You are not logged in.

#1 2017-02-07 22:10:49

mcloaked
Member
From: Yorkshire, UK
Registered: 2012-02-02
Posts: 1,222

[SOLVED] TPM error on boot

On boot on an Intel DQ77KB Ivybridge small form factor desktop I have been getting, for recent kernels, in the journal log lines like:
...
Feb 07 20:32:24 home1 kernel: tpm tpm0: A TPM error (7) occurred attempting to read a pcr value
Feb 07 20:32:24 home1 kernel: tpm tpm0: TPM is disabled/deactivated (0x7)
Feb 07 20:32:24 home1 kernel: PTP clock support registered
Feb 07 20:32:25 home1 kernel: i8042: No controller found
Feb 07 20:32:25 home1 kernel: [drm] Initialized
...

The machine continues to boot without further problems, but I don't know if this warning about TPM error needs addressing or is benign? ( I presume TPM =  Trusted Platform Module ?).  Although I haven't gone into the BIOS settings I am presuming that it is possible to change the status of TPM in the security settings between "active", "disabled" etc but I don't know if changing the current (default) setting would be sensible or whether leaving it as it is would be best. I didn't find any documents in searches that led to definitive advice about this issue, although I have seen similar errors referred to from various previous times going back a number of years, in various Linux distributions with a variety of motherboards.

Any advice gratefully received.

Last edited by mcloaked (2017-02-09 15:23:49)


Mike C

Offline

#2 2017-02-08 06:09:33

stanhope
Member
Registered: 2016-04-18
Posts: 6

Re: [SOLVED] TPM error on boot

No advice to offer, but bios>security>chip default is 'inactive'. Changing to either 'active' or 'disabled' (I went with 'disabled')  gets rid of error.
This on a ThinkPad T510.

Offline

#3 2017-02-08 19:42:09

mcloaked
Member
From: Yorkshire, UK
Registered: 2012-02-02
Posts: 1,222

Re: [SOLVED] TPM error on boot

stanhope wrote:

No advice to offer, but bios>security>chip default is 'inactive'. Changing to either 'active' or 'disabled' (I went with 'disabled')  gets rid of error.
This on a ThinkPad T510.

Thanks - it would be nice to understand if there are any consequences to changing the setting in Bios to one of the two options you quoted.  Maybe since I am not using secure boot it doesn't make any difference, but I would like to have a little more depth to my understanding of this security chip and what the system expects of it in terms of the linux kernel.

Edit: I also now found some useful extra information at https://wiki.archlinux.org/index.php/Tr … orm_Module and https://lwn.net/Articles/674751/ so perhaps there is a possible additional use in changing the bios security setting to make tpm active.
Edit2: In my system in the BIOS setup I went to Configuration->Onboard Devices and changed the Trusted Platform Module from Disabled to Enabled and rebooted. The only line in the log is now:

Feb 09 15:21:02 home1 kernel: tpm_tis 00:06: 1.2 TPM (device-id 0xFE, rev-id 71)

So the original warning error is gone and the machine works normally. With the TPM active it would in the future be possible to utilise TPM features if necessary. I'll mark this as solved.

Last edited by mcloaked (2017-02-09 15:23:31)


Mike C

Offline

Board footer

Powered by FluxBB