1) Booted to Windows 10 to install newest tpm firmware for my HP EliteBook 820 G4
laptop using HP TPM Configuration Utility.
2) Booted to Ubuntu 19.10 (kernel 5.3.0-18-generic) with Secureboot enabled and TPM disabled
3) Purged and uninstalled all grub* packages (Yes, I know, pretty dangerous :-)
4) Only reinstalled following grub packages
~>apt list --installed|grep grub
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
* The command sudo tpm2_nvlist gives lots of output
However, I haven't succeeded in enabling Secureboot and TPM 2.0 at the same time.... On my laptop, I have to choose to either enable Secureboot or enable TPM 2.0, not both.
I have followed this troubleshooting procedure:
1) Booted to Windows 10 to install newest tpm firmware for my HP EliteBook 820 G4
laptop using HP TPM Configuration Utility.
2) Booted to Ubuntu 19.10 (kernel 5.3.0-18-generic) with Secureboot enabled and TPM disabled
3) Purged and uninstalled all grub* packages (Yes, I know, pretty dangerous :-)
4) Only reinstalled following grub packages
~>apt list --installed|grep grub
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
grub-common/ eoan,now 2.04-1ubuntu12 amd64 [installed, automatic] /eoan,now 5.1.0-1 amd64 [installed] amd64-bin/ eoan,now 2.04-1ubuntu12 amd64 [installed, automatic] amd64-signed/ eoan,now 1.128+2. 04-1ubuntu12 amd64 [installed] -lists/ eoan,now 0.7 amd64 [installed, automatic] bin/eoan, now 2.04-1ubuntu12 amd64 [installed, automatic] automatic] eoan,now 2.04-1ubuntu12 amd64 [installed] ges/eoan, eoan,now 1.0.1+nmu1 all [installed] ubuntu- mate/eoan, eoan,now 0.3.7 all [installed] ubuntustudio/ eoan,eoan, now 0.2 all [installed]
grub-customizer
grub-efi-
grub-efi-
grub-gfxpayload
grub-pc-
grub-pc/eoan,now 2.04-1ubuntu12 amd64 [installed,
grub2-common/
grub2-splashima
grub2-themes-
grub2-themes-
grub2/eoan,now 2.04-1ubuntu12 amd64 [installed]
5) Ran sudo update-grub2
6) Updated Ubuntu kernel to signed kernel version 5.3.0-19-generic
7) In UEFI, disabled SecureBoot and enabled TPM 2.0.
8) Successfully rebooted into Ubuntu 19.10 with TPM 2.0 enabled and SecureBoot disabled
~>dmesg | grep -i tpm 0xd9f76000 SMBIOS=0xd9765000 SMBIOS 3.0=0xd9763000 MEMATTR=0xd5f3c018 ESRT=0xd9766b18 drivers/ char/tpm tpm/tpm0/ ./MSFT0101: 00 ./../.. /class/ tpm
[ 0.000000] efi: ACPI=0xd9ffe000 ACPI 2.0=0xd9ffe014 TPMFinalLog=
[ 0.016058] ACPI: SSDT 0x00000000D9FEC000 0003B3 (v02 HPQOEM Tpm2Tabl 00001000 INTL 20160422)
[ 0.016061] ACPI: TPM2 0x00000000D9FEB000 000034 (v03 HPQOEM EDK2 00000002 01000013)
[ 4.129890] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1B, rev-id 16)
~> uname -a
HP-EliteBook-820-G4 5.3.0-19-generic #20-Ubuntu SMP Fri Oct 18 09:04:39 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
$ ls -la /lib/modules/`uname -r`/kernel/
total 172
drwxr-xr-x 3 root root 4096 Okt 22 10:58 .
drwxr-xr-x 9 root root 4096 Okt 22 10:58 ..
drwxr-xr-x 2 root root 4096 Okt 22 10:58 st33zp24
-rw-r--r-- 1 root root 11737 Okt 18 10:17 tpm_atmel.ko
-rw-r--r-- 1 root root 11697 Okt 18 10:17 tpm_i2c_atmel.ko
-rw-r--r-- 1 root root 16473 Okt 18 10:17 tpm_i2c_infineon.ko
-rw-r--r-- 1 root root 22721 Okt 18 10:17 tpm_i2c_nuvoton.ko
-rw-r--r-- 1 root root 22177 Okt 18 10:17 tpm_infineon.ko
-rw-r--r-- 1 root root 17017 Okt 18 10:17 tpm_nsc.ko
-rw-r--r-- 1 root root 11617 Okt 18 10:17 tpm_tis_spi.ko
-rw-r--r-- 1 root root 17361 Okt 18 10:17 tpm_vtpm_proxy.ko
-rw-r--r-- 1 root root 14585 Okt 18 10:17 xen-tpmfront.ko
$ ps -aux|grep tpm_dev
root 140 0.0 0.0 0 0 ? I< 12:52 0:00 [tpm_dev_wq]
$ ls -lart /sys/class/
total 0
drwxr-xr-x 2 root root 0 Okt 22 13:22 ppi
drwxr-xr-x 2 root root 0 Okt 22 13:22 power
lrwxrwxrwx 1 root root 0 Okt 22 13:22 device -> ../../.
-r--r--r-- 1 root root 4096 Okt 22 13:22 dev
-rw-r--r-- 1 root root 4096 Okt 22 2019 uevent
lrwxrwxrwx 1 root root 0 Okt 22 2019 subsystem -> ../../.
drwxr-xr-x 3 root root 0 Okt 22 2019 ..
drwxr-xr-x 4 root root 0 Okt 22 2019 .
* The command sudo tpm2_nvlist gives lots of output
However, I haven't succeeded in enabling Secureboot and TPM 2.0 at the same time.... On my laptop, I have to choose to either enable Secureboot or enable TPM 2.0, not both.