Bug#1050602: linux: kernel 6.4.11-1 does not recognize TPM on lenovo 14IAU7 (Flex 7i)
Source: linux
Version: 6.4.11-1
Severity: important
X-Debbugs-Cc: justin.kinglacroix@gmail.com
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
I use clevis-tpm2 to automatically unlock my harddisk on a 14IAU7 (Flex 7i),
and have been successfully using it for several months.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Update from linux-image-6.4.0-2-amd64 to linux-image-6.4.0-3-amd64
* What was the outcome of this action?
Machine boots successfully, but TPM-based auto-unlock no longer works. In fact,
the following shows up in `dmesg`:
```
$ sudo dmesg |grep -i tpm
[ 0.000000] efi: ACPI=0x1ef60000 ACPI 2.0=0x1ef60014 TPMFinalLog=0x1ee34000
SMBIOS=0x21489000 SMBIOS 3.0=0x2147c000 MEMATTR=0x5398d018 ESRT=0x55328118
MOKvar=0x21478000 RNG=0x1ef5f018 TPMEventLog=0x1d82b018
[ 0.004648] ACPI: SSDT 0x000000002148B000 00060E (v02 LENOVO Tpm2Tabl
00001000 INTL 20200717)
[ 0.004651] ACPI: TPM2 0x000000002148A000 00004C (v04 LENOVO CB-01
00000002 LENO 00000001)
[ 0.004709] ACPI: Reserving TPM2 table memory at [mem 0x2148a000-0x2148a04b]
[ 1.217243] tpm_crb: probe of INTC6001:00 failed with error 378
[ 1.256600] ima: No TPM chip found, activating TPM-bypass!
[ 9.117870] systemd[1]: systemd 254.1-2 running in system mode (+PAM +AUDIT
+SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID
+CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2
-PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK
-XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[ 9.270983] systemd[1]: systemd-pcrmachine.service - TPM2 PCR Machine ID
Measurement was skipped because of an unmet condition check
(ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f).
$
```
(Note the line that says "No TPM chip found".)
TPM-related stuff is also gone from /sys/kernel/security.
* What outcome did you expect instead?
TPM continues to be recognized and used by linux.
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'oldoldstable'), (1, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.4.0-3-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: