FDE is still unreliable on UC22
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Triaged
|
High
|
Valentin David |
Bug Description
This is a follow up to:
https:/
We're back again trying to get FDE working. This time on Ubuntu Core 22. So far it still doesn't look promising. We're exploring various boards for our next generation hardware platform. The first one I'm evaluating is the one I would expect to work out-of-the-box (as it's mostly "open"), namely Star Labs System's Byte Mk 2.
Here are some debugging data based on the previous ticket:
$ ls -lah /dev/tpm0
crw-rw---- 1 tss root 10, 224 Apr 22 12:30 /dev/tpm0
$ cat /sys/class/
2
$ sudo ./tcglog-check
open /sys/kernel/
Viktor Petersson (vpetersson) wrote : | #1 |
Valentin David (valentin.david) wrote : | #2 |
Valentin David (valentin.david) wrote : | #3 |
Also the output of "udevadm info /sys/class/
Viktor Petersson (vpetersson) wrote : | #4 |
Hi Valentin,
Sure thing:
$ findmnt --submounts /sys
TARGET SOURCE FSTYPE OPTIONS
/sys sysfs sysfs rw,nosuid,
├─/sys/
├─/sys/fs/cgroup cgroup2 cgroup2 rw,nosuid,
├─/sys/fs/pstore pstore pstore rw,nosuid,
├─/sys/
├─/sys/fs/bpf bpf bpf rw,nosuid,
├─/sys/kernel/debug debugfs debugfs rw,nosuid,
├─/sys/
├─/sys/
└─/sys/
$ udevadm info /sys/class/
P: /devices/
L: 0
E: DEVPATH=
E: DRIVER=tpm_crb
E: MODALIAS=
E: SUBSYSTEM=acpi
E: USEC_INITIALIZE
E: ID_VENDOR_
Valentin David (valentin.david) wrote : | #5 |
Is that machine using coreboot + edk2? Was the edk2 payload built with secure boot enabled?
Another common thing is wrong ACPI tables. It would be nice to get the journal output to see where the kernel failed.
What image did you test? Was it a stable build of UC22 for x86-64? Do you know which version of pc-kernel it is using?
Viktor Petersson (vpetersson) wrote : | #6 |
To add to this, we have a second device now that is behaving the same way. This device I would also expect to "just work" as it's a regular NUC (NUC13ANBi3), which should be supported by FDE on Core 22.
Debug output from this device:
$ ls -lah /dev/tpm0
crw-rw---- 1 tss root 10, 224 Apr 23 19:30 /dev/tpm0
$ cat /sys/class/
2
$ findmnt --submounts /sys
TARGET SOURCE FSTYPE OPTIONS
/sys sysfs sysfs rw,nosuid,
├─/sys/
├─/sys/fs/cgroup cgroup2 cgroup2 rw,nosuid,
├─/sys/fs/pstore pstore pstore rw,nosuid,
├─/sys/
├─/sys/fs/bpf bpf bpf rw,nosuid,
├─/sys/
├─/sys/kernel/debug debugfs debugfs rw,nosuid,
├─/sys/
└─/sys/
$ udevadm info /sys/class/
P: /devices/
L: 0
E: DEVPATH=
E: DRIVER=tpm_crb
E: MODALIAS=
E: SUBSYSTEM=acpi
E: USEC_INITIALIZE
E: ID_VENDOR_
$ sudo dmsetup ls --target crypt
No devices found
$ sudo blkid
/dev/loop1: TYPE="squashfs"
/dev/nvme0n1p5: LABEL="ubuntu-data" UUID="72f553b9-
/dev/nvme0n1p3: LABEL="ubuntu-boot" UUID="1a8e53a3-
/dev/nvme0n1p1: PARTLABEL="BIOS Boot" PARTUUID=
/dev/nvme0n1p4: LABEL="ubuntu-save" UUID="643db19f-
/dev/nvme0n1p2: LABEL_FATBOOT=
/dev/loop4: TYPE="squashfs"
/dev/loop2: TYPE="squashfs"
/dev/loop0: TYPE="squashfs"
/dev/loop3: TYPE="squashfs"
For both these devices, we used the upstream amd64 image (which should have 'prefer-encryption' set by default I believe).
Viktor Petersson (vpetersson) wrote (last edit ): | #7 |
Looks like the wires crossed. :)
> Is that machine using coreboot + edk2? Was the edk2 payload built with secure boot enabled?
We're using the upstream amd64 image to rule out any disk image errors (https:/
> Another common thing is wrong ACPI tables. It would be nice to get the journal output to see where the kernel failed.
Sure - here's the full output from `journalctl`:
https:/
> What image did you test? Was it a stable build of UC22 for x86-64? Do you know which version of pc-kernel it is using?
As mentioned, it's the upstream image.
