Failed to open device file /dev/tpm0: Permission denied

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Failed to open device file /dev/tpm0: Permission denied

Dave Mitchell
Fedora 29.

journalctl -f shows the following lines appearing in the log every five
seconds.  Can anyone tell me whether this is important, and if so how to
fix it, and if not, how to stop this noise filling the journal up?

Jan 13 17:12:13 woody systemd[1]: tpm2-abrmd.service: Service RestartSec=5s expired, scheduling restart.
Jan 13 17:12:13 woody systemd[1]: tpm2-abrmd.service: Scheduled restart job, restart counter is at 45627.
Jan 13 17:12:13 woody systemd[1]: Stopped TPM2 Access Broker and Resource Management Daemon.
Jan 13 17:12:13 woody audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tpm2-abrmd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jan 13 17:12:13 woody audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tpm2-abrmd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jan 13 17:12:13 woody systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon...
Jan 13 17:12:13 woody tpm2-abrmd[18763]: ERROR:tcti:src/tss2-tcti/tcti-device.c:319:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: Permission denied
Jan 13 17:12:13 woody tpm2-abrmd[18763]: failed to initialize device TCTI context: 0xa000a
Jan 13 17:12:13 woody tpm2-abrmd[18763]: TCTI initialization failed: 0xa000a
Jan 13 17:12:13 woody systemd[1]: tpm2-abrmd.service: Main process exited, code=exited, status=1/FAILURE
Jan 13 17:12:13 woody systemd[1]: tpm2-abrmd.service: Failed with result 'exit-code'.
Jan 13 17:12:13 woody systemd[1]: Failed to start TPM2 Access Broker and Resource Management Daemon.
Jan 13 17:12:13 woody audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=tpm2-abrmd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'


# ls -ld /dev/tpm0
crw-------. 1 root root 10, 224 Jan  3 18:49 /dev/tpm0


--
"There's something wrong with our bloody ships today, Chatfield."
    -- Admiral Beatty at the Battle of Jutland, 31st May 1916.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: Failed to open device file /dev/tpm0: Permission denied

Samuel Sieb
On 1/13/19 9:22 AM, Dave Mitchell wrote:
> journalctl -f shows the following lines appearing in the log every five
> seconds.  Can anyone tell me whether this is important, and if so how to
> fix it, and if not, how to stop this noise filling the journal up?

That's the tpm2-abrmd package.  I don't know what brings that in, I
don't have it.  You could try removing it and see what requires it or
you could do "systemctl disable --now tpm2-abrmd" to make it stop
spamming the log.

> # ls -ld /dev/tpm0
> crw-------. 1 root root 10, 224 Jan  3 18:49 /dev/tpm0

As root, can you do "cat /dev/tpm0"?
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: Failed to open device file /dev/tpm0: Permission denied

Dave Mitchell
On Sun, Jan 13, 2019 at 11:36:24AM -0800, Samuel Sieb wrote:
> On 1/13/19 9:22 AM, Dave Mitchell wrote:
> > journalctl -f shows the following lines appearing in the log every five
> > seconds.  Can anyone tell me whether this is important, and if so how to
> > fix it, and if not, how to stop this noise filling the journal up?
>
> That's the tpm2-abrmd package.  I don't know what brings that in, I don't
> have it.

Thanks.

The package description leaves me none the wiser:

# rpm -qi tpm2-abrmd
...
URL         : https://github.com/tpm2-software/tpm2-abrmd
Bug URL     : https://bugz.fedoraproject.org/tpm2-abrmd
Summary     : A system daemon implementing TPM2 Access Broker and Resource Manager
Description :
tpm2-abrmd is a system daemon implementing the TPM2 access broker (TAB) and
Resource Manager (RM) spec from the TCG.



# dnf remove tpm2-abrmd
Dependencies resolved.
================================================================================
 Package                  Arch   Version                         Repository
                                                                           Size
================================================================================
Removing:
 tpm2-abrmd               x86_64 2.0.3-2.fc29                    @updates 498 k
Removing unused dependencies:
 checkpolicy              x86_64 2.8-2.fc29                      @fedora  1.4 M
 policycoreutils-python-utils
                          noarch 2.8-8.fc29                      @fedora  116 k
 python3-IPy              noarch 0.81-23.fc29                    @fedora  123 k
 python3-audit            x86_64 3.0-0.5.20181218gitbdb72c0.fc29 @updates 326 k
 python3-libsemanage      x86_64 2.8-4.fc29                      @fedora  441 k
 python3-policycoreutils  noarch 2.8-8.fc29                      @fedora  5.1 M
 python3-setools          x86_64 4.1.1-13.fc29                   @fedora  1.8 M
 tpm2-abrmd-selinux       noarch 2.0.0-2.fc29                    @fedora   11 k
...
Is this ok [y/N]: n

> As root, can you do "cat /dev/tpm0"?

Yep, it gives zero-length output.

    # cat /dev/tpm0
    # cat /dev/tpm0 | wc
          0       0       0
    #

--
My get-up-and-go just got up and went.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: Failed to open device file /dev/tpm0: Permission denied

Samuel Sieb
On 1/13/19 11:52 AM, Dave Mitchell wrote:
> On Sun, Jan 13, 2019 at 11:36:24AM -0800, Samuel Sieb wrote:
>> On 1/13/19 9:22 AM, Dave Mitchell wrote:
>>> journalctl -f shows the following lines appearing in the log every five
>>> seconds.  Can anyone tell me whether this is important, and if so how to
>>> fix it, and if not, how to stop this noise filling the journal up?
>>
>> That's the tpm2-abrmd package.  I don't know what brings that in, I don't
>> have it.

> The package description leaves me none the wiser:
>
> # rpm -qi tpm2-abrmd
> ...
> URL         : https://github.com/tpm2-software/tpm2-abrmd
> Bug URL     : https://bugz.fedoraproject.org/tpm2-abrmd
> Summary     : A system daemon implementing TPM2 Access Broker and Resource Manager
> Description :
> tpm2-abrmd is a system daemon implementing the TPM2 access broker (TAB) and
> Resource Manager (RM) spec from the TCG.

https://en.wikipedia.org/wiki/Trusted_Platform_Module
The TPM is a device that can store bits of secure info.  That package
provides a service for accessing the device.  I have no idea what uses
it, there doesn't seem to be anything else depending on it on your
system.  I would suggest just disabling it and file a bug on the package
since it seems to have a permissions issue.

> # dnf remove tpm2-abrmd
> Dependencies resolved.
> ================================================================================
>   Package                  Arch   Version                         Repository
>                                                                             Size
> ================================================================================
> Removing:
>   tpm2-abrmd               x86_64 2.0.3-2.fc29                    @updates 498 k
> Removing unused dependencies:
>   checkpolicy              x86_64 2.8-2.fc29                      @fedora  1.4 M
>   policycoreutils-python-utils
>                            noarch 2.8-8.fc29                      @fedora  116 k
>   python3-IPy              noarch 0.81-23.fc29                    @fedora  123 k
>   python3-audit            x86_64 3.0-0.5.20181218gitbdb72c0.fc29 @updates 326 k
>   python3-libsemanage      x86_64 2.8-4.fc29                      @fedora  441 k
>   python3-policycoreutils  noarch 2.8-8.fc29                      @fedora  5.1 M
>   python3-setools          x86_64 4.1.1-13.fc29                   @fedora  1.8 M
>   tpm2-abrmd-selinux       noarch 2.0.0-2.fc29                    @fedora   11 k

Was this a clean F29 install or did you upgrade from a previous version?
  It appears that tpm2-abrmd was part of the install since it brought in
a lot of dependencies.  I have a lot of those other packages as well.  I
would suggest if you want to remove the package that you add the
"--noautoremove" option to dnf so it doesn't remove those other ones.

>> As root, can you do "cat /dev/tpm0"?
>
> Yep, it gives zero-length output.

That's what I see as well.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: Failed to open device file /dev/tpm0: Permission denied

Joe Zeff
In reply to this post by Dave Mitchell
On 01/13/2019 12:52 PM, Dave Mitchell wrote:

> On Sun, Jan 13, 2019 at 11:36:24AM -0800, Samuel Sieb wrote:
>> On 1/13/19 9:22 AM, Dave Mitchell wrote:
>>> journalctl -f shows the following lines appearing in the log every five
>>> seconds.  Can anyone tell me whether this is important, and if so how to
>>> fix it, and if not, how to stop this noise filling the journal up?
>> That's the tpm2-abrmd package.  I don't know what brings that in, I don't
>> have it.
> Thanks.
>
> The package description leaves me none the wiser:

Maybe this will help: https://en.wikipedia.org/wiki/Trusted_Platform_Module
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: Failed to open device file /dev/tpm0: Permission denied

George N. White III
In reply to this post by Dave Mitchell
On Sun, 13 Jan 2019 at 13:23, Dave Mitchell <[hidden email]> wrote:
Fedora 29.

journalctl -f shows the following lines appearing in the log every five
seconds.  Can anyone tell me whether this is important, and if so how to
fix it, and if not, how to stop this noise filling the journal up?

I often find archlinux documentation helpful for such problems.
with a remark that you may need to enable TPM in the BIOS.

 [...]

--
George N. White III


_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...