Hi Professionals,
I am loading CentOS 8 onto a JetWay mother board NF893 with CPU i3 8100. The mother board has TPM (fTPM 2.0 (PTT) Trusted Computing Firmware), from BIOS I could see TPM20 device found and enable support, it is under secured boot. but when system bring up I have some errors:
kernel: tpm tpm0: A TPM error (378) occurred get tpm pcr allocation
kernel: ima: No TPM chip found, activating TPM-bypass! (rc=-19)
Itried to restart tpm2-abrmd service and get errors:
4596 Jan 8 14:37:27 localhost systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon...
4597 Jan 8 14:37:27 localhost tpm2-abrmd[3140]: ERROR:tcti:src/tss2-tcti/tcti-device.c:281:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: No such file or directory
4598 Jan 8 14:37:27 localhost journal[3140]: failed to initialize device TCTI context: 0xa000a
4599 Jan 8 14:37:27 localhost journal[3140]: TCTI initialization failed: 0xa000a
4600 Jan 8 14:37:27 localhost systemd[1]: tpm2-abrmd.service: Main process exited, code=exited, status=1/FAILURE
4601 Jan 8 14:37:27 localhost systemd[1]: tpm2-abrmd.service: Failed with result 'exit-code'.
4602 Jan 8 14:37:27 localhost systemd[1]: Failed to start TPM2 Access Broker and Resource Management Daemon.
4603 Jan 8 14:37:32 localhost systemd[1]: tpm2-abrmd.service: Service RestartSec=5s expired, scheduling restart.
4604 Jan 8 14:37:32 localhost systemd[1]: tpm2-abrmd.service: Scheduled restart job, restart counter is at 1.
4605 Jan 8 14:37:32 localhost systemd[1]: Stopped TPM2 Access Broker and Resource Management Daemon.
4606 Jan 8 14:37:32 localhost systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon...
4607 Jan 8 14:37:32 localhost tpm2-abrmd[3147]: ERROR:tcti:src/tss2-tcti/tcti-device.c:281:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: No such file or directory
4608 Jan 8 14:37:32 localhost journal[3147]: failed to initialize device TCTI context: 0xa000a
4609 Jan 8 14:37:32 localhost journal[3147]: TCTI initialization failed: 0xa000a
4610 Jan 8 14:37:32 localhost systemd[1]: tpm2-abrmd.service: Main process exited, code=exited, status=1/FAILURE
4611 Jan 8 14:37:32 localhost systemd[1]: tpm2-abrmd.service: Failed with result 'exit-code'.
4612 Jan 8 14:37:32 localhost systemd[1]: Failed to start TPM2 Access Broker and Resource Management Daemon.
4613 Jan 8 14:37:37 localhost systemd[1]: tpm2-abrmd.service: Service RestartSec=5s expired, scheduling restart.
4614 Jan 8 14:37:37 localhost systemd[1]: tpm2-abrmd.service: Scheduled restart job, restart counter is at 2.
4615 Jan 8 14:37:37 localhost systemd[1]: Stopped TPM2 Access Broker and Resource Management Daemon.
4616 Jan 8 14:37:37 localhost systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon...
4617 Jan 8 14:37:37 localhost tpm2-abrmd[3161]: ERROR:tcti:src/tss2-tcti/tcti-device.c:281:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: No such file or directory
4618 Jan 8 14:37:37 localhost journal[3161]: failed to initialize device TCTI context: 0xa000a
4619 Jan 8 14:37:37 localhost journal[3161]: TCTI initialization failed: 0xa000a
4620 Jan 8 14:37:37 localhost systemd[1]: tpm2-abrmd.service: Main process exited, code=exited, status=1/FAILURE
4621 Jan 8 14:37:37 localhost systemd[1]: tpm2-abrmd.service: Failed with result 'exit-code'.
4622 Jan 8 14:37:37 localhost systemd[1]: Failed to start TPM2 Access Broker and Resource Management Daemon.
4623 Jan 8 14:37:42 localhost systemd[1]: tpm2-abrmd.service: Service RestartSec=5s expired, scheduling restart.
4624 Jan 8 14:37:42 localhost systemd[1]: tpm2-abrmd.service: Scheduled restart job, restart counter is at 3.
4625 Jan 8 14:37:42 localhost systemd[1]: Stopped TPM2 Access Broker and Resource Management Daemon.
4626 Jan 8 14:37:42 localhost systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon...
4627 Jan 8 14:37:43 localhost tpm2-abrmd[3169]: ERROR:tcti:src/tss2-tcti/tcti-device.c:281:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: No such file or directory
I am not sure what is going on. /dev/tpm0 not existing, does it mean not physical tpm chip attached in the mother board? but why in BIOS it shows TPM20 device Found?
Please help !!!
Thanks.
TPM 2.0 issue
-
- Posts: 107
- Joined: 2016/01/12 23:27:04
- Location: Vista California
Re: TPM 2.0 issue
Thank you BShT. the link you provided is mostly on TPM 1.2. I am now with TPM 2.0 and it looks like Trousers is not compatible on TPM 2.0?
By the way, what is the way to utilize TPM to encrypt the disk? like /boot/efi, / and other partions?
I could encrypt partitions other than /boot/efi and /, I am still looking for how to encrypt these 2 partitions.
Regards,
By the way, what is the way to utilize TPM to encrypt the disk? like /boot/efi, / and other partions?
I could encrypt partitions other than /boot/efi and /, I am still looking for how to encrypt these 2 partitions.
Regards,
-
- Posts: 107
- Joined: 2016/01/12 23:27:04
- Location: Vista California
Re: TPM 2.0 issue
Thank you BShT, the link is very helpful: https://access.redhat.com/documentation ... -hardening
Regards,
Harry
Regards,
Harry