[opensuse-support] tpm problem
Hello, Just curious....I'm getting this when booting opensuse tumbleweed on dual boot setup: 339249] tpm tpm0: tpm_try_transit: send(): error -5 339264] tpm tpm0: [Firmware Bug]: TPM interrupt not working, polling instead I've just updated the bios on the motherboard and I see no errors booting windows. Is this a linux problem or do I have to go to the MB manufacturer-Gigabyte? Thanks for any help...... mikes
On 2020/11/12 17:49, mike wrote:
Hello,
Just curious....I'm getting this when booting opensuse tumbleweed on dual boot setup:
339249] tpm tpm0: tpm_try_transit: send(): error -5 339264] tpm tpm0: [Firmware Bug]: TPM interrupt not working, polling instead
I've just updated the bios on the motherboard and I see no errors booting windows.
Is this a linux problem or do I have to go to the MB manufacturer-Gigabyte?
Neither windows nor linux really needs the Trusted Platform Module, but it can be used to store supposedly secure stuff using software in Windows and maybe linux, not sure. Either way, that looks like a kernel boot diagnostic that tried to load a driver for it and failed. From what the diagnostic says, it's a bug in the firmware on your motherboard in trying to talk to that chip. If you don't need it, probably no worries, but if you are under warranty, you might use it on the premise that you may want it "some day". Windows SHOULD have some type of equivalent error message if you try to access the TPM from Windows. I know I have to go into the BIOS to enable my TPM -- neither windows nor linux can contact it. Perhaps the error message you are seeing is a result of the TPM not being enabled in the BIOS? I.e. if you don't know that you need it or don't know what it is for, don't worry about it (unless your computer/board is under warranty). If under warranty, read-up on the TPM or Trusted Platform Module maybe on wikipedia and think about if you wanna bother with it. But first check out your BIOS settings. It may not be enabled. Hope this helps. -l
Thanks for any help......
mikes _______________________________________________ openSUSE Support mailing list -- support@lists.opensuse.org To unsubscribe, email support-leave@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/support@lists.opensuse.org
In data lunedì 16 novembre 2020 06:00:21 CET, L A Walsh ha scritto:
On 2020/11/12 17:49, mike wrote: You may be also interested to read: https://resources.infosecinstitute.com/topic/linux-tpm-encryption-initializi...
You use TPM in Linux typically to speed up HDD encryption of a SED (self encryption device e.g. Samsung SSD 860Pro, or to handle Software wise encryption with LUKS (here to speed up the calculus). If you do not use trusted grub (a particular version of the boot manager) or HDD SED, or LUKS for full disc encryption the error is likely due to some firmware error of the producer (BIOS) but not a problem for you. I have a ACPI error message since 2010 on my Lenovo Laptop, never cause major issues. You may however look if the BIOS of the mainboard is outdated, has a new version addressing the issue. Updating the BIOS is on you own risk and you should only do this if you really need it, feel comfortable about it and have performed a backup of you data. A BIOS update, although normally easy, can bear (depending on the routine the producer of the mainboard uses) the risk of "bricking" your PC. A hint why you should have always a backup, you have it here: https://security.stackexchange.com/questions/129006/what-happens-when-a-tpm-... If you use a tpm to encrypt your data instead of the chip on the SSD then you cannot decrypt your disk if your mainboard fails and has to be replaced. This can be a purpose (if you WANT it to be so, because e.g. stolen SSD shall not be usable in other location. AFAIK, the security offered by a tpm is however minor, so the disadvantage might outpace the advantage.
On 11/16/20 1:31 AM, Stakanov wrote:
In data lunedì 16 novembre 2020 06:00:21 CET, L A Walsh ha scritto:
On 2020/11/12 17:49, mike wrote: You may be also interested to read: https://resources.infosecinstitute.com/topic/linux-tpm-encryption-initializi...
You use TPM in Linux typically to speed up HDD encryption of a SED (self encryption device e.g. Samsung SSD 860Pro, or to handle Software wise encryption with LUKS (here to speed up the calculus).
