[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1065392: marked as done (linux-image-6.7.7-amd64: Regression : "Failed to unseal secret using TPM2: Invalid argument")



Your message dated Wed, 3 Jul 2024 09:40:31 +0200
with message-id <[🔎] ZoUAbxgQiEq2bgMz@eldamar.lan>
and subject line Re: Bug#1065392: Problem solved with linux-image-6.9.7-amd64
has caused the Debian Bug report #1065392,
regarding linux-image-6.7.7-amd64: Regression : "Failed to unseal secret using TPM2: Invalid argument"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1065392: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065392
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: src:linux
Version: 6.7.7-1
Severity: normal

Dear Maintainer,

Decryting my home LUKS partition at boot with tpm2 works fine with linux-image-6.6.15-amd64 but fails with linux-image-6.7.7-amd64.

systemd-cryptsetup gives the folowing messages:

mars 03 17:10:51 myrtille systemd[1]: Starting systemd-cryptsetup@home.service - Cryptography Setup for home...
mars 03 17:10:52 myrtille systemd-cryptsetup[500]: WARNING:esys:src/tss2-esys/api/Esys_Unseal.c:295:Esys_Unseal_Finish() Received TPM Error
mars 03 17:10:52 myrtille systemd-cryptsetup[500]: ERROR:esys:src/tss2-esys/api/Esys_Unseal.c:98:Esys_Unseal() Esys Finish ErrorCode (0x00000128)
mars 03 17:10:52 myrtille systemd-cryptsetup[500]: Failed to unseal secret using TPM2: Invalid argument
mars 03 17:10:52 myrtille systemd-cryptsetup[500]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-uuid/e560bff8-34ab-40d7-ac80->
mars 03 17:10:53 myrtille systemd-cryptsetup[500]: WARNING:esys:src/tss2-esys/api/Esys_Unseal.c:295:Esys_Unseal_Finish() Received TPM Error
mars 03 17:10:53 myrtille systemd-cryptsetup[500]: ERROR:esys:src/tss2-esys/api/Esys_Unseal.c:98:Esys_Unseal() Esys Finish ErrorCode (0x00000128)
mars 03 17:10:53 myrtille systemd-cryptsetup[500]: Failed to unseal secret using TPM2: Invalid argument

I enrool the tpm key with systemd-cryptenroll using the default PCR 7 and secure boot is enabled.

$ systemd-cryptenroll --tpm2-device=list
PATH        DEVICE     DRIVER 
/dev/tpmrm0 IFX1522:00 tpm_tis

Regards

-- Package-specific info:
** Version:
Linux version 6.7.7-amd64 (debian-kernel@lists.debian.org) (x86_64-linux-gnu-gcc-13 (Debian 13.2.0-16.1) 13.2.0, GNU ld (GNU Binutils for Debian) 2.42) #1 SMP PREEMPT_DYNAMIC Debian 6.7.7-1 (2024-03-02)

** Command line:
BOOT_IMAGE=/boot/vmlinuz-6.7.7-amd64 root=UUID=6dc0e7ec-e588-4c76-8c94-0ad097ce4975 ro acpi_backlight=video systemd.show-status=true systemd.restore_state=0 quiet

