Ubuntu
trousers package

Do not start tcsd when a TPM 2.0 is on the system

Bug #1802133 reported by Stefan Berger
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
trousers (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

When a TPM 2.0 is on the system, do not try to start tcsd and have it report failures due to it talking to a TPM 2.0 rather than a TPM 1.2. The following bash script lets one detect a TPM 1.2 on the system:

function is_tpm12()
{
        exec 100<>/dev/tpm0
        /usr/bin/echo -en '\x00\xc1\x00\x00\x00\x0a\x00\x00\x00\xf1' >&100
        res=$(od -t x1 -An <&100)
        exec 100>&-
        [ "${res:0:6}" == " 00 c4" ] && return 0
        return 1
}

if ! is_tpm12; then
        echo "Not a TPM 1.2"
fi

Please incorporate the above script into the post installation script of trousers.

The reported failures may otherwise look as follows:

invoke-rc.d: initscript trousers, action "start" failed.
? trousers.service - LSB: starts tcsd
   Loaded: loaded (/etc/init.d/trousers; generated)
   Active: failed (Result: exit-code) since Wed 2018-11-07 14:41:14 UTC; 6ms ago
     Docs: man:systemd-sysv-generator(8)
  Process: 690 ExecStart=/etc/init.d/trousers start (code=exited, status=137)

Starting LSB: starts tcsd...
* Starting Trusted Computing daemon tcsd
/etc/init.d/trousers: 32: [: /dev/tpm0: unexpected operator
      ...fail!
trousers.service: Control process exited, code=exited status=137
trousers.service: Failed with result 'exit-code'.
Failed to start LSB: starts tcsd.
dpkg: error processing package trousers (--configure):
 installed trousers package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of tpm-tools:
 tpm-tools depends on trousers; however:
  Package trousers is not configured yet.

dpkg: error processing package tpm-tools (--configure):
 dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
                                                                                                          Errors were encountered while processing:
 trousers
 tpm-tools

This patch will also help users of the 'swtpm' project to use a virtual TPM on the system where tcsd is needed if a TPM 1.2 is to be virtualized.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: trousers 0.3.13-4
ProcVersionSignature: Ubuntu 4.4.0-96.119-generic 4.4.83
Uname: Linux 4.4.0-96-generic x86_64
NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_lsm_pinned_6101 falcon_lsm_pinned_5704 falcon_lsm_pinned_5607
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Wed Nov 7 11:04:44 2018
InstallationDate: Installed on 2016-10-11 (756 days ago)
InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: trousers
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.tcsd.conf: [inaccessible: [Errno 13] Permission denied: '/etc/tcsd.conf']

Revision history for this message
Stefan Berger (stefanb-us) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in trousers (Ubuntu):
status: New → Confirmed
Revision history for this message
Woodrow Shen (woodrow-shen) wrote :

For now, on 20.04, this problem still happened.

Revision history for this message
Woodrow Shen (woodrow-shen) wrote :

But, basically, we may not use tpm 1.2 and its tool anymore due to likely transitioning to 2.0 for the general case.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.