Ubuntu

ima: No TPM chip found, activating TPM-bypass!

Asked by John Dope

Dear All,

My HP Envy x360 laptop has TPM2.0, which was working with Windows 10 previously. I recently installed Kubuntu 22.10 and it is not working. I have installed the relevant tpm packages and tools. But there is no /dev/tpm0 for example.

How can I make it work??

 sudo dmesg | grep -i tpm:
[ 0.000000] efi: TPMFinalLog=0x9d037000 ACPI 2.0=0x9cb81000 ACPI=0x9cb81000 SMBIOS=0x9d630000 SMBIOS 3.0=0x9d62f000 ESRT=0x99de0b98 MOKvar=0x9b7e7000 RNG=0x9d5e8798 TPMEventLog=0x72968018
[ 0.006174] ACPI: TPM2 0x000000009CBAB310 000034 (v04 HPQOEM 8496 00000001 HP 00000000)
[ 0.006223] ACPI: Reserving TPM2 table memory at [mem 0x9cbab310-0x9cbab343]
[ 1.163838] tpm_crb MSFT0101:00: [Firmware Bug]: ACPI region does not cover the entire command/response buffer. [mem 0x9d067000-0x9d067fff flags 0x200] vs 9d067000 4000
[ 1.163850] tpm_crb MSFT0101:00: can't request region for resource [mem 0x9d067000-0x9d067fff]
[ 1.163855] tpm_crb: probe of MSFT0101:00 failed with error -16
[ 1.240132] ima: No TPM chip found, activating TPM-bypass!
[ 55.784284] systemd[1]: systemd 251.4-1ubuntu7 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[ 57.244185] audit: type=1400 audit(1669237898.563:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="swtpm" pid=822 comm="apparmor_parser"

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

"tpm_crb MSFT0101:00: [Firmware Bug]: ACPI region does not cover the entire command/response buffer."

Do you have the newest version of the BIOS installed (according to HP support pages it probably should be F.51 Rev.A?

sudo dmidecode --type bios

Revision history for this message
John Dope (vbee) said : 		#2

MY current BIOS version seems to be F.42. I will check to see if I can update it.

# dmidecode 3.4
Getting SMBIOS data from sysfs.
SMBIOS 3.1.1 present.

Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
        Vendor: AMI
        Version: F.42
        Release Date: 05/13/2019
        Address: 0xF0000
        Runtime Size: 64 kB
        ROM Size: 16 MB
        Characteristics:
                PCI is supported
                BIOS is upgradeable
                BIOS shadowing is allowed
                Boot from CD is supported
                Selectable boot is supported
                EDD is supported
                5.25"/1.2 MB floppy services are supported (int 13h)
                3.5"/720 kB floppy services are supported (int 13h)
                3.5"/2.88 MB floppy services are supported (int 13h)
                Print screen service is supported (int 5h)
                8042 keyboard services are supported (int 9h)
                Serial services are supported (int 14h)
                Printer services are supported (int 17h)
                ACPI is supported
                USB legacy is supported
                Smart battery is supported
                BIOS boot specification is supported
                Function key-initiated network boot is supported
                Targeted content distribution is supported
                UEFI is supported
        BIOS Revision: 15.42
        Firmware Revision: 92.46

Handle 0x001C, DMI type 13, 22 bytes
BIOS Language Information
        Language Description Format: Long
        Installable Languages: 5
                en|US|iso8859-1
                fr|FR|iso8859-1
                es|ES|iso8859-1
                zh|TW|unicode
                zh|CN|unicode
        Currently Installed Language: en|US|iso8859-1

Revision history for this message
John Dope (vbee) said (last edit ): 		#3

After a lot of effort, I updated my BIOS to the latest version F.51. It seems that the TPM is recognized in the system (for example I see the /dev/tpm0) and I don't get that "No TPM chip found ..." error anymore, but I cannot access it/enable it in any way.

/$ sudo tpm_setenable -s
Tspi_Context_Connect failed: 0x00003011 - layer=tsp, code=0011 (17), Communication failure

# dmidecode 3.4
Getting SMBIOS data from sysfs.
SMBIOS 3.2.0 present.

Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
        Vendor: AMI
        Version: F.51
        Release Date: 07/26/2022
        Address: 0xF0000
        Runtime Size: 64 kB
        ROM Size: 16 MB
        Characteristics:
                PCI is supported
                BIOS is upgradeable
                BIOS shadowing is allowed
                Boot from CD is supported
                Selectable boot is supported
                EDD is supported
                5.25"/1.2 MB floppy services are supported (int 13h)
                3.5"/720 kB floppy services are supported (int 13h)
                3.5"/2.88 MB floppy services are supported (int 13h)
                Print screen service is supported (int 5h)
                8042 keyboard services are supported (int 9h)
                Serial services are supported (int 14h)
                Printer services are supported (int 17h)
                ACPI is supported
                USB legacy is supported
                Smart battery is supported
                BIOS boot specification is supported
                Function key-initiated network boot is supported
                Targeted content distribution is supported
                UEFI is supported
        BIOS Revision: 15.51
        Firmware Revision: 92.48

