With kernels 6.4.10-200.fc38.x86_64 and below, the TPM2 module in a Lenovo ideapad D330-IGM works right. With the latest update it disappears from /dev filesystem. $ sudo systemd-cryptenroll --tpm2-device list No suitable TPM2 devices found. Reproducible: Always
I get the same on my laptop. # dmesg | grep -i tpm [ 0.000000] efi: ACPI 2.0=0x7a2d8000 ACPI=0x7a2d8000 TPMFinalLog=0x7a458000 SMBIOS=0x7a9c2000 SMBIOS 3.0=0x7a9c1000 MEMATTR=0x77b87018 ESRT=0x75ee5898 MOKvar=0x7a9f3000 RNG=0x7a2d7018 TPMEventLog=0x70b80018 [ 0.017499] ACPI: TPM2 0x000000007A31C908 000034 (v04 ALASKA A M I 00000001 AMI 00000000) [ 0.017538] ACPI: Reserving TPM2 table memory at [mem 0x7a31c908-0x7a31c93b] [ 1.178270] tpm_crb: probe of MSFT0101:00 failed with error 378 [ 1.324080] ima: No TPM chip found, activating TPM-bypass! Also had a remote machine not come back after a reboot, I would not be surprised if it's because of this.
https://lore.kernel.org/linux-kernel/20230818181516.19167-1-mario.limonciello@amd.com/T/#u This patch solves the issue but is being discused upstream how to really solve it. The problem is a check for AMD TPM to set a quirk code but makes Intel's stop working.
Same problem on a Geekom MiniPC II11 and Fedora 38.20230826.0 (Silverblue) CPU: 11th Gen Intel i7-11390H (8) @ 5.000GHz GPU: Intel TigerLake-LP GT2 [Iris Xe Graphics] [ 0.000000] efi: ACPI=0x43457000 ACPI 2.0=0x43457014 TPMFinalLog=0x4349f000 SMBIOS=0x43ca5000 SMBIOS 3.0=0x43ca4000 MEMATTR=0x39ca2418 ESRT=0x3d5cb018 MOKvar=0x43cd1000 RNG=0x433ce018 TPMEventLog=0x39c79018 [ 0.016349] ACPI: TPM2 0x00000000433D1000 00004C (v04 GEEKOM MiniIT11 00000001 AMI 00000000) [ 0.016365] ACPI: Reserving TPM2 table memory at [mem 0x433d1000-0x433d104b] [ 1.015236] tpm_crb: probe of MSFT0101:00 failed with error 378 [ 1.052365] ima: No TPM chip found, activating TPM-bypass!
The same issue applies to Intel NUC BXNUC10i5FNKN2 with Fedora CoreOS 38.20230819.2.0 (testing stream). The system was running fine with Fedora CoreOS 38.20230806.2.0 but since the upgrade boot volume decryption fails with the following message: [ 3.513088] clevis-luks-askpass[667]: A TPM2 device with the in-kernel resource manager is needed! The Fedora CoreOS version 38.20230819.2.0 uses kernel version 6.4.11-200.fc38.x86_64 whereas 38.20230806.2.0 used 6.4.10-200.fc38.x86_64. The Intel NUC BXNUC10i5FNKN2 provides TPM2 capabilities using "Intel® Platform Trust Technology" (PTT) as firmware (not a separate TPM 2 chip). More details can be found at the Fedora CoreOS issue tracker: https://github.com/coreos/fedora-coreos-tracker/issues/1555
Might be a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=2235100
Might no, indeed IS but, https://bugzilla.redhat.com/show_bug.cgi?id=2235100 is the duplicate one, or perhaps I can time-travel and didn't know.
I can confirm the kernel-6.4.15-200.fc38.x86_64 has resolved the issue. Fedora Silverblue 38.20230919.0 decrypts my system partition using TPM2 without asking for a password.
(In reply to Joachim Katzer from comment #7) > I can confirm the kernel-6.4.15-200.fc38.x86_64 has resolved the issue. > Fedora Silverblue 38.20230919.0 decrypts my system partition using TPM2 > without asking for a password. Indeed. .16 has it also upstream but .15 solves the issue downstream. I close this bug.