Hi, On Mon, Apr 15, 2024 at 04:02:46PM +0200, Lennart Poettering wrote: > On Mo, 15.04.24 10:38, Mikko Rapeli (mikko.rapeli@xxxxxxxxxx) wrote: > > > Hi, > > > > On Fri, Apr 12, 2024 at 05:03:18PM +0300, Aleksandar Kostadinov wrote: > > > Shouldn't the kernel automatically load the necessary modues when > > > devices are detected... given proper udev rules and module > > > availability in the initrd filesystem? I guess it depends on how you > > > build your initrd system for including them. > > > > The modules do get loaded but too late in the initramfs stage and something > > in the tpm2.target and related service was failing and creating TPM2 encrypted > > rootfs fails. I could not figure out at which stage the driver needs to be loaded, > > e.g. > > Before: modprobe@tpm_tis_core.service modprobe@tpm_tis.service modprobe@tpm_ftpm_tee.service > > > > But I'm also trying to fix the root causes why TPM modules can't be built into the > > kernel so lucky that resolves these issues. Would be nice to know to which stage > > the TPM2 module loading would need to happen though. > > This should not require manual handling. The driver should be > auto-loaded via udev and stuff, like any other driver. Or does the > "tpm-ftpm_tee" thing carry no modalias info that autoloads it if some > specific hw is around? With latest rebase/update from systemd 254 to 255 I'm not yet testing on fTPM devices but trying to get TPM2 backed rootfs genereted with qemu and swtpm which required basic tpm_tis_core and tpm_tis modules to be loaded. udev does load them but too late for tpm2.target or the services needed for systemd-repart config with Encrypt=tpm2 to work. Changing TPM drivers to built-in fixed all these issues, and I'm now able to do this since I have the RPMB in kernel patches applied and tee-supplicant is not needed anymore. The issue with TPM drivers as modules was somewhere in the mount of the newly created TPM2 backed filesystem, possibly ConditionSecurity=measured-uki failing. Full boot log in: https://pastebin.com/raw/6xy5x5NP Cheers, -Mikko
Re: Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
- From: Mikko Rapeli <mikko.rapeli@xxxxxxxxxx>
- Date: Mon, 15 Apr 2024 17:23:55 +0300
- Cc: Aleksandar Kostadinov <akostadi@xxxxxxxxxx>, systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <Zh0zhqyw5JBs92VO@gardel-login>
- References: <ZaaNdktdXl5Jgnu4@nuoska> <Zc8qv0YS_tBWMUfA@nuoska> <ZdMTJQIk1hMPzAc_@nuoska> <ZdMzGtyCVsbzOz6K@gardel-login> <ZhT-U4exTjg0wHlr@nuoska> <ZhY-hpEyib1WzCrd@nuoska> <CAPws7kZpX0ONPxvk+TV-XeBPPbhzq3i3Cs64BbMWwN8kpnBfmg@mail.gmail.com> <ZhzZXIUwHif1IRvC@nuoska> <Zh0zhqyw5JBs92VO@gardel-login>
- Follow-Ups:
- References:
- Handle device node timeout?
- From: Mikko Rapeli
- Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
- From: Mikko Rapeli
- Re: Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
- From: Mikko Rapeli
- Re: Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
- From: Lennart Poettering
- Re: Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
- From: Mikko Rapeli
- Re: Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
- From: Mikko Rapeli
- Re: Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
- From: Aleksandar Kostadinov
- Re: Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
- From: Mikko Rapeli
- Re: Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
- From: Lennart Poettering
- Handle device node timeout?
- Prev by Date: Re: Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
- Next by Date: Re: Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
- Previous by thread: Re: Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
- Next by thread: Re: Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
- Index(es):
 |