Handle 0x0036, DMI type 13, 22 bytes
BIOS Language Information
        Language Description Format: Long
        Installable Languages: 5
                en|US|iso8859-1
                fr|FR|iso8859-1
                es|ES|iso8859-1
                zh|TW|unicode
                zh|CN|unicode
        Currently Installed Language: en|US|iso8859-1

/$ sudo dmesg | grep -i tpm
[ 0.000000] efi: TPMFinalLog=0x9cf7e000 ACPI 2.0=0x99955000 ACPI=0x99955000 SMBIOS=0x9d547000 SMBIOS 3.0=0x9d546000 ESRT=0x99d5fb18 MOKvar=0x9b6c1000 RNG=0x9d585c98 TPMEventLog=0x726af018
[ 0.006155] ACPI: TPM2 0x000000009997F280 000038 (v04 HPQOEM 8496 00000001 HP 00000000)
[ 0.006208] ACPI: Reserving TPM2 table memory at [mem 0x9997f280-0x9997f2b7]
[ 15.464668] systemd[1]: systemd 251.4-1ubuntu7 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[ 16.870224] audit: type=1400 audit(1669299615.175:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="swtpm" pid=777 comm="apparmor_parser"

Revision history for this message
John Dope (vbee) said (last edit ): 		#4

I installed the all the available TPM kernel modlules in my system:

:/usr/lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm$ sudo modprobe -a -v tpm_atmel tpm_i2c_atmel tpm_i2c_infineon tpm_i2c_nuvoton tpm_infineon tpm_nsc tpm_tis_i2c_cr50 tpm_tis_spi tpm_vtpm_proxy

insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_atmel.ko
modprobe: ERROR: could not insert 'tpm_atmel': No such device
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_i2c_atmel.ko
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_i2c_infineon.ko
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_i2c_nuvoton.ko
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_infineon.ko
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_nsc.ko
modprobe: ERROR: could not insert 'tpm_nsc': No such device
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_tis_i2c_cr50.ko
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_tis_spi.ko
insmod /lib/modules/5.19.0-23-generic/kernel/drivers/char/tpm/tpm_vtpm_proxy.ko

2 failed to load. But I still cannot access the TPM module.

$ sudo tcsd -f
TCSD TDDL ERROR: Could not find a device to open!

Revision history for this message
Bernard Stafford (bernard010) said (last edit ): 		#5

Is this a dual boot system ? Windows 10 and Kubuntu 22.10
Does your Windows 10 work okay ?
Does your Kubuntu work okay ? Boot and performance of the O.S. ?
Ubuntu and its flavors are not designed by default to have a TPM to function.
So far the only O.S. requiring a TPM chip to function is Windows 11..

Revision history for this message
John Dope (vbee) said : 		#6

No dual boot. Just Kubuntu. Works fine other than this issue.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#7

https://paolozaino.wordpress.com/2021/02/21/linux-configure-and-use-your-tpm-2-0-module-on-linux/

Does that help?

Revision history for this message
Launchpad Janitor (janitor) said : 		#8

This question was expired because it remained in the 'Needs information' state without activity for the last 15 days.

Revision history for this message
John Dope (vbee) said : 		#9

@actionparsnip

No unfortunately. I followed the instructions on the link you provided but it didn't help.

As per my previous messages, I can see there is a TPM device, I don't get any errors, but it appears no tpm driver is loaded in the kernel.

lsmod | grep -i tpm returns nothing

But I can see that there are drivers installed in the system
sudo find /lib/modules/$(uname -r)/kernel/drivers/ -iname "*tpm*"
/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm
/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_i2c_nuvoton.ko
/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_i2c_atmel.ko
/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_infineon.ko
/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_nsc.ko
/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/st33zp24/tpm_st33zp24_spi.ko
/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/st33zp24/tpm_st33zp24_i2c.ko
/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/st33zp24/tpm_st33zp24.ko
/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/xen-tpmfront.ko
/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_atmel.ko
/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_tis_spi.ko
/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_vtpm_proxy.ko
/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_i2c_infineon.ko
/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_tis_i2c_cr50.ko

sudo dmesg | grep -i tpm returns:

[ 0.000000] efi: TPMFinalLog=0x9cf7e000 ACPI 2.0=0x99955000 ACPI=0x99955000 SMBIOS=0x9d547000 SMBIOS 3.0=0x9d546000 ESRT=0x99d5fb18 MOKvar=0x9b6c1000 RNG=0x9d585c98 TPMEventLog=0x989f2018
[ 0.006029] ACPI: TPM2 0x000000009997F280 000038 (v04 HPQOEM 8496 00000001 HP 00000000)
[ 0.006082] ACPI: Reserving TPM2 table memory at [mem 0x9997f280-0x9997f2b7]
[ 17.706590] systemd[1]: systemd 251.4-1ubuntu7 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[ 19.351052] audit: type=1400 audit(1671801987.675:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="swtpm" pid=778 comm="apparmor_parser"

The tpm2-abrmd service is running:

systemctl status tpm2-abrmd
● tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
     Loaded: loaded (/lib/systemd/system/tpm2-abrmd.service; enabled; preset: enabled)
     Active: active (running) since Fri 2022-12-23 14:26:28 CET; 30min ago
   Main PID: 941 (tpm2-abrmd)
      Tasks: 6 (limit: 17785)
     Memory: 1.7M
        CPU: 83ms
     CGroup: /system.slice/tpm2-abrmd.service
             └─941 /usr/sbin/tpm2-abrmd

dec 23 14:26:28 HP-ENVY systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon...
dec 23 14:26:28 HP-ENVY systemd[1]: Started TPM2 Access Broker and Resource Management Daemon.

When itry to install the drivers, some of them do get installed in the kernel: (i have no idea which is the correct one, so I try all of them out):

sudo modprobe -a -v tpm_atmel tpm_i2c_atmel tpm_i2c_infineon tpm_i2c_nuvoton tpm_infineon tpm_nsc tpm_tis_i2c_cr50 tpm_tis_spi tpm_vtpm_proxy xen-tpmfront

insmod /lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_atmel.ko
modprobe: ERROR: could not insert 'tpm_atmel': No such device
insmod /lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_i2c_atmel.ko
insmod /lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_i2c_infineon.ko
insmod /lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_i2c_nuvoton.ko
insmod /lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_infineon.ko
insmod /lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_nsc.ko
modprobe: ERROR: could not insert 'tpm_nsc': No such device
insmod /lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_tis_i2c_cr50.ko
insmod /lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_tis_spi.ko
insmod /lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/tpm_vtpm_proxy.ko
insmod /lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm/xen-tpmfront.ko
modprobe: ERROR: could not insert 'xen_tpmfront': No such device

$ lsmod | grep -i 'tpm'
tpm_vtpm_proxy 20480 0
tpm_tis_spi 20480 0
tpm_tis_i2c_cr50 16384 0
tpm_infineon 20480 0
tpm_i2c_nuvoton 24576 0
tpm_i2c_infineon 20480 0
tpm_i2c_atmel 20480 0

But again, when I sudo tcsd -f
TCSD TDDL ERROR: Could not find a device to open!

Revision history for this message
Manfred Hampl (m-hampl) said : 		#10

There are some programs available in the package tpm_tools

What output do you get for commands like

tpm_version
sudo tpm_version
tpm_selftest
sudo tpm_selftest

Revision history for this message
John Dope (vbee) said : 		#11

/usr/lib/modules/5.19.0-26-generic/kernel/drivers/char/tpm$ cat /sys/class/tpm/tpm0/device/driver/MSFT0101\:00/description
TPM 2.0 Device

sudo tcsd -f
TCSD TDDL ERROR: Could not find a device to open!

sudo tpm_version
Tspi_Context_Connect failed: 0x00003011 - layer=tsp, code=0011 (17), Communication failure

sudo tpm_selftest
Tspi_Context_Connect failed: 0x00003011 - layer=tsp, code=0011 (17), Communication failure

I am not sure if this is relevant for TPM 2.0 but tscd service has failed:

sudo systemctl status tcsd.service
× trousers.service - LSB: starts tcsd
     Loaded: loaded (/etc/init.d/trousers; generated)
     Active: failed (Result: exit-code) since Fri 2022-12-23 15:35:25 CET; 34s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 6891 ExecStart=/etc/init.d/trousers start (code=exited, status=137)
        CPU: 17ms

dec 23 15:35:25 HP-ENVY systemd[1]: Starting LSB: starts tcsd...
dec 23 15:35:25 HP-ENVY trousers[6891]: * Starting Trusted Computing daemon tcsd
dec 23 15:35:25 HP-ENVY trousers[6891]: ...fail!
dec 23 15:35:25 HP-ENVY systemd[1]: trousers.service: Control process exited, code=exited, status=137/n/a
dec 23 15:35:25 HP-ENVY systemd[1]: trousers.service: Failed with result 'exit-code'.
dec 23 15:35:25 HP-ENVY systemd[1]: Failed to start LSB: starts tcsd.

Revision history for this message
Launchpad Janitor (janitor) said : 		#12

This question was expired because it remained in the 'Open' state without activity for the last 15 days.