** Not tainted

** Kernel log:
[    6.374921] skl_hda_dsp_generic skl_hda_dsp_generic: hda_dsp_hdmi_build_controls: no PCM in topology for HDMI converter 3
[    6.389974] usb 3-10: new full-speed USB device number 3 using xhci_hcd
[    6.392506] usb 3-4: Found UVC 1.50 device Integrated RGB Camera (30c9:0050)
[    6.402456] input: sof-hda-dsp Mic as /devices/pci0000:00/0000:00:1f.3/skl_hda_dsp_generic/sound/card0/input16
[    6.402480] input: sof-hda-dsp Headphone as /devices/pci0000:00/0000:00:1f.3/skl_hda_dsp_generic/sound/card0/input17
[    6.402552] input: sof-hda-dsp HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:1f.3/skl_hda_dsp_generic/sound/card0/input18
[    6.402587] input: sof-hda-dsp HDMI/DP,pcm=4 as /devices/pci0000:00/0000:00:1f.3/skl_hda_dsp_generic/sound/card0/input19
[    6.402614] input: sof-hda-dsp HDMI/DP,pcm=5 as /devices/pci0000:00/0000:00:1f.3/skl_hda_dsp_generic/sound/card0/input20
[    6.406427] usbcore: registered new interface driver uvcvideo
[    6.461599] iwlwifi 0000:00:14.3: WFPM_UMAC_PD_NOTIFICATION: 0x20
[    6.461657] iwlwifi 0000:00:14.3: WFPM_LMAC2_PD_NOTIFICATION: 0x1f
[    6.461666] iwlwifi 0000:00:14.3: WFPM_AUTH_KEY_0: 0x90
[    6.461675] iwlwifi 0000:00:14.3: CNVI_SCU_SEQ_DATA_DW9: 0x0
[    6.463101] iwlwifi 0000:00:14.3: RFIm is deactivated, reason = 4
[    6.550379] usb 3-10: New USB device found, idVendor=8087, idProduct=0033, bcdDevice= 0.00
[    6.550392] usb 3-10: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[    6.558698] iwlwifi 0000:00:14.3: Registered PHC clock: iwlwifi-PTP, with index: 1
[    6.595787] alg: No test for fips(ansi_cprng) (fips_ansi_cprng)
[    6.716051] Bluetooth: Core ver 2.22
[    6.716070] NET: Registered PF_BLUETOOTH protocol family
[    6.716072] Bluetooth: HCI device and connection manager initialized
[    6.716074] Bluetooth: HCI socket layer initialized
[    6.716076] Bluetooth: L2CAP socket layer initialized
[    6.716080] Bluetooth: SCO socket layer initialized
[    6.760417] usbcore: registered new interface driver btusb
[    6.764010] Bluetooth: hci0: Device revision is 0
[    6.764014] Bluetooth: hci0: Secure boot is enabled
[    6.764016] Bluetooth: hci0: OTP lock is enabled
[    6.764017] Bluetooth: hci0: API lock is enabled
[    6.764017] Bluetooth: hci0: Debug lock is disabled
[    6.764018] Bluetooth: hci0: Minimum firmware build 1 week 10 2014
[    6.764020] Bluetooth: hci0: Bootloader timestamp 2019.40 buildtype 1 build 38
[    6.764244] ACPI Warning: \_SB.PC00.XHCI.RHUB.HS10._DSM: Argument #4 type mismatch - Found [Integer], ACPI requires [Package] (20230628/nsarguments-61)
[    6.764274] Bluetooth: hci0: DSM reset method type: 0x00
[    6.768607] bluetooth hci0: firmware: direct-loading firmware intel/ibt-0040-0041.sfi
[    6.771091] Bluetooth: hci0: Found device firmware: intel/ibt-0040-0041.sfi
[    6.771411] Bluetooth: hci0: Boot Address: 0x100800
[    6.771412] Bluetooth: hci0: Firmware Version: 98-13.23
[    7.490605] typec port1: bound usb3-port6 (ops connector_ops [usbcore])
[    7.490629] typec port1: bound usb2-port3 (ops connector_ops [usbcore])
[    9.119465] Bluetooth: hci0: Waiting for firmware download to complete
[    9.119483] Bluetooth: hci0: Firmware loaded in 2293044 usecs
[    9.119587] Bluetooth: hci0: Waiting for device to boot
[    9.136636] Bluetooth: hci0: Device booted in 16724 usecs
