Tpm error on booting

Ask Fedora
1

Hi, after install fc 37 rc, but I got the same problem also with 36, on booting I have error on tpm and fedora doesn’t start

Press e for edit grub and add:

rmmod tpm

in this way I may boot in order to add to /boot/grub2/grub.cfg following line:

rmmod tpm

in this way I may reboot without any problem, but if I update grub I return to 1st point.

is there any solution for fix permanent this?

At the moment I’m using Endeavours as only system, I would like to switch to Fedora but not at this conditions

My notebook is Asus VD753 (I think) and in bios there isn’t any reference on how disable tpm and I can’t update bios, secure boot is disabled.

I hope there’s a solution.

Rob.

2

I don’t know about the tpm and bios. Most UEFI bios I have looked at have the option under the security tab to disable tpm but of course I cannot see yours to know.

I did a quick search on how to prevent kernel modules from loading and found several links.

Blacklisting modules on Linux | Network World.
fedora - Unable to disable kernel module - Unix & Linux Stack Exchange

Based on those and on what I already knew you should be able to do
sudo echo "blacklist tpm" > /etc/modprobe.d/blacklist-tpm.conf then reboot.
It may require that you also run sudo dracut --force to recreate the initramfs so the entry is available in the initrd image for the boot before the root file system is mounted.

3

Thank you for your answer, I’ve tried as you told me but after reboot I’ve the same problem,
I don’t how permanent add to /boot/grub2/grub.cfg :
rmmod tpm

for avoid that at every grub update that line is removed.

Do you know how do it?

4

sudo grubby --args="rd.driver.blacklist=tpm modprobe.blacklist=tpm" --update-kernel=ALL

Edit:
For your blacklist-tpm.conf did you also add:

"install tpm /bin/false"
2 Likes
5

i have the same issue using ‘rmmod tpm’ works for me but it is not permanent ,i have to repeat it every time i booted… is there any way to make it permanent …

6

I see no other option than editing the file /boot/grub2/grub.cfg and add the command you would use to disable the tpm module in grub2. Disabling the linux module for tpm would have no effect as the linux kernel is not even loaded when the problem occurs.

Of course, running grub2-mkconfig would undo your edit, so keep that in mind.

7

Trusted Platform Module (TPM) is a chip used to store secret keys with default state being unknown, disabled, inactive. If you use a device with OS implemented with TPM, you need to clear it in BIOS or issue ‘tpm_clear -force’ command with information here : INFOSEC.

8

I added “rmmod tpm” in grub.cfg and it worked for me… thank youu

9

I’m not sure why blacklisting the Linux kernel’s tpm module has anything to do with grub’s tpm module in reference to Jeff V’s response, but it’s not correct in this particular issue.

The issue is in grub not supporting TPM 2.0 likely very well when enabled in UEFI System Settings. The more basic functional fix to this is actually relatively simple to fix.

In /etc/grub.d/ create 02_tpm with the contents:

#!/usr/bin/sh -e

echo "rmmod tpm"

and chmod +x it.

Run grub2-mkconfig -o /etc/grub2.cfg and your problem is mitigated for the time being. This is NOT a fix, just a mitigation for current issues with grub and TPM support specifically.

1 Like
10

Thanks a lot! You make a simple and very reliable temp solution! I also did having a similar problem. And you did resolved!

My issue: GRUB is output error of tpm.c module after 371 DBX update

I wait a bug fix from Fedora team. Because update of BIOS is not resolved problem. Reset Secure Boot databases to factory state is resolved, but if I update DBX database, I get a this error. Thanks a lot!