firmware TPM on c1030 doesn't work on Linux

TPM on c1030 doesn't work on Linux

Open Integral-Tech opened this issue 1 year ago • 2 comments

When I tried to enroll the TPM in order to use it to unlock the LUKS volume, it returned an error:

ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:96:Esys_TestParms() Esys Finish ErrorCode (0x000b0143)

Failes to create TPM2 context: State not recoverable

Model: HP Elite c1030 chromebook

Mar 19 '24 18:03 Integral-Tech

the firmware does it's part to set up the TPM, you likely need to reset/clear ownership etc. But check with cbmem

Mar 19 '24 19:03 MrChromebox

the firmware does it's part to set up the TPM, you likely need to reset/clear ownership etc. But check with cbmem

I tried running sudo tpm2_clear to clear the TPM data. However, enrolling key still fails after clearing. How can I check with cbmem?

Mar 19 '24 21:03 Integral-Tech

the firmware does it's part to set up the TPM, you likely need to reset/clear ownership etc. But check with cbmem

https://github.com/systemd/systemd/issues/31925#issuecomment-2034895544

Apr 17 '24 03:04 Integral-Tech

the firmware does it's part to set up the TPM, you likely need to reset/clear ownership etc. But check with cbmem

systemd/systemd#31925 (comment)

there's nothing I can do, the firmware on the CR50 is signed by Google, and they chose to implement a subset of the TPM 2.0 spec

Apr 17 '24 13:04 MrChromebox

firmware firmware copied to clipboard

TPM on c1030 doesn't work on Linux

firmware
firmware copied to clipboard