You are not logged in.

Pages: 1

#1 2025-12-20 17:10:11

NotMyTpm
Member
Registered: 2025-12-20
Posts: 1

Systemd v259 breaks TPM 2.0, all services error on boot

The other day, I updated to Systemd v259. Today, when I rebooted, I found that several services were failing. They are:

systemd-pcrproduct.service           TPM NvPCR Product ID Measurement
systemd-tpm2-setup-early.service  Early TPM SRK Setup
systemd-tpm2-setup.service          TPM SRK Setup

They all have the same error:

WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:401:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2)
Failed to seal to TPM2: State not recoverable

I don't use TPM 2.0 disk encryption but I would still like my firmware attestation system to be working. After searching I couldn't find much besides that tpm2_rc_decode says the error is:
"tpm:session(1):authorization failure without DA implications"
I suspect clearing the TPM may solve this but that's not optimal at all, I want to know WHY this happened.
I tried updating my BIOS (which included a Intel ME update) but the error didn't change.

Bootctl reports "TPM2 Support: yes"

System:
-Arch Linux x86_64
-AUR Packages: None
-CPU: i7-14700K
-Firmware (according to bootctl): UEFI 2.80 (American Megatrends 5.27)
-TPM: Intel Fake TPM (via Intel ME)

Offline

#2 2025-12-20 18:02:46

system72
Member
Registered: 2025-11-22
Posts: 311
Website

Re: Systemd v259 breaks TPM 2.0, all services error on boot

already reported here https://github.com/systemd/systemd/issues/40159

7712 0a9f 0e6b F099 091d  438b 8b38 5527 5dfd D001

Offline

Pages: 1

Board footer

Powered by FluxBB