[systemd-devel] Permanently remove services
Mantas Mikulėnas
grawity at gmail.com
Fri Jan 19 16:37:35 UTC 2024
On Fri, Jan 19, 2024, 17:47 Morten Bo Johansen <mortenbo at hotmail.com> wrote:
> On 2024-01-18 Lennart Poettering wrote:
>
> > On Do, 18.01.24 22:53, Morten Bo Johansen (mortenbo at hotmail.com) wrote:
> >
> >> ~/ % systemd-creds has-tpm2
> >> partial
> >> +firmware
> >> -driver
> >> +system
> >> +subsystem
> >> +libraries
> >
> > OK, so this indicates that your system has TPM support on all levels
> > with a single exception: you lack an actual linux driver for your
> > specific hw. And that puzzles me. because to my knowledge at least
> > linux should support all relevant tpm2 interfaces just fine. THis
> > suggests that you haven#t got the right modules installed.
>
> I think that perhaps systemd-creds gets it wrong? There really
> does not seem to be any TPM support on this computer, either
> version 1.2 or 2. In the bios settings, there is no "security
> chip" entry under the "Security" tab and no other settings
> pertaining to TPM in the bios at all.
In general I've learned to not quite trust what the firmware shows... we've
had a batch of Skylake-or-so desktops that *did* have a CPU-integrated fTPM
but it wasn't even mentioned until we did a BIOS update, even though CPU
spec said it should be present.
However, your CPU is from Haswell era and according to the spec sheet it
definitely seems to lack Intel's PTT "built-in TPM 2.0" feature (it has the
older IPT but that's a different thing, not a TPM equivalent), so that
seems correct. If I understand correctly, the only option for that CPU
would be a discrete TPM chip, and if the manufacturer had bothered to
include one, it ought to be showing up in the BIOS settings.
On the other hand, you said you have a /dev/tpm0... I'm somewhat curious
about whether there are any mentions 'tpm' or 'tis' or something like that
in your `dmesg`?
I ran Windows 11 in a VM
> to check what it thinks about it and it also says that there is
> no TPM support, either 1.2 or 2.
>
A virtual machine won't be able to see the real TPM either way (or any
other real hardware; it's kinda what makes it a virtual machine). All it
would see is a vTPM provided by the VM host software.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20240119/07957bab/attachment.htm>
More information about the systemd-devel
mailing list