Bug#817946: Installation of Debian 8.3 alongside another distro renders it unbootable

To: Philip Hands <phil@hands.com>, cpblpublic+debian@gmail.com
Cc: 817946@bugs.debian.org
Subject: Bug#817946: Installation of Debian 8.3 alongside another distro renders it unbootable
From: Ben Hutchings <ben@decadent.org.uk>
Date: Sun, 13 Mar 2016 22:10:15 +0000
Message-id: <[🔎] 1457907015.3331.51.camel@decadent.org.uk>
Reply-to: Ben Hutchings <ben@decadent.org.uk>, 817946@bugs.debian.org
In-reply-to: <[🔎] 87ziu2tcb0.fsf@whist.hands.com>
References: <[🔎] alpine.DEB.2.20.1603111555270.25420@cpbl-x230> <[🔎] 87ziu2tcb0.fsf@whist.hands.com>

On Sun, 2016-03-13 at 20:20 +0100, Philip Hands wrote:
> cpblpublic+debian@gmail.com writes:
> 
> > 
> > Package: installation-reports
> > 
> > Version: 8.3
> > 
> > Hello. I just installed Debian 8.3 in a partition alongside Ubuntu 15.10 
> > on a Lenovo X230 Tablet.
> > 
> > 
> > Everything goes okay, and it claims that it writing the boot record should 
> > be safe and will preserve the Ubuntu 15.10 that it found.
> > 
> > However, upon rebooting, Ubuntu no longer boots. Its graphical booting 
> > sequence just hangs on the little logo with dots moving along.
> > 
> > In the terminal 1 screen, the following errors are reported:
> > 
> > tpm_tis  A TPM error (6) occurred atempting to read a pcr
> OK, so that's failing to talk to the TPM (Trusted Platform Module)
> 
> I'm guessing (not having tried any of this) that the problem is that
> Ubuntu had installed the secure boot shim and GRUB, and that stuff is
> somehow needed for the TPM to work properly, and that having overwritten
> that GRUB with Debian's, it won't work.
[...]

I think you're confusing Secure Boot with Trusted Boot.  Secure Boot
does not use a TPM, and it ensures the integrity of the core OS in the
face of remote attacks only.  Trusted Boot requires a TPM and ensures
integrity even in the face of physically present attackers that can
tamper with hardware (to some extent).

If integrity is lost, that should not prevent reading PCRs, but it
would prevent reading secrets (such as disk decryption keys) that are
stored in the TPM.  I would instead suspect one of the following:

1. The error in the tpm_tis driver has been there all along, is
harmless (because nothing is using the TPM), and the failure is
unrelated to this message.
2. The Ubuntu kernel behaves differently on this hardware depending on
whether it was booted 'cold' (from power-off) or 'warm' (reboot).
3. This is a regression in the tpm_tis driver in the Ubuntu kernel that
is unrelated to the upgrade.

Ben.

-- 
Ben Hutchings
If at first you don't succeed, you're doing about average.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Bug#817946: Installation of Debian 8.3 alongside another distro renders it unbootable
  - From: Philip Hands <phil@hands.com>

References:
- Bug#817946: Installation of Debian 8.3 alongside another distro renders it unbootable
  - From: cpblpublic+debian@gmail.com
- Bug#817946: Installation of Debian 8.3 alongside another distro renders it unbootable
  - From: Philip Hands <phil@hands.com>

Prev by Date: flash-kernel_3.35+deb8u3_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Next by Date: Bug#814343: Fwd: Bug#814343: Bug on scretch installation
Previous by thread: Bug#817946: Installation of Debian 8.3 alongside another distro renders it unbootable
Next by thread: Bug#817946: Installation of Debian 8.3 alongside another distro renders it unbootable
Index(es):
- Date
- Thread