[    9.145624] bluetooth hci0: firmware: direct-loading firmware intel/ibt-0040-0041.ddc
[    9.145660] Bluetooth: hci0: Found Intel DDC parameters: intel/ibt-0040-0041.ddc
[    9.152358] Bluetooth: hci0: Applying Intel DDC parameters completed
[    9.157044] Bluetooth: hci0: Firmware timestamp 2023.13 buildtype 1 build 62562
[   12.096437] EXT4-fs (dm-0): mounted filesystem fefd59ff-3519-4b59-b87e-4a6a3a94c436 r/w with ordered data mode. Quota mode: none.
[   12.114061] audit: type=1400 audit(1709491619.719:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libreoffice-senddoc" pid=973 comm="apparmor_parser"
[   12.114402] audit: type=1400 audit(1709491619.719:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libreoffice-xpdfimport" pid=975 comm="apparmor_parser"
[   12.114716] audit: type=1400 audit(1709491619.719:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="lsb_release" pid=968 comm="apparmor_parser"
[   12.114767] audit: type=1400 audit(1709491619.719:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libreoffice-oosplash" pid=972 comm="apparmor_parser"
[   12.115029] audit: type=1400 audit(1709491619.719:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="nvidia_modprobe" pid=969 comm="apparmor_parser"
[   12.115032] audit: type=1400 audit(1709491619.719:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="nvidia_modprobe//kmod" pid=969 comm="apparmor_parser"
[   12.115390] audit: type=1400 audit(1709491619.719:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/man" pid=971 comm="apparmor_parser"
[   12.115392] audit: type=1400 audit(1709491619.719:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="man_filter" pid=971 comm="apparmor_parser"
[   12.115395] audit: type=1400 audit(1709491619.719:12): apparmor="STATUS" operation="profile_load" profile="unconfined" name="man_groff" pid=971 comm="apparmor_parser"
[   12.115424] audit: type=1400 audit(1709491619.719:13): apparmor="STATUS" operation="profile_load" profile="unconfined" name="unbound" pid=978 comm="apparmor_parser"
[   12.202888] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[   12.202890] Bluetooth: BNEP filters: protocol multicast
[   12.202895] Bluetooth: BNEP socket layer initialized
[   12.204067] Bluetooth: MGMT ver 1.22
[   12.206114] NET: Registered PF_ALG protocol family
[   12.224409] alg: No test for hmac(md4) (hmac(md4-generic))
[   12.281375] Bluetooth: RFCOMM TTY layer initialized
[   12.281379] Bluetooth: RFCOMM socket layer initialized
[   12.281382] Bluetooth: RFCOMM ver 1.11
[   12.404687] Bluetooth: hci0: Bad flag given (0x1) vs supported (0x0)
[   12.578730] iwlwifi 0000:00:14.3: WFPM_UMAC_PD_NOTIFICATION: 0x20
[   12.578790] iwlwifi 0000:00:14.3: WFPM_LMAC2_PD_NOTIFICATION: 0x1f
[   12.578798] iwlwifi 0000:00:14.3: WFPM_AUTH_KEY_0: 0x90
[   12.578856] iwlwifi 0000:00:14.3: CNVI_SCU_SEQ_DATA_DW9: 0x0
[   12.580341] iwlwifi 0000:00:14.3: RFIm is deactivated, reason = 4
[   13.023739] wlan0: authenticate with 30:b5:c2:d7:83:d9 (local address=84:7b:57:57:88:e3)
[   13.024195] wlan0: send auth to 30:b5:c2:d7:83:d9 (try 1/3)
[   13.057591] wlan0: 30:b5:c2:d7:83:d9 denied authentication (status 77)
[   13.107760] wlan0: authenticate with 30:b5:c2:d7:83:d9 (local address=84:7b:57:57:88:e3)
[   13.108478] wlan0: send auth to 30:b5:c2:d7:83:d9 (try 1/3)
