[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b1162c76-2629-e041-9bc6-54678b999e6b@molgen.mpg.de>
Date: Fri, 15 Dec 2017 16:26:40 +0100
From: Paul Menzel <pmenzel@...gen.mpg.de>
To: Alexander Steffen <Alexander.Steffen@...ineon.com>,
Mario Limonciello <mario.limonciello@...l.com>,
Jason Gunthorpe <jgg@...pe.ca>
Cc: linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
rafael.j.wysocki@...el.com, len.brown@...el.com
Subject: Re: [Regression 4.15-rc2] New messages `tpm tpm0: A TPM error (2314)
occurred continue selftest`
Dear Alexander,
On 12/15/17 15:54, Alexander.Steffen@...ineon.com wrote:
[…]
>> the added line breaks to the quoted parts really mess up the citation.
>> Can we please try to use MUAs avoiding that, or fixing that manually?
>
> Sorry, I'm not sure whether my company has a way for me to avoid using Outlook ;-) But if there are any configuration changes to make it behave better, I will gladly apply them. Do you know of any documentation on this? All I found so far either is already applied or was outdated.
No idea, lines in quotes should probably not be touch and wrapped. At
least not without adding the right quoting level on the next line.
> I'll remove some of the less relevant quoted parts, so that this is less of an issue.
>
>>>>>>> To be clear, this issue is not reproducible during every start. (But
>>>>>>> that was the same before.)
>>
>> I think I found out how to reproduce the issue. Cold start the system
>> without the power supply connected.
>>
>>>>>> Thanks for testing. Now you are in the unlucky situation that your TPM was
>>>>>> probably always broken, but old kernels did not detect that and used it anyway.
>>
>> Just to clarify, I do not know if the TPM could ever be used. I believe
>> the module loaded but the user space tools (tpm2_version or so) always
>> returned an error in my tests.
>
> Interesting. So maybe it is not a bug in your TPM's firmware, but really a single defective TPM? Can you try to figure that out? That is, when using an older kernel in the cold start scenario, can you execute any useful commands on your TPM successfully?
```
$ uname -a
Linux Ixpees 4.10.0-42-generic #46~16.04.1-Ubuntu SMP Mon Dec 4 15:57:59
UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
$ more /proc/version
Linux version 4.10.0-42-generic (buildd@...01-amd64-007) (gcc version
5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16
.04.5) ) #46~16.04.1-Ubuntu SMP Mon Dec 4 15:57:59 UTC 2017
$ dmesg | grep tpm
[ 0.999122] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0xFE, rev-id 4)
$ sudo tpm_version
Tspi_Context_Connect failed: 0x00003011 - layer=tsp, code=0011 (17),
Communication failure
$ tpm_version --version
tpm_version version: 1.3.8
```
>>>>> Something that Paul can consider is to upgrade the TPM firmware if it's not
>>>>> already upgraded. Since the launch of XPS 9360 there was at least one TPM
>>>>> firmware update issued. It has been posted to LVFS and can be upgraded using
>>>>> fwupd/fwupdate.
>>>>> Note: If your TPM is currently owned you will need to go into BIOS setup to
>>>>> clear it first before upgrading.
>>>>
>>>> I'm not familiar with the specific TPM in your model, but according to the
>>>> log it is a TPM 2.0, which does not really carry over the owner concept of
>>>> a TPM 1.2. Is clearing it still necessary for an upgrade then?
>>>
>>> Yes it's required for the TPM model/vendor that is used in the XPS model that
>>> Paul has. If you try to run the upgrade without clearing it the firmware will
>>> reject the upgrade.
>>
>> Mario, thank you for your quick reaction.
>>
>> […]
>>
>> 1. Can you reproduce this issue too?
>> 2. How do I find out, what TPM firmware version is installed?
>
> If you get the driver loaded, you can ask the TPM (TPM2_GetCapability for TPM_PT_FIRMWARE_VERSION_1 and TPM_PT_FIRMWARE_VERSION_2):
>
> python3 -c 'f=open("/dev/tpm0", "r+b", buffering=0); f.write(b"\x80\x01\x00\x00\x00\x16\x00\x00\x01z\x00\x00\x00\x06\x00\x00\x01\x0b\x00\x00\x00\x02"); print(f.readall())'
```
$ sudo python3
Python 3.5.2 (default, Nov 23 2017, 16:37:01)
[GCC 5.4.0 20160609] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> f=open("/dev/tpm0", "r+b", buffering=0)
>>>
f.write(b"\x80\x01\x00\x00\x00\x16\x00\x00\x01z\x00\x00\x00\x06\x00\x00\x01\x0b\x00\x00\x00\x02")
22
>>> print(f.readall())
b'\x80\x01\x00\x00\x00#\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x02\x00\x00\x01\x0b\x00\x01\x00\x03\x00\x00\x01\x0c\x00\x00\x00\x01'
```
>> 3. Updating to the firmware 2.4.2 from December 17th, 2017 didn’t fix
>> the issue.
>
> You've got a firmware from the future? ;-)
Uups, right. It’s from December 12th, 2017. ;-)
Kind regards,
Paul
Download attachment "smime.p7s" of type "application/pkcs7-signature" (5174 bytes)
Powered by blists - more mailing lists