On 19.01.2024 19:47, Morten Bo Johansen wrote:
On 2024-01-19 Mantas Mikulėnas wrote:
In general I've learned to not quite trust what the firmware shows... we've
had a batch of Skylake-or-so desktops that *did* have a CPU-integrated fTPM
but it wasn't even mentioned until we did a BIOS update, even though CPU
spec said it should be present.
However, your CPU is from Haswell era and according to the spec sheet it
definitely seems to lack Intel's PTT "built-in TPM 2.0" feature (it has the
older IPT but that's a different thing, not a TPM equivalent), so that
seems correct. If I understand correctly, the only option for that CPU
would be a discrete TPM chip, and if the manufacturer had bothered to
include one, it ought to be showing up in the BIOS settings.
On the other hand, you said you have a /dev/tpm0... I'm somewhat curious
about whether there are any mentions 'tpm' or 'tis' or something like that
in your `dmesg`?
~/ % dmesg | grep -i tpm
[ 0.275738] tpm_tis 00:05: 1.2 TPM (device-id 0x0, rev-id 78)
This message means that driver detected TPM 1.2. Enabling debug messages
may provide some more information.
[ 26.180565] systemd[1]: systemd 255.2-3-arch running in system mode (+PAM +AUDIT -SELINUX -APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified)
[ 26.852953] systemd[1]: Listening on TPM2 PCR Extension (Varlink).
[ 26.891210] systemd[1]: Starting TPM2 PCR Machine ID Measurement...
So systemd probably should not be trying anything TPM 2.0 related.
~/ % dmesg | grep -i tis
[ 0.275738] tpm_tis 00:05: 1.2 TPM (device-id 0x0, rev-id 78)
A virtual machine won't be able to see the real TPM either way (or any
other real hardware; it's kinda what makes it a virtual machine). All it
would see is a vTPM provided by the VM host software.
Okay.
I shall try to upgrade the bios to the latest version and see
if something shows up.
Thanks,
Morten