[   13.189234] wlan0: authenticate with 30:b5:c2:d7:83:d9 (local address=84:7b:57:57:88:e3)
[   13.189809] wlan0: send auth to 30:b5:c2:d7:83:d9 (try 1/3)
[   13.215794] systemd-journald[387]: /var/log/journal/2aaab0ab662b4aa1b20f86af01203165/user-1000.journal: Journal file uses a different sequence number ID, rotating.
[   13.238879] wlan0: authenticated
[   13.240268] wlan0: associate with 30:b5:c2:d7:83:d9 (try 1/3)
[   13.242188] wlan0: RX AssocResp from 30:b5:c2:d7:83:d9 (capab=0x11 status=0 aid=1)
[   13.246697] wlan0: associated
[   16.951910] warning: `panel-13-wavela' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   22.315948] input: BM20X-5.0 as /devices/virtual/misc/uhid/0005:000E:3412.0002/input/input21
[   22.316860] hid-generic 0005:000E:3412.0002: input,hidraw1: BLUETOOTH HID v4.00 Mouse [BM20X-5.0] on 84:7b:57:57:88:e7
[   26.120208] kauditd_printk_skb: 13 callbacks suppressed
[   26.120214] audit: type=1400 audit(1709491633.801:27): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/evince-thumbnailer" name="/tmp/tumbler-ZFFHK2.png" pid=1594 comm="evince-thumbnai" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000
[   26.161566] audit: type=1400 audit(1709491633.837:28): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/evince-thumbnailer" name="/tmp/tumbler-9YW7J2.png" pid=1599 comm="evince-thumbnai" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000
[   26.197926] audit: type=1400 audit(1709491633.873:29): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/evince-thumbnailer" name="/tmp/tumbler-6TD7J2.png" pid=1604 comm="evince-thumbnai" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000
[   26.238683] audit: type=1400 audit(1709491633.918:30): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/evince-thumbnailer" name="/tmp/tumbler-W5L9J2.png" pid=1609 comm="evince-thumbnai" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000
[   26.272142] audit: type=1400 audit(1709491633.950:31): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/evince-thumbnailer" name="/tmp/tumbler-9B6AK2.png" pid=1614 comm="evince-thumbnai" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000
[   26.316795] audit: type=1400 audit(1709491633.994:32): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/evince-thumbnailer" name="/tmp/tumbler-QHHAK2.png" pid=1619 comm="evince-thumbnai" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000
[   26.351312] audit: type=1400 audit(1709491634.030:33): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/evince-thumbnailer" name="/tmp/tumbler-0FO2J2.png" pid=1624 comm="evince-thumbnai" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000
[   26.426511] audit: type=1400 audit(1709491634.106:34): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/evince-thumbnailer" name="/tmp/tumbler-79Z1J2.png" pid=1629 comm="evince-thumbnai" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000
[   26.494679] audit: type=1400 audit(1709491634.174:35): apparmor="DENIED" operation="open" class="file" profile="/usr/bin/evince-thumbnailer" name="/tmp/tumbler-AOK3J2.png" pid=1635 comm="evince-thumbnai" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000
[   77.523677] audit: type=1400 audit(1709491685.225:36): apparmor="DENIED" operation="capable" class="cap" profile="/usr/sbin/cupsd" pid=1678 comm="cupsd" capability=12  capname="net_admin"