Here's the list of snaps (after a `snap refresh` once though).
$ sudo snap list
Name Version Rev Tracking Publisher Notes
core22 20240408 1380 latest/stable canonical✓ base
pc 22-0.3 146 22/stable canonical✓ gadget
pc-kernel 5.15.0-105.115.1 1781 22/stable canonical✓ kernel
snapd 2.62 21465 latest/stable canonical✓ snapd
Valentin David (valentin.david) wrote : | #8 |
Is /sys/kernel/
I have tried the image on a NUC10i7FNB and it worked.
Also, could you look if the tpm has a lockout? Do this and give the output.
sudo snap install tpm2-tools-
sudo snap connect tpm2-tools-
sudo tpm2-tools-
If it has a lockout from another previously installed OS, then install may fail and install without tpm.
To reset the tpm you have to do
echo 5 | sudo tee /sys/class/
Then you have to reboot. You can force reinstall by rebooting with this command:
sudo snap reboot --install
For the Star Labs System's Byte Mk 2, could you give the content of all the /sys/devices/
Viktor Petersson (vpetersson) wrote (last edit ): | #9 |
For context - both of these systems should be brand new. To my knowledge, no other OS has been installed on either of them.
> Is /sys/kernel/
I need to wait until later today when my colleague wakes up to check that.
> Also, could you look if the tpm has a lockout? Do this and give the output.
Sure - this is the output from the Star Labs System device:
$ sudo snap install tpm2-tools-
tpm2-tools-
$ sudo snap connect tpm2-tools-
$ sudo tpm2-tools-
TPM2_PT_PERMANENT:
ownerAuthSet: 0
endorsementAu
lockoutAuthSet: 0
reserved1: 0
disableClear: 0
inLockout: 0
tpmGeneratedEPS: 0
reserved2: 0
TPM2_PT_
phEnable: 1
shEnable: 1
ehEnable: 1
phEnableNV: 1
reserved1: 0
orderly: 1
TPM2_PT_
TPM2_PT_HR_LOADED: 0x0
TPM2_PT_
TPM2_PT_HR_ACTIVE: 0x0
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
$ echo 5 | sudo tee /sys/class/
5
$ cat /sys/devices/
04/19/2024
24.2
coreboot
24.04
$ sudo snap reboot --install
[wait for the device to be re-instated]
$ findmnt --submounts /sys
TARGET SOURCE FSTYPE OPTIONS
/sys sysfs sysfs rw,nosuid,
├─/sys/
├─/sys/fs/cgroup cgroup2 cgroup2 rw,nosuid,
├─/sys/fs/pstore pstore pstore rw,nosuid,
├─/sys/
├─/sys/fs/bpf bpf bpf rw,nosuid,
├─/sys/kernel/debug debugfs debugfs rw,nosuid,
├─/sys/
├─/sys/
└─/sys/
$ sudo blkid
/dev/loop1: TYPE="squashfs"
/dev/nvme0n1p5: LABEL="ubuntu-data" UUID="4b2c84bc-
/dev/nvme0n1p3: LABEL="ubuntu-boot" UUID="5a2c439c-
Valentin David (valentin.david) wrote : | #10 |
For the Star Labs System, I think this is an issue with the firmware. I do not think the lockout is the issue.
Could you give the output of the following commands on the Star Labs System?
sudo cat /sys/firmware/
cat /sys/firmware/
Viktor Petersson (vpetersson) wrote : | #11 |
Sure thing:
$ sudo cat /sys/firmware/
54504D324C00000
00004000D4FE000
$ cat /sys/firmware/
cat: /sys/firmware/
$ ls /sys/firmware/
Boot0000-
Boot0001-
Boot0002-
BootCurrent-
BootOptionSuppo
BootOrder-
ConIn-8be4df61-
ConInDev-
Valentin David (valentin.david) wrote : | #12 |
It looks like the firmware on the Star Labs machine does not support secure boot. I wonder if it is a build of edk2 without secure boot and tpm2 enabled. Could you see if you can update the firmware with fwupd?
Viktor Petersson (vpetersson) wrote : | #13 |
> It looks like the firmware on the Star Labs machine does not support secure boot. I wonder if it is a build of edk2 without secure boot and tpm2 enabled. Could you see if you can update the firmware with fwupd?
I'm 99% sure it does. In fact, it will not boot anything that isn't Secure Boot
Viktor Petersson (vpetersson) wrote : | #14 |
Interesting:
$ sudo snap install test-snapd-mokutil --beta --devmode
test-snapd-mokutil (beta) 0.3.0 from Sergio Cazzolato (cachio) installed
$ test-snapd-mokutil --sb-state
This system doesn't support Secure Boot
Valentin David (valentin.david) wrote : | #15 |
> In fact, it will not boot anything that isn't Secure Boot
I think it is probably booting only UEFI and it cannot boot legacy BIOS. But I do not think it boots in secure boot.
