I have the problem in 14.04 as well, I believe I found the root issue at play here.
FWIW: I noticed that just starting the tcsd daemon directly, with no option whatsoever, it worked:
# tcsd
# ps -edf | grep tcsd tss 31805 1 0 09:23 ? 00:00:00 tcsd
# fuser /dev/tpm0 /dev/tpm0: 31805
It appears the issue comes from this lines in the /etc/init.d/trousers script, which tries too hard to do the right thing::
start-stop-daemon --start --quiet --oknodo --pidfile /var/run/${NAME}.pid --user ${USER} --chuid ${USER} --exec ${DAEMON} -- ${DAEMON_OPTS}
The --chuid ${USER} is redundant to what the daemon does by itself, and the problem is that it removes its ability to open /dev/tpm0 as root and change uid afterwards.
After removing just the --chuid, it starts and works:
# /etc/init.d/trousers start * Starting Trusted Computing daemon tcsd [ OK ]
# tpm_version TPM 1.2 Version Info: Chip Version: 1.2.8.28 Spec Level: 2 Errata Revision: 3 TPM Vendor ID: STM TPM Version: 01010000 Manufacturer Info: 53544d20
That fix seems trivial and implies no change of permission, just letting upstream's code handle things as it should. Thoughts?
I have the problem in 14.04 as well, I believe I found the root issue at play here.
FWIW: I noticed that just starting the tcsd daemon directly, with no option whatsoever, it worked:
# tcsd
# ps -edf | grep tcsd
tss 31805 1 0 09:23 ? 00:00:00 tcsd
# fuser /dev/tpm0
/dev/tpm0: 31805
It appears the issue comes from this lines in the /etc/init. d/trousers script, which tries too hard to do the right thing::
start-stop-daemon --start --quiet --oknodo --pidfile /var/run/ ${NAME} .pid --user ${USER} --chuid ${USER} --exec ${DAEMON} -- ${DAEMON_OPTS}
The --chuid ${USER} is redundant to what the daemon does by itself, and the problem is that it removes its ability to open /dev/tpm0 as root and change uid afterwards.
After removing just the --chuid, it starts and works:
# /etc/init. d/trousers start
* Starting Trusted Computing daemon tcsd [ OK ]
# tpm_version
TPM 1.2 Version Info:
Chip Version: 1.2.8.28
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: STM
TPM Version: 01010000
Manufacturer Info: 53544d20
That fix seems trivial and implies no change of permission, just letting upstream's code handle things as it should. Thoughts?