Bug#1120542: linux-image-6.12.48+deb13-cloud-amd64: vTPM failed to initialize on Google Compute Engine SEV and TDX Confidentail VMs
Hi,
On Tue, Nov 11, 2025 at 09:37:32PM +0000, Korakit Seemakhupt wrote:
> Package: src:linux
> Version: 6.12.48-1
> Severity: important
> X-Debbugs-Cc: debian-amd64@lists.debian.org, korakit@google.com
> User: debian-amd64@lists.debian.org
> Usertags: amd64
>
> Dear Maintainer,
>
> vTPM devices are failing to initialize on Debian 13. This is a regression compared to Debian 12, which is based on older kernel and is not affected.
> This causes the attestation process to fail on Confidential VM running Debian 13.
> A part of kernel log related to this issue is provided below.
>
> The root cause is an upstream Linux kernel patch (commit# 8e690b817e38) first included in kernel v6.12, which changed the default memory caching mode for SEV-SNP and TDX and caused vTPM initialization to fail.
> A fix for this regression has been merged upstream and will be included in v6.18 kernel.
>
> We suggest Debian maintainers to either:
>
> 1. Revert the problematic patch (8e690b817e38) in the Debian 13 kernel. or
> 2. Backport the fix from upstream v6.18 to the Debian 13 kernel.
In such a case you want to ask stable upstream maintainers to pick a
fix as well for the needed stable series. Once this has happened,
Debian will pick up the fix.
Fortunately this is already the case, AFAICS the fix has landed in
6.17.4 and 6.12.54 stable versions upstream. This means that the
upcoming point release update will include the fix.
Regards,
Salvatore
Reply to: