Bug 2232888 - Kernel 6.4.11-200.fc38.x86_64 breaks TPM2 on Lenovo ideapad D330-IGM
Summary: Kernel 6.4.11-200.fc38.x86_64 breaks TPM2 on Lenovo ideapad D330-IGM
Keywords:
Status: CLOSED COMPLETED
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 38
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-08-20 00:12 UTC by David Santamaría Rogado
Modified: 2023-09-23 21:16 UTC (History)
23 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-09-23 21:16:19 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description David Santamaría Rogado 2023-08-20 00:12:44 UTC
With kernels 6.4.10-200.fc38.x86_64 and below, the TPM2 module in a Lenovo ideapad D330-IGM works right. With the latest update it disappears from /dev filesystem.

$ sudo systemd-cryptenroll --tpm2-device list
No suitable TPM2 devices found.

Reproducible: Always

Comment 1 Paul Black 2023-08-21 06:33:32 UTC
I get the same on my laptop.

# dmesg | grep -i tpm
[    0.000000] efi: ACPI 2.0=0x7a2d8000 ACPI=0x7a2d8000 TPMFinalLog=0x7a458000 SMBIOS=0x7a9c2000 SMBIOS 3.0=0x7a9c1000 MEMATTR=0x77b87018 ESRT=0x75ee5898 MOKvar=0x7a9f3000 RNG=0x7a2d7018 TPMEventLog=0x70b80018 
[    0.017499] ACPI: TPM2 0x000000007A31C908 000034 (v04 ALASKA A M I    00000001 AMI  00000000)
[    0.017538] ACPI: Reserving TPM2 table memory at [mem 0x7a31c908-0x7a31c93b]
[    1.178270] tpm_crb: probe of MSFT0101:00 failed with error 378
[    1.324080] ima: No TPM chip found, activating TPM-bypass!


Also had a remote machine not come back after a reboot, I would not be surprised if it's because of this.

Comment 2 David Santamaría Rogado 2023-08-21 10:58:46 UTC
https://lore.kernel.org/linux-kernel/20230818181516.19167-1-mario.limonciello@amd.com/T/#u

This patch solves the issue but is being discused upstream how to really solve it. The problem is a check for AMD TPM to set a quirk code but makes Intel's stop working.

Comment 3 Joachim Katzer 2023-08-27 13:09:48 UTC
Same problem on a Geekom MiniPC II11 and Fedora 38.20230826.0 (Silverblue)

CPU: 11th Gen Intel i7-11390H (8) @ 5.000GHz
GPU: Intel TigerLake-LP GT2 [Iris Xe Graphics]

[    0.000000] efi: ACPI=0x43457000 ACPI 2.0=0x43457014 TPMFinalLog=0x4349f000 SMBIOS=0x43ca5000 SMBIOS 3.0=0x43ca4000 MEMATTR=0x39ca2418 ESRT=0x3d5cb018 MOKvar=0x43cd1000 RNG=0x433ce018 TPMEventLog=0x39c79018 
[    0.016349] ACPI: TPM2 0x00000000433D1000 00004C (v04 GEEKOM MiniIT11 00000001 AMI  00000000)
[    0.016365] ACPI: Reserving TPM2 table memory at [mem 0x433d1000-0x433d104b]
[    1.015236] tpm_crb: probe of MSFT0101:00 failed with error 378
[    1.052365] ima: No TPM chip found, activating TPM-bypass!

Comment 4 michael.hertel 2023-08-29 05:01:44 UTC
The same issue applies to Intel NUC BXNUC10i5FNKN2 with Fedora CoreOS 38.20230819.2.0 (testing stream).

The system was running fine with Fedora CoreOS 38.20230806.2.0 but since the upgrade boot volume decryption fails with the following message:

[     3.513088] clevis-luks-askpass[667]: A TPM2 device with the in-kernel resource manager is needed!

The Fedora CoreOS version 38.20230819.2.0 uses kernel version 6.4.11-200.fc38.x86_64 whereas 38.20230806.2.0 used 6.4.10-200.fc38.x86_64.
The Intel NUC BXNUC10i5FNKN2 provides TPM2 capabilities using "Intel® Platform Trust Technology" (PTT) as firmware (not a separate TPM 2 chip).

More details can be found at the Fedora CoreOS issue tracker: https://github.com/coreos/fedora-coreos-tracker/issues/1555

Comment 5 Timothée Ravier 2023-08-31 13:29:10 UTC
Might be a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=2235100

Comment 6 David Santamaría Rogado 2023-09-01 03:28:33 UTC
Might no, indeed IS but, https://bugzilla.redhat.com/show_bug.cgi?id=2235100 is the duplicate one, or perhaps I can time-travel and didn't know.

Comment 7 Joachim Katzer 2023-09-19 17:44:24 UTC
I can confirm the kernel-6.4.15-200.fc38.x86_64 has resolved the issue.
Fedora Silverblue 38.20230919.0 decrypts my system partition using TPM2 without asking for a password.

Comment 8 David Santamaría Rogado 2023-09-23 21:16:19 UTC
(In reply to Joachim Katzer from comment #7)
> I can confirm the kernel-6.4.15-200.fc38.x86_64 has resolved the issue.
> Fedora Silverblue 38.20230919.0 decrypts my system partition using TPM2
> without asking for a password.

Indeed. .16 has it also upstream but .15 solves the issue downstream. I close this bug.


Note You need to log in before you can comment on or make changes to this bug.