If you do not use trusted grub (a particular version of the boot manager) or HDD SED, or LUKS for full disc encryption the error is likely due to some firmware error of the producer (BIOS) but not a problem for you. I have a ACPI error message since 2010 on my Lenovo Laptop, never cause major issues.
You may however look if the BIOS of the mainboard is outdated, has a new version addressing the issue. Updating the BIOS is on you own risk and you should only do this if you really need it, feel comfortable about it and have performed a backup of you data. A BIOS update, although normally easy, can bear (depending on the routine the producer of the mainboard uses) the risk of "bricking" your PC.
A hint why you should have always a backup, you have it here:
https://security.stackexchange.com/questions/129006/what-happens-when-a-tpm-...
If you use a tpm to encrypt your data instead of the chip on the SSD then you cannot decrypt your disk if your mainboard fails and has to be replaced. This can be a purpose (if you WANT it to be so, because e.g. stolen SSD shall not be usable in other location. AFAIK, the security offered by a tpm is however minor, so the disadvantage might outpace the advantage.
OK thanks Mr. Walsh and Stakanov... I am making progress in that I cleared the tpm chip....however when I try to set the passwords I get a communications error. Seems my tscd.conf has all the options commented out. Should I enable all of them or do I need an example conf file? Thanks so much so far..... mike s
_______________________________________________ openSUSE Support mailing list -- support@lists.opensuse.org To unsubscribe, email support-leave@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/support@lists.opensuse.org
On 11/16/20 1:31 AM, Stakanov wrote:
In data lunedì 16 novembre 2020 06:00:21 CET, L A Walsh ha scritto:
On 2020/11/12 17:49, mike wrote:
You may be also interested to read: https://resources.infosecinstitute.com/topic/linux-tpm-encryption-initiali zing-and-using-the-tpm/
You use TPM in Linux typically to speed up HDD encryption of a SED (self encryption device e.g. Samsung SSD 860Pro, or to handle Software wise encryption with LUKS (here to speed up the calculus).
If you do not use trusted grub (a particular version of the boot manager) or
HDD SED, or LUKS for full disc encryption the error is likely due to
some firmware error of the producer (BIOS) but not a problem for you. I have a ACPI error message since 2010 on my Lenovo Laptop, never cause major issues.>
You may however look if the BIOS of the mainboard is outdated, has a new version addressing the issue. Updating the BIOS is on you own risk and you should only do this if you really need it, feel comfortable about it and have
A BIOS update, although normally easy, can bear (depending on the routine the
In data lunedì 16 novembre 2020 17:31:36 CET, mike ha scritto: performed a backup of you data. producer of the mainboard uses) the risk of "bricking" your PC.
A hint why you should have always a backup, you have it here:
https://security.stackexchange.com/questions/129006/what-happens-when-a-tp m-chip-breaks-or-fails
If you use a tpm to encrypt your data instead of the chip on the SSD then you
cannot decrypt your disk if your mainboard fails and has to be
replaced. This can be a purpose (if you WANT it to be so, because e.g. stolen SSD shall not be usable in other location. AFAIK, the security offered by a tpm is however minor, so the disadvantage might outpace the advantage.
OK thanks Mr. Walsh and Stakanov...
I am making progress in that I cleared the tpm chip....however when I try to set the passwords I get a
communications error. Seems my tscd.conf has all the options commented out. Should I enable all of them
or do I need an example conf file? Thanks so much so far.....
mike s
First of all there are the man pages. https://linux.die.net/man/5/tcsd.conf Some more information you find in this arch wiki: https://wiki.archlinux.org/index.php/Trusted_Platform_Module And Suse gives an overview here: https://www.suse.com/c/current-developments-suse-tpm-packages/ You should know what tpm you have. I actually do not know what you wish to put into work, (trusted boot, luks or SEL?) but the manual page as of above should give you the information needed.
participants (3)
-
L A Walsh -
mike -
Stakanov