ima: No TPM chip found, activating TPM-bypass!

Asked by John Dope

Dear All,

My HP Envy x360 laptop has TPM2.0, which was working with Windows 10 previously. I recently installed Kubuntu 22.10 and it is not working. I have installed the relevant tpm packages and tools. But there is no /dev/tpm0 for example.

How can I make it work??

 sudo dmesg | grep -i tpm:
[ 0.000000] efi: TPMFinalLog=0x9d037000 ACPI 2.0=0x9cb81000 ACPI=0x9cb81000 SMBIOS=0x9d630000 SMBIOS 3.0=0x9d62f000 ESRT=0x99de0b98 MOKvar=0x9b7e7000 RNG=0x9d5e8798 TPMEventLog=0x72968018
[ 0.006174] ACPI: TPM2 0x000000009CBAB310 000034 (v04 HPQOEM 8496 00000001 HP 00000000)
[ 0.006223] ACPI: Reserving TPM2 table memory at [mem 0x9cbab310-0x9cbab343]
[ 1.163838] tpm_crb MSFT0101:00: [Firmware Bug]: ACPI region does not cover the entire command/response buffer. [mem 0x9d067000-0x9d067fff flags 0x200] vs 9d067000 4000
[ 1.163850] tpm_crb MSFT0101:00: can't request region for resource [mem 0x9d067000-0x9d067fff]
[ 1.163855] tpm_crb: probe of MSFT0101:00 failed with error -16
[ 1.240132] ima: No TPM chip found, activating TPM-bypass!
[ 55.784284] systemd[1]: systemd 251.4-1ubuntu7 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[ 57.244185] audit: type=1400 audit(1669237898.563:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="swtpm" pid=822 comm="apparmor_parser"

Question information

Language:
English Edit question
Status:
Needs information
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said :
#1

"tpm_crb MSFT0101:00: [Firmware Bug]: ACPI region does not cover the entire command/response buffer."

Do you have the newest version of the BIOS installed (according to HP support pages it probably should be F.51 Rev.A?

sudo dmidecode --type bios

Revision history for this message
John Dope (vbee) said :
#2

MY current BIOS version seems to be F.42. I will check to see if I can update it.

# dmidecode 3.4
Getting SMBIOS data from sysfs.
SMBIOS 3.1.1 present.

Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
        Vendor: AMI
        Version: F.42
        Release Date: 05/13/2019
        Address: 0xF0000
        Runtime Size: 64 kB
        ROM Size: 16 MB
        Characteristics:
                PCI is supported
                BIOS is upgradeable
                BIOS shadowing is allowed
                Boot from CD is supported
                Selectable boot is supported
                EDD is supported
                5.25"/1.2 MB floppy services are supported (int 13h)
                3.5"/720 kB floppy services are supported (int 13h)
                3.5"/2.88 MB floppy services are supported (int 13h)
                Print screen service is supported (int 5h)
                8042 keyboard services are supported (int 9h)
                Serial services are supported (int 14h)
                Printer services are supported (int 17h)
                ACPI is supported
                USB legacy is supported
                Smart battery is supported
                BIOS boot specification is supported
                Function key-initiated network boot is supported
                Targeted content distribution is supported
                UEFI is supported
        BIOS Revision: 15.42
        Firmware Revision: 92.46

Handle 0x001C, DMI type 13, 22 bytes
BIOS Language Information
        Language Description Format: Long
        Installable Languages: 5
                en|US|iso8859-1
                fr|FR|iso8859-1
                es|ES|iso8859-1
                zh|TW|unicode
                zh|CN|unicode
        Currently Installed Language: en|US|iso8859-1

Revision history for this message
John Dope (vbee) said (last edit ):
#3

After a lot of effort, I updated my BIOS to the latest version F.51. It seems that the TPM is recognized in the system (for example I see the /dev/tpm0) and I don't get that "No TPM chip found ..." error anymore, but I cannot access it/enable it in any way.

