[Bug 1802133] [NEW] Do not start tcsd when a TPM 2.0 is on the system
Stefan Berger
1802133 at bugs.launchpad.net
Wed Nov 7 16:11:00 UTC 2018
Public bug reported:
When a TPM 2.0 is on the system, do not try to start tcsd and have it
report failures due to it talking to a TPM 2.0 rather than a TPM 1.2.
The following bash script lets one detect a TPM 1.2 on the system:
function is_tpm12()
{
exec 100<>/dev/tpm0
/usr/bin/echo -en '\x00\xc1\x00\x00\x00\x0a\x00\x00\x00\xf1' >&100
res=$(od -t x1 -An <&100)
exec 100>&-
[ "${res:0:6}" == " 00 c4" ] && return 0
return 1
}
if ! is_tpm12; then
echo "Not a TPM 1.2"
fi
Please incorporate the above script into the post installation script of trousers.
The reported failures may otherwise look as follows:
invoke-rc.d: initscript trousers, action "start" failed.
? trousers.service - LSB: starts tcsd
Loaded: loaded (/etc/init.d/trousers; generated)
Active: failed (Result: exit-code) since Wed 2018-11-07 14:41:14 UTC; 6ms ago
Docs: man:systemd-sysv-generator(8)
Process: 690 ExecStart=/etc/init.d/trousers start (code=exited, status=137)
Starting LSB: starts tcsd...
* Starting Trusted Computing daemon tcsd
/etc/init.d/trousers: 32: [: /dev/tpm0: unexpected operator
...fail!
trousers.service: Control process exited, code=exited status=137
trousers.service: Failed with result 'exit-code'.
Failed to start LSB: starts tcsd.
dpkg: error processing package trousers (--configure):
installed trousers package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of tpm-tools:
tpm-tools depends on trousers; however:
Package trousers is not configured yet.
dpkg: error processing package tpm-tools (--configure):
dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
Errors were encountered while processing:
trousers
tpm-tools
This patch will also help users of the 'swtpm' project to use a virtual TPM on the system where tcsd is needed if a TPM 1.2 is to be virtualized.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: trousers 0.3.13-4
ProcVersionSignature: Ubuntu 4.4.0-96.119-generic 4.4.83
Uname: Linux 4.4.0-96-generic x86_64
NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_lsm_pinned_6101 falcon_lsm_pinned_5704 falcon_lsm_pinned_5607
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Wed Nov 7 11:04:44 2018
InstallationDate: Installed on 2016-10-11 (756 days ago)
InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: trousers
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.tcsd.conf: [inaccessible: [Errno 13] Permission denied: '/etc/tcsd.conf']
** Affects: trousers (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug xenial
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to trousers in Ubuntu.
https://bugs.launchpad.net/bugs/1802133
Title:
Do not start tcsd when a TPM 2.0 is on the system
Status in trousers package in Ubuntu:
New
Bug description:
When a TPM 2.0 is on the system, do not try to start tcsd and have it
report failures due to it talking to a TPM 2.0 rather than a TPM 1.2.
The following bash script lets one detect a TPM 1.2 on the system:
function is_tpm12()
{
exec 100<>/dev/tpm0
/usr/bin/echo -en '\x00\xc1\x00\x00\x00\x0a\x00\x00\x00\xf1' >&100
res=$(od -t x1 -An <&100)
exec 100>&-
[ "${res:0:6}" == " 00 c4" ] && return 0
return 1
}
if ! is_tpm12; then
echo "Not a TPM 1.2"
fi
Please incorporate the above script into the post installation script of trousers.
The reported failures may otherwise look as follows:
invoke-rc.d: initscript trousers, action "start" failed.
? trousers.service - LSB: starts tcsd
Loaded: loaded (/etc/init.d/trousers; generated)
Active: failed (Result: exit-code) since Wed 2018-11-07 14:41:14 UTC; 6ms ago
Docs: man:systemd-sysv-generator(8)
Process: 690 ExecStart=/etc/init.d/trousers start (code=exited, status=137)
Starting LSB: starts tcsd...
* Starting Trusted Computing daemon tcsd
/etc/init.d/trousers: 32: [: /dev/tpm0: unexpected operator
...fail!
trousers.service: Control process exited, code=exited status=137
trousers.service: Failed with result 'exit-code'.
Failed to start LSB: starts tcsd.
dpkg: error processing package trousers (--configure):
installed trousers package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of tpm-tools:
tpm-tools depends on trousers; however:
Package trousers is not configured yet.
dpkg: error processing package tpm-tools (--configure):
dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
Errors were encountered while processing:
trousers
tpm-tools
This patch will also help users of the 'swtpm' project to use a virtual TPM on the system where tcsd is needed if a TPM 1.2 is to be virtualized.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: trousers 0.3.13-4
ProcVersionSignature: Ubuntu 4.4.0-96.119-generic 4.4.83
Uname: Linux 4.4.0-96-generic x86_64
NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_lsm_pinned_6101 falcon_lsm_pinned_5704 falcon_lsm_pinned_5607
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Wed Nov 7 11:04:44 2018
InstallationDate: Installed on 2016-10-11 (756 days ago)
InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: trousers
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.tcsd.conf: [inaccessible: [Errno 13] Permission denied: '/etc/tcsd.conf']
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/trousers/+bug/1802133/+subscriptions
More information about the foundations-bugs
mailing list