You are not logged in.
This weekend I dist-upgraded from Beowulf to Chimaera.
The upgrade itself went well, with one package problem I am stuck at (I've uninstalled for now)
The package that fails is: "tpm2-abrmd" :
Setting up tpm2-abrmd (2.3.3-1+b2) ...
Starting TPM2 Access Broker and Resource Management Daemon: tpm2-abrmd
** (process:6742): WARNING **: 13:44:06.774: tcti_conf before: "device:/dev/tpm0"
** (tpm2-abrmd:6742): WARNING **: 13:44:06.774: tcti_conf after: "device:/dev/tpm0"
Refusing to run as root. Pass --allow-root if you know what you are doing.
failed!
invoke-rc.d: initscript tpm2-abrmd, action "start" failed.
dpkg: error processing package tpm2-abrmd (--configure):
installed tpm2-abrmd package post-installation script subprocess returned error exit status 1
I'm not going to "--allow-root", since I obviously don't know what I'm doing here. I've uninstalled the package (not sure what it is, or why I had it to begin with). Is this anything important? I could note, this is on my desktop computer, not an internet server, if that makes any difference.
The second question has to do with ping.
$ ping -c 1 127.0.0.1
ping: socket: Address family not supported by protocol
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.025 ms
Any fix for this warning? I keep getting the warning (Address family not supported by protocol), but the ping itself does succeed. Passing the "-4" switch will take the warning away; I might just make an alias to do that if there's not another workaround. Possibly related: https://github.com/iputils/iputils/issues/293.
Offline
For tpm2-abrmd the daemon is supposed to run as the tss user (/dev/tpm0 should be owned by that user). The systemd unit file has User=tss but the sysvinit file doesn't specify a user.
So edit /etc/init.d/tpm2-abrmd and change line 17 to
start_daemon -p $PIDFILE -u tss /usr/sbin/tpm2-abrmd
Then run
# service tpm2-abrmd restart
I'm not 100% sure it will work because the man page says that -u is a matching option. Worth a go though.
For ping the chimaera iputils-ping package just missed the fix described in your linked bug report. If you're using that switch to the inetutils-ping package instead.
You should probably file bug reports against both these packages using the reportbug package. The Debian wiki has a page about it. Be sure to check there are no extant reports about the same problem.
Brianna Ghey — Rest In Power
Offline
Installing inetutils-ping (which removed iputils-ping) did remove that warning, so that part is solved. Thanks :-)
The change with tpm2-abrmd (adding the '-u tss' to line 17 of /etc/init.d/tpm2-abrmd) didn't help.
# service tpm2-abrmd start
Starting TPM2 Access Broker and Resource Management Daemon: tpm2-abrmdIllegal option -u
/sbin/start-stop-daemon: unable to stat //tss (No such file or directory)
failed!
I *do* have a user "tss" listed in /etc/passwd. I guess I'm wondering, do I need this service?
After a little bit of internet searching, I think I may not even have tpm enabled on my motherboard. Maybe that's part of the problem. I'll reboot and check the ol' bios.
OK, under the "Trusted Computing" section of bios setup, my motherboard informed me that no device was found. Guess it's not built-in and I never added it. So I'll remove the tpm2-abrmd package, not sure why it got pulled in. Sorry for the noise
Last edited by rbit (2022-09-06 01:44:24)
Offline
If /dev/tpm0 exists then the kernel has found the TPM2 chip and provided a driver for it.
Looks like start-stop-daemon only provides an option to start under a specific group rather than a particular user, which is a shame.
You could try replacing the line with something like
su tss -c '/usr/sbin/tpm2-abrmd'
But it's horrible as a hack because it breaks the PID file.
The tpm2-abrmd package is actually fantastically useful for systems with full disk encryption so this really should be fixed for Devuan.
Brianna Ghey — Rest In Power
Offline
Hi,
I have this problem and tried your fixes, including passing --allow-root in the init.d file, to no avail. It shows up as unconfigured in apt, and gives an error after every apt run, but it is doing something, because before installing it I was getting a 'disabling tpm' error on boot, and now the only messages I get (with 'dmesg | grep -i tpm') are the following:
[ 0.000000] efi: ACPI=0x7d7ca000 ACPI 2.0=0x7d7ca014 TPMFinalLog=0x7d7cd000 SMBIOS=0x7dd64000 SMBIOS 3.0=0x7dd63000 MEMATTR=0x789c0018 ESRT=0x790b8998 INITRD=0x780a7a98 RNG=0x7d6c5018 TPMEventLog=0x7d6c1018
[ 0.007242] ACPI: TPM2 0x000000007D6C8000 00004C (v04 ALASKA A M I 00000001 AMI 00000000)
[ 0.007267] ACPI: Reserving TPM2 table memory at [mem 0x7d6c8000-0x7d6c804b]
EDIT: I found the original 'disabling tpm' error in syslog (without tpm2-abrmd half installed):
tpm tpm0: NULL key integrity failure!
tpm tpm0: NULL Seed name comparison failed
tpm tpm0: NULL name has changed, disabling TPM due to interference
EDIT: The latest message from 'dmesg | grep -i tpm' includes both of the above messages, after hibernating.
EDIT: Have uninstalled it for now, however I found the following https://github.com/tpm2-software/tpm2-abrmd/issues/828 which shows a different /lib/udev/rules.d/60-tpm-udev.rules file from mine. Here is his:
# tpm devices can only be accessed by the tss user but the tss
# group members can access tpmrm devices
KERNEL=="tpm[0-9]", TAG+="systemd", MODE="0660", OWNER="tss"
KERNEL=="tpmrm[0-9]", TAG+="systemd", MODE="0660", GROUP="tss"
and here is mine:
# tpm devices can only be accessed by the tss user but the tss
# group members can access tpmrm devices
KERNEL=="tpm[0-9]*", TAG+="systemd", MODE="0660", OWNER="tss"
KERNEL=="tpmrm[0-9]*", TAG+="systemd", MODE="0660", OWNER="tss", GROUP="tss"
Last edited by ernobe (2024-10-13 13:52:59)
Offline