=Comment: #0================================================= Debora Velarde <dvelarde.com> - 2008-03-26 20:17 EDT ---Problem Description--- /etc/init.d/tcsd start fails to load tpm modules Contact Information = Debora Velarde - dvelarde.com ---uname output--- Linux linux-0c6m-009041040088.austin.ibm.com 2.6.18-84.el5 #1 SMP Fri Feb 29 16:26:41 EST 2008 i686 i686 i386 GNU/Linux Machine Type = ALL ---Debugger--- A debugger is not configured ---Steps to Reproduce--- Install RHEL5.2 beta or Fedore Core 9 alpha. Install the following packages (if not already installed): tpm-tools-devel-1.3.1-1.el5 tpm-tools-1.3.1-1.el5 trousers-devel-0.3.1-3.el5 trousers-0.3.1-3.el5 trousers-static-0.3.1-3.el5 Run /etc/init.d/tcsd start ---Security Component Data--- Problem occurs on machines with a 1.1 TPM or 1.2 TPM chip. ---More Information--- /etc/init.d/tcsd start failed when it tried to load the modules in /lib/modules/2.6.24-2.fc9/kernel/drivers/char/tpm/ The script (/etc/init.d/tcsd) uses insmod to load all the modules in the directory in no particular order with insmod. Loading a module that is present in the directory will fail if their is no such device. The current tcsd script attempts to load all the modules in the directory and returns failure if any failed to load. The tpm modules to be loaded are (depending on what TPM chip some modules will not be present in the directory): tpm_atmel.ko, tpm_bios.ko, tpm_infineon.ko, tpm.ko, tpm_nsc.ko, tpm_tis.ko After running depmod in the tpm dir (lib/modules/2.6.24-2.fc9/kernel/drivers/char/tpm/), the resulting modules.dep shows: tpm_bios.ko must be loaded first tpm.ko must be loaded second then the remaining modules can be loaded in any order Suggested Fix: Load tpm_bios first. Load tpm second. Then attempt to load remaining modules. Only return failure if tpm.ko or tpm_bios.ko failed to load. =Comment: #3================================================= Debora Velarde <dvelarde.com> - 2008-03-27 17:24 EDT Setting the severity to high since we would like this corrected in RHEL5.2. Not setting to blocking since there is a work around. I'll post a patch today.
Created attachment 299494 [details] tcsd start patch for successful load of TPM modules Steve, this is the same version of the patch I sent you last night (3/27/08) via email.
Created attachment 299530 [details] updated patch for successful load of TPM modules Updated patch after peer review and more testing.
------- Comment From dvelarde.com 2008-03-28 18:49 EDT------- Was able to successfully apply updated patch (comment #10) against trousers.src.rpm included in RHEL5.2 20080320. ------- Comment From dvelarde.com 2008-03-28 18:53 EDT------- Patch is ready to be picked up and included in RHEL5.2
Why aren't these modules fixed to export proper aliases so they are automatically loaded?
bug was filed against wrong component, sb trousers.
trousers-0.3.1-4.el5 was built to address this problem.
------- Comment From dvelarde.com 2008-04-03 19:31 EDT------- Thanks Steve. FYI, for folks on CC, snapshot3 still has the trousers-0.3.1-3.el5 package which does not have the fix yet.
------- Comment From dvelarde.com 2008-04-08 16:20 EDT------- Just tested trousers-0.3.1-4.el5.src.rpm from http://people.redhat.com/sgrubb/files/ on a clean install. "/etc/init.d/tcsd start" was able to successfully load the tpm modules. # lsmod | grep tpm // tpm drivers not loaded yet # /etc/init.d/tcsd start [ OK ] Starting tcsd: [ OK ] # lsmod | grep tpm tpm_tis 16457 0 tpm_infineon 12905 0 tpm_atmel 9541 0 tpm 19041 3 tpm_tis,tpm_infineon,tpm_atmel tpm_bios 11073 1 tpm
------- Comment From dvelarde.com 2008-04-08 16:31 EDT------- Patch was included in trousers-0.3.1-4.el5
Beautiful. Great to hear!
------- Comment From dvelarde.com 2008-04-29 20:22 EDT------- Verified that trousers-0.3.1-4.el5.rpm is in snapshot6. Verified that "/etc/init.d/tcsd start" does now load the tpm* modules.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2008-0387.html