[Bug 2039117] [NEW] Intermittent problem accessing TPM during 22.04 boot

Tre Klaus 2039117 at bugs.launchpad.net
Thu Oct 12 00:37:09 UTC 2023 

Public bug reported:

I am using 22.04 and am hitting a bug accessing the TPM during start-up
to decrypt a LUKS encrypted drive (data drive, not system drive).

With a Virtualbox 22.04 VM, the problem only happens with the HWE kernel
and occurs 8 out of 10 times. 2 out of 10 times the system boots
correctly. When using the non HWE kernel it works 10 out of 10 times.

With a physical server, Supermicro X10, the problem does not occur at
all.

My LUKS volume is named drive1. From journalctl -u systemd-cryptsetup at drive1.service
Oct 10 07:42:08 tpm2-test systemd-cryptsetup[547]: Failed to unseal HMAC key in TPM: tpm:error(2.0): PCR have changed since checked

The problem is discussed here -
https://github.com/systemd/systemd/issues/24906 . This also discusses
that people get different results with different kernels.

I'll not go into too much detail as this problem is already resolved in newer versions of systemd. The fix for this problem was merged into Ubuntu's systemd 252.3-1.
https://git.launchpad.net/ubuntu/+source/systemd/commit/src/shared/tpm2-util.c?h=ubuntu/lunar&id=28f8a776415a01cacec747d831f057d3f8b9f01b

Can this fix be made available to 22.04 - systemd 249.11?

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2039117

Title:
  Intermittent problem accessing TPM during 22.04 boot

Status in systemd package in Ubuntu:
  New

Bug description:
  I am using 22.04 and am hitting a bug accessing the TPM during start-
  up to decrypt a LUKS encrypted drive (data drive, not system drive).

  With a Virtualbox 22.04 VM, the problem only happens with the HWE
  kernel and occurs 8 out of 10 times. 2 out of 10 times the system
  boots correctly. When using the non HWE kernel it works 10 out of 10
  times.

  With a physical server, Supermicro X10, the problem does not occur at
  all.

  My LUKS volume is named drive1. From journalctl -u systemd-cryptsetup at drive1.service
  Oct 10 07:42:08 tpm2-test systemd-cryptsetup[547]: Failed to unseal HMAC key in TPM: tpm:error(2.0): PCR have changed since checked

  The problem is discussed here -
  https://github.com/systemd/systemd/issues/24906 . This also discusses
  that people get different results with different kernels.

  I'll not go into too much detail as this problem is already resolved in newer versions of systemd. The fix for this problem was merged into Ubuntu's systemd 252.3-1.
  https://git.launchpad.net/ubuntu/+source/systemd/commit/src/shared/tpm2-util.c?h=ubuntu/lunar&id=28f8a776415a01cacec747d831f057d3f8b9f01b

  Can this fix be made available to 22.04 - systemd 249.11?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2039117/+subscriptions

More information about the foundations-bugs mailing list