Since they claim it can do secure boot and measured boot on their website, I expect there are newer builds of the firmware that can do it.
Or maybe there is some firmware configuration. Have you tried to go in the settings menu of the firmware? Probably pressing ESC while booting.
Viktor Petersson (vpetersson) wrote : | #16 |
Thanks, Valentin. I'm in conversation with the vendor and they are working on reproducing (and patching) the BIOS.
I'm also still awaiting the output from the other NUC.
Star Labs (starlabs) wrote : | #17 |
To update from our end. The current coreboot build is built with SecureBoot disabled and hidden.
We have since verified on our reference AMI firmware that the hardware will allow an FDE with TPM deployment of Ubuntu core 22.
Now we know the requirements, we can adjust the coreboot firmware to requirements.
Changed in snapd: | |
assignee: | nobody → Valentin David (valentin.david) |
status: | New → Triaged |
importance: | Undecided → High |
Viktor Petersson (vpetersson) wrote : | #18 |
@Valintin - I think we can rule out the Star Labs device for this for now. Will chat with the guys over there on the best way to proceed.
In the meantime, here's the output from the first NUC:
```
$ ls -l /sys/kernel/
-r--r----- 1 root root 0 Apr 25 17:38 /sys/kernel/
```
```
$ sudo snap install tpm2-tools-
tpm2-tools-
```
```
$ sudo snap connect tpm2-tools-
```
```
$ sudo tpm2-tools-
TPM2_PT_PERMANENT:
ownerAuthSet: 0
endorsementAu
lockoutAuthSet: 1
reserved1: 0
disableClear: 1
inLockout: 0
tpmGeneratedEPS: 0
reserved2: 0
TPM2_PT_
phEnable: 1
shEnable: 1
ehEnable: 1
phEnableNV: 1
reserved1: 0
orderly: 1
TPM2_PT_
TPM2_PT_HR_LOADED: 0x0
TPM2_PT_
TPM2_PT_HR_ACTIVE: 0x0
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
```
Valentin David (valentin.david) wrote : | #19 |
Yes, there is a lockout. There was probably another system using the TPM on this machine. Could you try to do the following?
echo 5 | sudo tee /sys/class/
sudo snap reboot --install
Viktor Petersson (vpetersson) wrote : | #20 |
Here's the output from the various commands after the reset:
$ sudo blkid
/dev/loop1: TYPE="squashfs"
/dev/nvme0n1p5: LABEL="ubuntu-data" UUID="d751579d-
/dev/nvme0n1p3: LABEL="ubuntu-boot" UUID="e946a179-
/dev/nvme0n1p1: PARTLABEL="BIOS Boot" PARTUUID=
/dev/nvme0n1p4: LABEL="ubuntu-save" UUID="f9db7166-
/dev/nvme0n1p2: LABEL_FATBOOT=
/dev/loop4: TYPE="squashfs"
/dev/loop2: TYPE="squashfs"
/dev/loop0: TYPE="squashfs"
/dev/loop3: TYPE="squashfs"
$ sudo dmsetup ls --target crypt
No devices found
$ lsblk -o NAME,SIZE,
NAME SIZE TYPE MOUNTPOINT
loop0 74.2M loop /snap/core22/1122
loop1 1.6M loop /snap/pc/146
loop2 296.3M loop /snap/pc-
loop3 334.8M loop /snap/pc-
loop4 40.4M loop /snap/snapd/20671
nvme0n1 238.5G disk
├─nvme0n1p1 1M part
├─nvme0n1p2 1.2G part /var/lib/snapd/seed
├─nvme0n1p3 750M part /run/mnt/
├─nvme0n1p4 32M part /var/lib/snapd/save
└─nvme0n1p5 236.5G part /writable
$ ls -l /sys/kernel/
-r--r----- 1 root root 0 May 1 13:08 /sys/kernel/
$ sudo snap install tpm2-tools-
tpm2-tools-
$ sudo snap connect tpm2-tools-
$ sudo tpm2-tools-
TPM2_PT_PERMANENT:
ownerAuthSet: 0
endorsementAu
lockoutAuthSet: 1
reserved1: 0
disableClear: 1
inLockout: 0
tpmGeneratedEPS: 0
reserved2: 0
TPM2_PT_
phEnable: 1
shEnable: 1
ehEnable: 1
phEnableNV: 1
reserved1: 0
orderly: 1
TPM2_PT_
TPM2_PT_HR_LOADED: 0x0
TPM2_PT_
TPM2_PT_HR_ACTIVE: 0x0
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
TPM2_PT_
From what I can gather based on the output, FDE did not kick in.
