TPM 2.0 issue

Issues related to applications and software problems and general support
Post Reply
harrywangca
Posts: 107
Joined: 2016/01/12 23:27:04
Location: Vista California

TPM 2.0 issue

Post by harrywangca » 2020/01/09 00:08:28

Hi Professionals,

I am loading CentOS 8 onto a JetWay mother board NF893 with CPU i3 8100. The mother board has TPM (fTPM 2.0 (PTT) Trusted Computing Firmware), from BIOS I could see TPM20 device found and enable support, it is under secured boot. but when system bring up I have some errors:

kernel: tpm tpm0: A TPM error (378) occurred get tpm pcr allocation
kernel: ima: No TPM chip found, activating TPM-bypass! (rc=-19)

Itried to restart tpm2-abrmd service and get errors:

4596 Jan 8 14:37:27 localhost systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon...
4597 Jan 8 14:37:27 localhost tpm2-abrmd[3140]: ERROR:tcti:src/tss2-tcti/tcti-device.c:281:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: No such file or directory
4598 Jan 8 14:37:27 localhost journal[3140]: failed to initialize device TCTI context: 0xa000a
4599 Jan 8 14:37:27 localhost journal[3140]: TCTI initialization failed: 0xa000a
4600 Jan 8 14:37:27 localhost systemd[1]: tpm2-abrmd.service: Main process exited, code=exited, status=1/FAILURE
4601 Jan 8 14:37:27 localhost systemd[1]: tpm2-abrmd.service: Failed with result 'exit-code'.
4602 Jan 8 14:37:27 localhost systemd[1]: Failed to start TPM2 Access Broker and Resource Management Daemon.
4603 Jan 8 14:37:32 localhost systemd[1]: tpm2-abrmd.service: Service RestartSec=5s expired, scheduling restart.
4604 Jan 8 14:37:32 localhost systemd[1]: tpm2-abrmd.service: Scheduled restart job, restart counter is at 1.
4605 Jan 8 14:37:32 localhost systemd[1]: Stopped TPM2 Access Broker and Resource Management Daemon.
4606 Jan 8 14:37:32 localhost systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon...
4607 Jan 8 14:37:32 localhost tpm2-abrmd[3147]: ERROR:tcti:src/tss2-tcti/tcti-device.c:281:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: No such file or directory
4608 Jan 8 14:37:32 localhost journal[3147]: failed to initialize device TCTI context: 0xa000a
4609 Jan 8 14:37:32 localhost journal[3147]: TCTI initialization failed: 0xa000a
4610 Jan 8 14:37:32 localhost systemd[1]: tpm2-abrmd.service: Main process exited, code=exited, status=1/FAILURE
4611 Jan 8 14:37:32 localhost systemd[1]: tpm2-abrmd.service: Failed with result 'exit-code'.
4612 Jan 8 14:37:32 localhost systemd[1]: Failed to start TPM2 Access Broker and Resource Management Daemon.
4613 Jan 8 14:37:37 localhost systemd[1]: tpm2-abrmd.service: Service RestartSec=5s expired, scheduling restart.
4614 Jan 8 14:37:37 localhost systemd[1]: tpm2-abrmd.service: Scheduled restart job, restart counter is at 2.
4615 Jan 8 14:37:37 localhost systemd[1]: Stopped TPM2 Access Broker and Resource Management Daemon.
4616 Jan 8 14:37:37 localhost systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon...
4617 Jan 8 14:37:37 localhost tpm2-abrmd[3161]: ERROR:tcti:src/tss2-tcti/tcti-device.c:281:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: No such file or directory
4618 Jan 8 14:37:37 localhost journal[3161]: failed to initialize device TCTI context: 0xa000a
4619 Jan 8 14:37:37 localhost journal[3161]: TCTI initialization failed: 0xa000a
4620 Jan 8 14:37:37 localhost systemd[1]: tpm2-abrmd.service: Main process exited, code=exited, status=1/FAILURE
4621 Jan 8 14:37:37 localhost systemd[1]: tpm2-abrmd.service: Failed with result 'exit-code'.
4622 Jan 8 14:37:37 localhost systemd[1]: Failed to start TPM2 Access Broker and Resource Management Daemon.
4623 Jan 8 14:37:42 localhost systemd[1]: tpm2-abrmd.service: Service RestartSec=5s expired, scheduling restart.
4624 Jan 8 14:37:42 localhost systemd[1]: tpm2-abrmd.service: Scheduled restart job, restart counter is at 3.
4625 Jan 8 14:37:42 localhost systemd[1]: Stopped TPM2 Access Broker and Resource Management Daemon.
4626 Jan 8 14:37:42 localhost systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon...
4627 Jan 8 14:37:43 localhost tpm2-abrmd[3169]: ERROR:tcti:src/tss2-tcti/tcti-device.c:281:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: No such file or directory

I am not sure what is going on. /dev/tpm0 not existing, does it mean not physical tpm chip attached in the mother board? but why in BIOS it shows TPM20 device Found?
Please help !!!

Thanks.


harrywangca
Posts: 107
Joined: 2016/01/12 23:27:04
Location: Vista California

Re: TPM 2.0 issue

Post by harrywangca » 2020/01/13 23:04:16

Thank you BShT. the link you provided is mostly on TPM 1.2. I am now with TPM 2.0 and it looks like Trousers is not compatible on TPM 2.0?

By the way, what is the way to utilize TPM to encrypt the disk? like /boot/efi, / and other partions?
I could encrypt partitions other than /boot/efi and /, I am still looking for how to encrypt these 2 partitions.

Regards,


harrywangca
Posts: 107
Joined: 2016/01/12 23:27:04
Location: Vista California

Re: TPM 2.0 issue

Post by harrywangca » 2020/01/23 19:41:00

Thank you BShT, the link is very helpful: https://access.redhat.com/documentation ... -hardening
Regards,

Harry

Post Reply