a46670df67bf812d2dc8daebde0af0381629a064c89aacf077a3 > /boot/efi/EFI/fedora/grubx64.efi > > [test@fedora-server-32 ~]$ sudo sha256sum > /boot/efi/EFI/fedora/shimx64-fedora.efi > 02f23f490f9d2df4ac77de0ecbec0cc471d4b903a95037d7844aa4fda5536bb7 > /boot/efi/EFI/fedora/shimx64-fedora.efi > > Are they correctly installed? is there any additional configuration I should > do? > Sorry, my bad. I added the TPM patches but didn't commit the change that adds the tpm module to the list of modules to include in the signed grub2 EFI binary. I'll do another update now fixing this.
FEDORA-2020-7303768e5c has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-7303768e5c
Nicolas, Could you please give a try to grub2-2.04-18.fc32? Thanks a lot for reporting this issue and all your testing!
Works now! [test@fedora-server-32 ~]$ sudo dnf install bodhi-client [test@fedora-server-32 ~]$ bodhi updates download --updateid FEDORA-2020-7303768e5c [test@fedora-server-32 ~]$ sudo dnf update ./grub2-* [test@fedora-server-32 ~]$ rpm -qa grub2* [test@fedora-server-32 ~]$ tpm2_pcrread sha1: 0 : 0x7C59F01D96DAECF87F114A5682EEF89BC2CE9F40 1 : 0x446291AEEAA190DE212415F5B05C69B20FF8EB64 2 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 3 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 4 : 0x1FA6208A3A5DD09C9774834A0CA04F51A0FA4B7A 5 : 0xA0CAE707F89FF91A958427A4B571632F46C0D11F 6 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 7 : 0x253B0B5E3613566DEED618F7BB81F22D8346CFC2 8 : 0x5FDF24A150F09D9FAAC2E6401A6CF72CE8D1DC06 9 : 0xC8BFC6D3C7A22A9723C6C263A050B99F6626343B 10: 0x3097CEBC20FD2FD5B18B3B1819F7894A24FC6521 The TPM Event Log also shows log entries for PCR 8 and 9.
FEDORA-2020-7303768e5c has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-7303768e5c` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-7303768e5c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-7303768e5c has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.
Appears that these binary measurements are not available in fc33 ? tpm2-tools-4.3.0-1.fc33.x86_64 # tpm2_pcrread ** (process:5083): CRITICAL **: 22:34:18.932: failed to allocate dbus proxy object: Error calling StartServiceByName for com.intel.tss2.Tabrmd: Timeout was reached WARNING:tcti:src/tss2-tcti/tctildr.c:79:tcti_from_init() TCTI init for function 0x7ffb92df2f50 failed with a0008 WARNING:tcti:src/tss2-tcti/tctildr.c:109:tcti_from_info() Could not initialize TCTI named: tcti-abrmd ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-tabrmd.so.0 ERROR:tcti:src/tss2-tcti/tcti-device.c:440:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory WARNING:tcti:src/tss2-tcti/tctildr.c:79:tcti_from_init() TCTI init for function 0x7ffb92791950 failed with a000a WARNING:tcti:src/tss2-tcti/tctildr.c:109:tcti_from_info() Could not initialize TCTI named: tcti-device ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 ERROR:tcti:src/tss2-tcti/tcti-device.c:440:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: No such file or directory WARNING:tcti:src/tss2-tcti/tctildr.c:79:tcti_from_init() TCTI init for function 0x7ffb92791950 failed with a000a WARNING:tcti:src/tss2-tcti/tctildr.c:109:tcti_from_info() Could not initialize TCTI named: tcti-device ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 WARNING:tcti:src/util/io.c:252:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:592:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket WARNING:tcti:src/tss2-tcti/tctildr.c:79:tcti_from_init() TCTI init for function 0x7ffb92793190 failed with a000a WARNING:tcti:src/tss2-tcti/tctildr.c:109:tcti_from_info() Could not initialize TCTI named: tcti-swtpm ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0 WARNING:tcti:src/util/io.c:252:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused WARNING:tcti:src/tss2-tcti/tctildr.c:79:tcti_from_init() TCTI init for function 0x7ffb911d3020 failed with a000a WARNING:tcti:src/tss2-tcti/tctildr.c:109:tcti_from_info() Could not initialize TCTI named: tcti-socket ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-mssim.so.0 ERROR:tcti:src/tss2-tcti/tctildr-dl.c:254:tctildr_get_default() No standard TCTI could be loaded ERROR:tcti:src/tss2-tcti/tctildr.c:416:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI ERROR: Could not load tcti, got: "(null)" Resulting in error in fwupd - seen in separate bug chain https://bugzilla.redhat.com/show_bug.cgi?id=1949491 21:06:30:0236 FuEngine disabling plugin because: failed to coldplug using tpm_eventlog: Failed to open file "/sys/kernel/security/tpm0/binary_bios_measurements": No such file or directory