[Bug 2001556] Re: systemd-cryptenroll poorly communicates libtss2-rc0 dependency

Nick Rosbrook 2001556 at bugs.launchpad.net
Mon Jan 23 21:19:21 UTC 2023 

I have not taken a close look at the man pages to see if it mentions
this, but systemd-cryptenroll dlopen()'s the libraries needed for TPM2
support. So the message "TPM2 support is not installed." means the
binary was compiled with TPM2 support, but you need to install the
libraries. On the other hand, the message "TPM2 not supported on this
build." means that the binary was built without TPM2 support (i.e.
-Dtmp2=false).

I will take a closer look to see if we can improve the documentation
upstream. My guess is that one hesitation of being too specific with the
error message/man page is that the list of deps could go stale.

** Changed in: systemd (Ubuntu)
       Status: New => Triaged

** Changed in: systemd (Ubuntu)
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2001556

Title:
  systemd-cryptenroll poorly communicates libtss2-rc0 dependency

Status in systemd package in Ubuntu:
  Triaged

Bug description:
  Description:

  tpm2 support was added to jammy in 249.11-0ubuntu3.3 via LP1969375.
  libtss2-rc0 was added as a suggested package.

  $ systemd-cryptenroll --tpm2-device=list
  TPM2 support is not installed.

  Installing libtss2-rc0 allows this to resolve:
  $ sudo apt install libtss2-rc0
  $ systemd-cryptenroll --tpm2-device=list
  PATH        DEVICE      DRIVER
  /dev/tpmrm0 VTPM0101:00 tpm_crb

  While this isn't inherently an issue, two things are notable:

  + The manpage for systemd-cryptenroll makes no mention that the
  suggested package needs to be installed (that I could find), this is
  only noted via `apt depends`. I only happened to find this while
  building from source.

  + The presented error implies that the pkg was build with -Dtpm2=false
  (as I read it), which is not actually the case. It should properly
  indicate the missing dep.

  The choice to leave this as a suggested dep was deliberate, so I
  believe resolution of the above two issues would suffice to provide
  enduser clarity.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2001556/+subscriptions

More information about the foundations-bugs mailing list