/$ sudo tpm_setenable -s
Tspi_Context_Connect failed: 0x00003011 - layer=tsp, code=0011 (17), Communication failure

# dmidecode 3.4
Getting SMBIOS data from sysfs.
SMBIOS 3.2.0 present.

Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
        Vendor: AMI
        Version: F.51
        Release Date: 07/26/2022
        Address: 0xF0000
        Runtime Size: 64 kB
        ROM Size: 16 MB
        Characteristics:
                PCI is supported
                BIOS is upgradeable
                BIOS shadowing is allowed
                Boot from CD is supported
                Selectable boot is supported
                EDD is supported
                5.25"/1.2 MB floppy services are supported (int 13h)
                3.5"/720 kB floppy services are supported (int 13h)
                3.5"/2.88 MB floppy services are supported (int 13h)
                Print screen service is supported (int 5h)
                8042 keyboard services are supported (int 9h)
                Serial services are supported (int 14h)
                Printer services are supported (int 17h)
                ACPI is supported
                USB legacy is supported
                Smart battery is supported
                BIOS boot specification is supported
                Function key-initiated network boot is supported
                Targeted content distribution is supported
                UEFI is supported
        BIOS Revision: 15.51
        Firmware Revision: 92.48

Handle 0x0036, DMI type 13, 22 bytes
BIOS Language Information
        Language Description Format: Long
        Installable Languages: 5
                en|US|iso8859-1
                fr|FR|iso8859-1
                es|ES|iso8859-1
                zh|TW|unicode
                zh|CN|unicode
        Currently Installed Language: en|US|iso8859-1

/$ sudo dmesg | grep -i tpm
[ 0.000000] efi: TPMFinalLog=0x9cf7e000 ACPI 2.0=0x99955000 ACPI=0x99955000 SMBIOS=0x9d547000 SMBIOS 3.0=0x9d546000 ESRT=0x99d5fb18 MOKvar=0x9b6c1000 RNG=0x9d585c98 TPMEventLog=0x726af018
[ 0.006155] ACPI: TPM2 0x000000009997F280 000038 (v04 HPQOEM 8496 00000001 HP 00000000)
[ 0.006208] ACPI: Reserving TPM2 table memory at [mem 0x9997f280-0x9997f2b7]
[ 15.464668] systemd[1]: systemd 251.4-1ubuntu7 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[ 16.870224] audit: type=1400 audit(1669299615.175:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="swtpm" pid=777 comm="apparmor_parser"

Revision history for this message
John Dope (vbee) said (last edit ):
#4

I installed the all the available TPM kernel modlules in my system:

:/usr/lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm$ sudo modprobe -a -v tpm_atmel tpm_i2c_atmel tpm_i2c_infineon tpm_i2c_nuvoton tpm_infineon tpm_nsc tpm_tis_i2c_cr50 tpm_tis_spi tpm_vtpm_proxy

insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_atmel.ko
modprobe: ERROR: could not insert 'tpm_atmel': No such device
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_i2c_atmel.ko
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_i2c_infineon.ko
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_i2c_nuvoton.ko
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_infineon.ko
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_nsc.ko
modprobe: ERROR: could not insert 'tpm_nsc': No such device
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_tis_i2c_cr50.ko
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_tis_spi.ko
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_vtpm_proxy.ko

2 failed to load. But I still cannot access the TPM module.

$ sudo tcsd -f
TCSD TDDL ERROR: Could not find a device to open!

Revision history for this message
Bernard Stafford (bernard010) said (last edit ):
#5

Is this a dual boot system ? Windows 10 and Kubuntu 22.10
Does your Windows 10 work okay ?
Does your Kubuntu work okay ? Boot and performance of the O.S. ?
Ubuntu and its flavors are not designed by default to have a TPM to function.
So far the only O.S. requiring a TPM chip to function is Windows 11..

Revision history for this message
John Dope (vbee) said :
#6

No dual boot. Just Kubuntu. Works fine other than this issue.

Revision history for this message
actionparsnip (andrew-woodhead666) said :
#7

Can you help with this problem?

Provide an answer of your own, or ask John Dope for more information if necessary.

To post a message you must log in.