** Model information
sys_vendor: LENOVO
product_name: 21BVCTO1WW
product_version: ThinkPad T16 Gen 1
chassis_vendor: LENOVO
chassis_version: None
bios_vendor: LENOVO
bios_version: N3MET18W (1.17 )
board_vendor: LENOVO
board_name: 21BVCTO1WW
board_version: Not Defined

** Loaded modules:
uhid
ctr
snd_seq_dummy
snd_hrtimer
snd_seq
snd_seq_device
nls_ascii
nls_cp437
vfat
ccm
fat
algif_aead
rfcomm
crypto_null
des3_ede_x86_64
des_generic
libdes
cmac
md4
algif_skcipher
algif_hash
af_alg
bnep
binfmt_misc
dm_crypt
btusb
btrtl
btintel
btbcm
btmtk
bluetooth
sha3_generic
jitterentropy_rng
drbg
ansi_cprng
ecdh_generic
ecc
uvcvideo
videobuf2_vmalloc
uvc
videobuf2_memops
videobuf2_v4l2
videodev
videobuf2_common
snd_ctl_led
mc
snd_soc_skl_hda_dsp
snd_soc_hdac_hdmi
snd_soc_intel_hda_dsp_common
snd_sof_probes
snd_hda_codec_hdmi
snd_hda_codec_realtek
snd_hda_codec_generic
snd_soc_dmic
snd_sof_pci_intel_tgl
snd_sof_intel_hda_common
soundwire_intel
soundwire_generic_allocation
snd_sof_intel_hda_mlink
soundwire_cadence
snd_sof_intel_hda
snd_sof_pci
snd_sof_xtensa_dsp
intel_uncore_frequency
snd_sof
intel_uncore_frequency_common
joydev
x86_pkg_temp_thermal
intel_powerclamp
snd_sof_utils
snd_soc_hdac_hda
coretemp
iwlmvm
crc32_pclmul
snd_hda_ext_core
snd_soc_acpi_intel_match
ghash_clmulni_intel
snd_soc_acpi
sha512_ssse3
snd_soc_core
sha512_generic
snd_compress
mac80211
sha256_ssse3
snd_pcm_dmaengine
sha1_ssse3
soundwire_bus
snd_hda_intel
snd_intel_dspcfg
snd_intel_sdw_acpi
processor_thermal_device_pci
snd_hda_codec
aesni_intel
processor_thermal_device
processor_thermal_wt_hint
crypto_simd
snd_hda_core
thinkpad_acpi
iTCO_wdt
processor_thermal_rfim
cryptd
hid_multitouch
intel_pmc_bxt
snd_hwdep
libarc4
ucsi_acpi
processor_thermal_rapl
intel_rapl_msr
nvram
hid_generic
xhci_pci
rapl
mei_wdt
iTCO_vendor_support
iwlwifi
snd_pcm
typec_ucsi
intel_rapl_common
ledtrig_audio
mei_pxp
mei_hdcp
pmt_telemetry
intel_cstate
xhci_hcd
i2c_hid_acpi
watchdog
snd_timer
platform_profile
intel_lpss_pci
processor_thermal_wt_req
typec
cfg80211
pmt_class
mei_me
intel_uncore
usbcore
pcspkr
i2c_hid
i2c_i801
snd
intel_lpss
think_lmi
processor_thermal_power_floor
roles
mei
processor_thermal_mbox
int3403_thermal
e1000e
firmware_attributes_class
wmi_bmof
thunderbolt
soundcore
i2c_smbus
intel_hid
idma64
igen6_edac
hid
intel_vsec
usb_common
int3400_thermal
rfkill
battery
ac
int340x_thermal_zone
acpi_pad
intel_pmc_core
button
sparse_keymap
acpi_thermal_rel
acpi_tad
pkcs8_key_parser
dm_mod
efi_pstore
loop
configfs
nfnetlink
efivarfs
ip_tables
x_tables
autofs4
ext4
crc16
mbcache
jbd2
crc32c_generic
i915
i2c_algo_bit
drm_buddy
ttm
nvme
drm_display_helper
nvme_core
drm_kms_helper
t10_pi
crc64_rocksoft
drm
crc64
crc_t10dif
crct10dif_generic
evdev
cec
psmouse
crct10dif_pclmul
crc32c_intel
serio_raw
video
rc_core
crct10dif_common
fan
wmi

** PCI devices:
not available

** USB devices:
not available


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.7.7-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages linux-image-6.7.7-amd64 depends on:
ii  initramfs-tools [linux-initramfs-tool]  0.142
ii  kmod                                    31+20240202-2
ii  linux-base                              4.9

Versions of packages linux-image-6.7.7-amd64 recommends:
ii  apparmor             3.0.12-1+b2
pn  firmware-linux-free  <none>

Versions of packages linux-image-6.7.7-amd64 suggests:
pn  debian-kernel-handbook  <none>
ii  grub-efi-amd64          2.12-1
pn  linux-doc-6.7           <none>

Versions of packages linux-image-6.7.7-amd64 is related to:
pn  firmware-amd-graphics     <none>
pn  firmware-atheros          <none>
pn  firmware-bnx2             <none>
pn  firmware-bnx2x            <none>
pn  firmware-brcm80211        <none>
pn  firmware-cavium           <none>
pn  firmware-intel-sound      <none>
pn  firmware-intelwimax       <none>
pn  firmware-ipw2x00          <none>
pn  firmware-ivtv             <none>
ii  firmware-iwlwifi          20230625-2
pn  firmware-libertas         <none>
pn  firmware-linux-nonfree    <none>
ii  firmware-misc-nonfree     20230625-2
pn  firmware-myricom          <none>
pn  firmware-netxen           <none>
pn  firmware-qlogic           <none>
pn  firmware-realtek          <none>
pn  firmware-samsung          <none>
pn  firmware-siano            <none>
pn  firmware-ti-connectivity  <none>
pn  xen-hypervisor            <none>

-- no debconf information

--- End Message ---
--- Begin Message ---
Source: linux
Source-Version: 6.9.7-1

Hi,

On Sat, Jun 29, 2024 at 07:39:07AM +0200, pdormeau@free.fr wrote:
> Hello,
> 
> As the issue is solved with 6.9.7 kernel, this bug can be closed.

Thanks for confirming.

Regards,
Salvatore

--- End Message ---

Reply to: