Do not start tcsd when a TPM 2.0 is on the system

Bug #1802133 reported by Stefan Berger
This bug affects 4 people
Affects Status Importance Assigned to Milestone
trousers (Ubuntu)

Bug Description

When a TPM 2.0 is on the system, do not try to start tcsd and have it report failures due to it talking to a TPM 2.0 rather than a TPM 1.2. The following bash script lets one detect a TPM 1.2 on the system:

function is_tpm12()
        exec 100<>/dev/tpm0
        /usr/bin/echo -en '\x00\xc1\x00\x00\x00\x0a\x00\x00\x00\xf1' >&100
        res=$(od -t x1 -An <&100)
        exec 100>&-
        [ "${res:0:6}" == " 00 c4" ] && return 0
        return 1

if ! is_tpm12; then
        echo "Not a TPM 1.2"

Please incorporate the above script into the post installation script of trousers.

The reported failures may otherwise look as follows:

invoke-rc.d: initscript trousers, action "start" failed.
? trousers.service - LSB: starts tcsd
   Loaded: loaded (/etc/init.d/trousers; generated)
   Active: failed (Result: exit-code) since Wed 2018-11-07 14:41:14 UTC; 6ms ago
     Docs: man:systemd-sysv-generator(8)
  Process: 690 ExecStart=/etc/init.d/trousers start (code=exited, status=137)

Starting LSB: starts tcsd...
* Starting Trusted Computing daemon tcsd
/etc/init.d/trousers: 32: [: /dev/tpm0: unexpected operator!
trousers.service: Control process exited, code=exited status=137
trousers.service: Failed with result 'exit-code'.
Failed to start LSB: starts tcsd.
dpkg: error processing package trousers (--configure):
 installed trousers package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of tpm-tools:
 tpm-tools depends on trousers; however:
  Package trousers is not configured yet.

dpkg: error processing package tpm-tools (--configure):
 dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
                                                                                                          Errors were encountered while processing:

This patch will also help users of the 'swtpm' project to use a virtual TPM on the system where tcsd is needed if a TPM 1.2 is to be virtualized.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: trousers 0.3.13-4
ProcVersionSignature: Ubuntu 4.4.0-96.119-generic 4.4.83
Uname: Linux 4.4.0-96-generic x86_64
NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_lsm_pinned_6101 falcon_lsm_pinned_5704 falcon_lsm_pinned_5607
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Wed Nov 7 11:04:44 2018
InstallationDate: Installed on 2016-10-11 (756 days ago)
InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
 PATH=(custom, no user)
SourcePackage: trousers
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.tcsd.conf: [inaccessible: [Errno 13] Permission denied: '/etc/tcsd.conf']

Revision history for this message
Stefan Berger (stefanb-us) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in trousers (Ubuntu):
status: New → Confirmed
Revision history for this message
Woodrow Shen (woodrow-shen) wrote :

For now, on 20.04, this problem still happened.

Revision history for this message
Woodrow Shen (woodrow-shen) wrote :

But, basically, we may not use tpm 1.2 and its tool anymore due to likely transitioning to 2.0 for the general case.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers