Bug#1050602: linux: kernel 6.4.11-1 does not recognize TPM on lenovo 14IAU7 (Flex 7i)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1050602: linux: kernel 6.4.11-1 does not recognize TPM on lenovo 14IAU7 (Flex 7i)
From: Justin King-Lacroix <justin.kinglacroix@gmail.com>
Date: Sat, 26 Aug 2023 17:20:42 -0400
Message-id: <[🔎] 169308484200.5718.17772224869978658161.reportbug@burner.localdomain>
Reply-to: Justin King-Lacroix <justin.kinglacroix@gmail.com>, 1050602@bugs.debian.org

Source: linux
Version: 6.4.11-1
Severity: important
X-Debbugs-Cc: justin.kinglacroix@gmail.com

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

I use clevis-tpm2 to automatically unlock my harddisk on a 14IAU7 (Flex 7i),
and have been successfully using it for several months.


   * What exactly did you do (or not do) that was effective (or
     ineffective)?

Update from linux-image-6.4.0-2-amd64 to linux-image-6.4.0-3-amd64

   * What was the outcome of this action?

Machine boots successfully, but TPM-based auto-unlock no longer works. In fact,
the following shows up in `dmesg`:

```
$ sudo dmesg |grep -i tpm
[    0.000000] efi: ACPI=0x1ef60000 ACPI 2.0=0x1ef60014 TPMFinalLog=0x1ee34000
SMBIOS=0x21489000 SMBIOS 3.0=0x2147c000 MEMATTR=0x5398d018 ESRT=0x55328118
MOKvar=0x21478000 RNG=0x1ef5f018 TPMEventLog=0x1d82b018
[    0.004648] ACPI: SSDT 0x000000002148B000 00060E (v02 LENOVO Tpm2Tabl
00001000 INTL 20200717)
[    0.004651] ACPI: TPM2 0x000000002148A000 00004C (v04 LENOVO CB-01
00000002 LENO 00000001)
[    0.004709] ACPI: Reserving TPM2 table memory at [mem 0x2148a000-0x2148a04b]
[    1.217243] tpm_crb: probe of INTC6001:00 failed with error 378
[    1.256600] ima: No TPM chip found, activating TPM-bypass!
[    9.117870] systemd[1]: systemd 254.1-2 running in system mode (+PAM +AUDIT
+SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID
+CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2
-PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK
-XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[    9.270983] systemd[1]: systemd-pcrmachine.service - TPM2 PCR Machine ID
Measurement was skipped because of an unmet condition check
(ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f).
$
```

(Note the line that says "No TPM chip found".)

TPM-related stuff is also gone from /sys/kernel/security.

   * What outcome did you expect instead?

TPM continues to be recognized and used by linux.


*** End of the template - remove these template lines ***


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'oldoldstable'), (1, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.4.0-3-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Reply to:

Follow-Ups:
- Bug#1050602: linux: kernel 6.4.11-1 does not recognize TPM on lenovo 14IAU7 (Flex 7i)
  - From: Justin King-Lacroix <justin.kinglacroix@gmail.com>
- Bug#1050602: feedbackd: package documentation files are not installed into /usr/share/doc/
  - From: Boud Roukema <bouddebbug@cosmo.torun.pl>
- Processed: Re: Bug#1050602: linux: kernel 6.4.11-1 does not recognize TPM on lenovo 14IAU7 (Flex 7i)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Introduction to the Kernel Team 🐧
Next by Date: Bug#1050602: linux: kernel 6.4.11-1 does not recognize TPM on lenovo 14IAU7 (Flex 7i)
Previous by thread: Introduction to the Kernel Team 🐧
Next by thread: Bug#1050602: linux: kernel 6.4.11-1 does not recognize TPM on lenovo 14IAU7 (Flex 7i)
Index(es):
- Date
- Thread