Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

TPM PCR0 reconstruction: Not found (fwupdmgr)
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
nvaert1986
Tux's lil' helper
Tux's lil' helper


Joined: 05 May 2019
Posts: 126
PostPosted: Tue Apr 11, 2023 8:30 am    Post subject: TPM PCR0 reconstruction: Not found (fwupdmgr) Reply with quote
Hello everybody,

I'm trying to improve the security of my devices on Gentoo. Whenever I run fwupdmgr security --force it shows me a list of what is and what is not valid. One of the things that it shows as missing is TPM PCR0 reconstruction. This while my TPM 2.0 chip is active, addressable and found. I'm pretty sure it's either my kernel missing a certain option or a Gentoo related thing, because whenever I boot into a Ubuntu 22.04 LTS USB key it shows my TPM PRC0 reconstruction as valid.

I created an issue (which was converted in to a discussion) last week on the github page of fwupd, but they referred me to ask for support in the Gentoo forums: (https://github.com/fwupd/fwupd/discussions/5691). They suggest that the CONFIG_TCG_TPM=y should be set. The thing is that this option is set in my kernel (otherwise my TPM 2.0 chip would not be found either.

The related snippet from my dmesg log
Code:

[    0.000000] efi: TPMFinalLog=0x4fca2000 SMBIOS=0x4d441000 SMBIOS 3.0=0x4d434000 ACPI=0x4fd0e000 ACPI 2.0=0x4fd0e014 MEMATTR=0x448c8018 ESRT=0x4b2cc000
[    0.001309] ACPI: TPM2 0x000000004D2F0000 000034 (v04 LENOVO TP-N2C   00001500 PTEC 00000002)
[    0.001390] ACPI: Reserving TPM2 table memory at [mem 0x4d2f0000-0x4d2f0033]
[    0.969887] tpm_tis STM7304:00: 2.0 TPM (device-id 0x0, rev-id 78)


All of the related tools and services have been installed as well:

Code:

emerge -pv tpm2-tools tpm2-tss tpm2-abrmd

These are the packages that would be merged, in order:

Calculating dependencies... done!
Dependency resolution took 2.65 s.

[ebuild   R   ~] app-crypt/tpm2-tss-4.0.1:0/4::gentoo  USE="fapi openssl policy -doc -mbedtls -static-libs -test" ABI_X86="32 (64) (-x32)" 0 KiB
[ebuild   R    ] app-crypt/tpm2-tools-5.5::gentoo  USE="fapi -test" 0 KiB
[ebuild   R    ] app-crypt/tpm2-abrmd-3.0.0-r1::gentoo  USE="-static-libs -test" 0 KiB


Code:

systemctl status tpm2-abrmd.service
● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
     Loaded: loaded (/usr/lib/systemd/system/tpm2-abrmd.service; enabled; preset: disabled)
     Active: active (running) since Tue 2023-04-11 08:18:20 CEST; 2h 8min ago
   Main PID: 698 (tpm2-abrmd)
     Memory: 5.4M
        CPU: 89ms
     CGroup: /system.slice/tpm2-abrmd.service
             └─698 /usr/sbin/tpm2-abrmd


I'm running Gentoo Linux 2.13 using the gentoo-sources-6.1.23 kernel. I updated to 6.1.23 due to finding: "tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address" in the kernel log as fixed in 6.1.20, so figured this could resolve the issue, but it did not.

Could anybody give me any advice on how to resolve this issue? If there's any additional information you need, then please let me know.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy