[systemd-devel] Permanently remove services
Andrei Borzenkov
arvidjaar at gmail.com
Fri Jan 19 17:23:14 UTC 2024
On 19.01.2024 19:47, Morten Bo Johansen wrote:
> On 2024-01-19 Mantas Mikulėnas wrote:
>
>> In general I've learned to not quite trust what the firmware shows... we've
>> had a batch of Skylake-or-so desktops that *did* have a CPU-integrated fTPM
>> but it wasn't even mentioned until we did a BIOS update, even though CPU
>> spec said it should be present.
>>
>> However, your CPU is from Haswell era and according to the spec sheet it
>> definitely seems to lack Intel's PTT "built-in TPM 2.0" feature (it has the
>> older IPT but that's a different thing, not a TPM equivalent), so that
>> seems correct. If I understand correctly, the only option for that CPU
>> would be a discrete TPM chip, and if the manufacturer had bothered to
>> include one, it ought to be showing up in the BIOS settings.
>>
>> On the other hand, you said you have a /dev/tpm0... I'm somewhat curious
>> about whether there are any mentions 'tpm' or 'tis' or something like that
>> in your `dmesg`?
>
> ~/ % dmesg | grep -i tpm
>
> [ 0.275738] tpm_tis 00:05: 1.2 TPM (device-id 0x0, rev-id 78)
This message means that driver detected TPM 1.2. Enabling debug messages
may provide some more information.
> [ 26.180565] systemd[1]: systemd 255.2-3-arch running in system mode (+PAM +AUDIT -SELINUX -APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified)
> [ 26.852953] systemd[1]: Listening on TPM2 PCR Extension (Varlink).
> [ 26.891210] systemd[1]: Starting TPM2 PCR Machine ID Measurement...
>
So systemd probably should not be trying anything TPM 2.0 related.
> ~/ % dmesg | grep -i tis
>
> [ 0.275738] tpm_tis 00:05: 1.2 TPM (device-id 0x0, rev-id 78)
>
>
>> A virtual machine won't be able to see the real TPM either way (or any
>> other real hardware; it's kinda what makes it a virtual machine). All it
>> would see is a vTPM provided by the VM host software.
>
> Okay.
>
> I shall try to upgrade the bios to the latest version and see
> if something shows up.
>
> Thanks,
> Morten
>
>
>
More information about the systemd-devel
mailing list