Valentin David (valentin.david) wrote : | #21 |
It looks like the tpm is still in use. If resetting with the command line I gave, could you try to clear TPM the BIOS menu, if that is available?
Also, could you also provide /var/log/
Viktor Petersson (vpetersson) wrote : | #22 |
Viktor Petersson (vpetersson) wrote : | #23 |
More logs here:
https:/
Eric will provide more info if needed.
Valentin David (valentin.david) wrote : | #24 |
I see
```
May 01 13:05:40 ubuntu snapd[1767]: install.go:207: not encrypting device storage as checking TPM gave: the TPM is in DA lockout mode
```
That confirms the issue. I do not understand why the reset did not work. Did you skip the reset on reboot? It might need user interaction during boot to confirm reset.
Eric M. (eric-screenly) wrote : | #25 |
- David-Output-05152024-408PM.txt Edit (9.0 KiB, text/plain)
Hi David,
I confirmed there is no interaction needed that I can tell. I don't see any other options presented during the reboot that are not usually presented (without the reset). I went through it once more, this time using --install, instead of --factory-reset like yesterday (--install however was done before on 4/30).
The output is attached for you.
Eric M. (eric-screenly) wrote : | #26 |
- install-mode.log.gz Edit (42.4 KiB, application/octet-stream)
Attaching new install-mode logs as well.
Eric M. (eric-screenly) wrote : | #27 |
Hi Valentin,
Was there anything else you could think of on this one? I have a second device now for testing that also exhibits the same symptoms.
Valentin David (valentin.david) wrote : | #28 |
I have looked at my NUC and request 5 also does not require user interaction.
But right, the --install does not recreate the partitions. My bad. Though the tpm did not fail this time. So this is good.
I suggest you boot some system from USB, reflash the disk with ubuntu core, or simply remove partitions 3, 4 and 5. Then do the PPI request from that USB booted system. Then reboot without the USB.
# Reminder, the PPI request can be done with:
echo 5 | sudo tee /sys/class/
Eric M. (eric-screenly) wrote : | #29 |
Hi Valentin,
I booted and ran Ubuntu Desktop 22.04 from a live USB, then completed the TPM request again. I then rebooted and reinstalled Ubuntu Core 22. When I checked again it appeared to still be showing the TPM locked out (`sudo tpm2-tools-
Valentin David (valentin.david) wrote : | #30 |
First, if the tpm shows lockout, but encryption is used, then it is fine. You can always verify in the install-mode.log, if there is a mention "the TPM is in DA lockout mode". It is the best way to detect if it went wrong.
I wonder if the first time you resetted the tpm and reinstalled Ubuntu Core, it might have worked. Did you check if the disks were encrypted?
I wonder why on the second re-install, that did not work. GPT has a backup table in the back of the disk. I wonder if it got confused and kept the old partitions. Though that should not happen. Wiping the last block of the disk before re-installing might help. But I have doubts.
The only way to debug it here would be to build an image with a modified gadget to disable reboots and enable debug shell.
If you download https:/
Eric M. (eric-screenly) wrote : | #31 |
Hi Valentin,
Looking back on my command output in my message on 5/15, it seems like it reported the ubuntu-data and ubuntu-save partitions were encrypted. I also tested with UC24 yesterday as well, and I was able to get to the same output. I've listed both relevant snippets below. Does this confirm that FDE is working as expected?
NUC13ANBi3 - UC22 (trimmed output from 5/15):
eric-screenly@
/dev/nvme0n1p5: UUID="ef7fb7cf-
/dev/nvme0n1p4: UUID="91781f52-
eric-screenly@
ubuntu-
ubuntu-
eric-screenly@
NAME SIZE TYPE MOUNTPOINT
nvme0n1 238.5G disk
├─nvme0n1p4 32M part
│ └─ubuntu-
└─nvme0n1p5 236.5G part
└─ubuntu-
=======
NUC13ANBi3 - UC24 (trimmed output from yesterday, 6/5)):
eric-screenly@
/dev/nvme0n1p5: UUID="e7190957-
/dev/nvme0n1p4: UUID="2c59de7c-
eric-screenly@
ubuntu-
ubuntu-
eric-screenly@
NAME SIZE TYPE MOUNTPOINT FSTYPE
nvme0n1 238.5G disk
├─nvme0n1p4 32M part crypto_LUKS
│ └─ubuntu-
└─nvme0n1p5 236.5G part crypto_LUKS
└─ubuntu-
Valentin David (valentin.david) wrote : | #32 |
This looks like it is working.
Do you still have issues where the recovery key is asked on reboot?
Eric M. (eric-screenly) wrote : | #33 |
Hey Valentin,
Rebooted and it does not ask for the recovery key any longer. Thanks for the help with this. I'll check back with Viktor and see if he has any comments.
What is the output of "findmnt --submounts /sys"?