meta-iotedge icon indicating copy to clipboard operation
meta-iotedge copied to clipboard

Published 20 hours ago verified publisher icon Azure

aziottpm user is not added to tss group list

Open Dvergatal opened this issue 1 year ago • 0 comments

The below entry of /etc/group is created by current meta-iotedge receipes:

tss:x:987:

This is evidently missing aziottpm user connection and that is why we are getting such error:

Mar 22 13:58:57 eg aziot-tpmd[805]: WARNING:tcti:../tpm2-tss-3.2.0/src/tss2-tcti/tcti-device.c:440:Tss2_Tcti_Device_Init() Failed to open default TCTI device file /dev/tpmrm0: Permission denied
Mar 22 13:58:57 eg aziot-tpmd[805]: WARNING:tcti:../tpm2-tss-3.2.0/src/tss2-tcti/tcti-device.c:440:Tss2_Tcti_Device_Init() Failed to open default TCTI device file /dev/tpm0: Permission denied
Mar 22 13:58:57 eg aziot-tpmd[805]: ERROR:tcti:../tpm2-tss-3.2.0/src/tss2-tcti/tcti-device.c:445:Tss2_Tcti_Device_Init() Could not open any default TCTI device file
Mar 22 13:58:57 eg aziot-tpmd[805]: ERROR:tcti:../tpm2-tss-3.2.0/src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: device
Mar 22 13:58:57 eg aziot-tpmd[805]: ERROR:tcti:../tpm2-tss-3.2.0/src/tss2-tcti/tctildr.c:428:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI
Mar 22 13:58:57 eg systemd[1]: aziot-identityd.service: Main process exited, code=exited, status=1/FAILURE
Mar 22 13:58:57 eg aziot-tpmd[805]: 2023-03-22T13:58:57Z [ERR!] - service encountered an error
Mar 22 13:58:57 eg aziot-tpmd[805]: 2023-03-22T13:58:57Z [ERR!] - caused by: internal error
Mar 22 13:58:57 eg aziot-tpmd[805]: 2023-03-22T13:58:57Z [ERR!] - caused by: could not initialize TPM
Mar 22 13:58:57 eg aziot-tpmd[805]: 2023-03-22T13:58:57Z [ERR!] - caused by: tcti:IO failure
Mar 22 13:58:57 eg aziot-tpmd[805]: 2023-03-22T13:58:57Z [ERR!] -    0: <unknown>

After adding it with below command:

usermod -a -G tss aziottpm

I'm getting proper status for aziot-tpmd:

● aziot-tpmd.service - Azure IoT TPM Service
     Loaded: loaded (/lib/systemd/system/aziot-tpmd.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-03-22 14:26:19 UTC; 1min 27s ago
TriggeredBy: ● aziot-tpmd.socket
   Main PID: 454 (aziot-tpmd)
      Tasks: 5 (limit: 4456)
     Memory: 6.8M
     CGroup: /system.slice/aziot-tpmd.service
             └─ 454 /usr/bin/aziot-tpmd

Dvergatal avatar Mar 22 '23 14:03 Dvergatal