[Bug 2039117] Re: Intermittent problem accessing TPM during 22.04 boot

Brad Nabholz 2039117 at bugs.launchpad.net
Wed May 1 04:56:01 UTC 2024 

I encountered the same issue recently and attempted to build systemd from source and patch the retry behavior from #24906, but I failed to make it work.  Instead, I modified systemd-cryptsetup-generator to include retry behavior into the generated unit files for the encrypted volumes, which has worked for me.  I've written up the details here:
https://gist.github.com/bnabholz/86e4a6a8a8af9b66fff121e8a7a053fe

It is a little hacky but works for me, until I can upgrade to 24.04
which will have a systemd that contains the proper fix.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2039117

Title:
  Intermittent problem accessing TPM during 22.04 boot

Status in systemd package in Ubuntu:
  New

Bug description:
  I am using 22.04 and am hitting a bug accessing the TPM during start-
  up to decrypt a LUKS encrypted drive (data drive, not system drive).

  With a Virtualbox 22.04 VM, the problem only happens with the HWE
  kernel and occurs 8 out of 10 times. 2 out of 10 times the system
  boots correctly. When using the non HWE kernel it works 10 out of 10
  times.

  With a physical server, Supermicro X10, the problem does not occur at
  all.

  My LUKS volume is named drive1. From journalctl -u systemd-cryptsetup at drive1.service
  Oct 10 07:42:08 tpm2-test systemd-cryptsetup[547]: Failed to unseal HMAC key in TPM: tpm:error(2.0): PCR have changed since checked

  The problem is discussed here -
  https://github.com/systemd/systemd/issues/24906 . This also discusses
  that people get different results with different kernels.

  I'll not go into too much detail as this problem is already resolved in newer versions of systemd. The fix for this problem was merged into Ubuntu's systemd 252.3-1.
  https://git.launchpad.net/ubuntu/+source/systemd/commit/src/shared/tpm2-util.c?h=ubuntu/lunar&id=28f8a776415a01cacec747d831f057d3f8b9f01b

  Can this fix be made available to 22.04 - systemd 249.11?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2039117/+subscriptions

More information about the foundations-bugs mailing list