Re: [systemd-devel] How to debug systemd-pcrphase-initrd.service failure
Note that we also have `InitrdPackages=` in the latest mkosi release which allows you to add extra packages to the default initrd without having to build one separately. Cheers, Daan On Wed, 6 Dec 2023 at 14:26, Renjaya Raga Zenta wrote: > > Yes, I think now I understand that mkosi will build default initrd image > without tpm2-tss libraries. Perhaps because the package names are different > for each distro. > > I need to build the initrd image separately at first, then use it to build OS > image with --initrd flag. > > Thanks. > > On Wed, Dec 6, 2023 at 8:02 PM Lennart Poettering > wrote: >> >> On Mi, 06.12.23 18:28, Renjaya Raga Zenta (ragaze...@gmail.com) wrote: >> >> > Hi, >> > >> > I am exploring OS image building with mkosi. It works great until I add TPM >> > 2.0 in qemu. >> > >> > I found that the systemd-pcrphase-initrd.service failed. There are 3 >> > pcrphase service: >> > >> > 1. systemd-pcrphase-initrd.service (failed) >> > 2. systemd-pcrphase.service (ok) >> > 3. systemd-pcrphase-sysinit.service (ok) >> >> So the latter two run from the host fs, the first one from the initrd fs. >> >> > Related journal log: >> > systemd[1]: Failed to start systemd-pcrphase-initrd.service - TPM2 PCR >> > Barrier (initrd). >> > ... >> > systemd-pcrphase[130]: Failed to load TPM2 libraries: Operation not >> > supported >> > ... >> >> It appears you are lacking the tpm2-tss libraries in your initrd image. >> >> Lennart >> >> -- >> Lennart Poettering, Berlin > > > > -- > Renjaya Raga Zenta > Mobile: > +62 811 572 4400
Re: [systemd-devel] How to debug systemd-pcrphase-initrd.service failure
Yes, I think now I understand that mkosi will build default initrd image without tpm2-tss libraries. Perhaps because the package names are different for each distro. I need to build the initrd image separately at first, then use it to build OS image with --initrd flag. Thanks. On Wed, Dec 6, 2023 at 8:02 PM Lennart Poettering wrote: > On Mi, 06.12.23 18:28, Renjaya Raga Zenta (ragaze...@gmail.com) wrote: > > > Hi, > > > > I am exploring OS image building with mkosi. It works great until I add > TPM > > 2.0 in qemu. > > > > I found that the systemd-pcrphase-initrd.service failed. There are 3 > > pcrphase service: > > > > 1. systemd-pcrphase-initrd.service (failed) > > 2. systemd-pcrphase.service (ok) > > 3. systemd-pcrphase-sysinit.service (ok) > > So the latter two run from the host fs, the first one from the initrd fs. > > > Related journal log: > > systemd[1]: Failed to start systemd-pcrphase-initrd.service - TPM2 PCR > > Barrier (initrd). > > ... > > systemd-pcrphase[130]: Failed to load TPM2 libraries: Operation not > > supported > > ... > > It appears you are lacking the tpm2-tss libraries in your initrd image. > > Lennart > > -- > Lennart Poettering, Berlin > -- Renjaya Raga Zenta Mobile: +62 811 572 4400
Re: [systemd-devel] How to debug systemd-pcrphase-initrd.service failure
On Mi, 06.12.23 18:28, Renjaya Raga Zenta (ragaze...@gmail.com) wrote: > Hi, > > I am exploring OS image building with mkosi. It works great until I add TPM > 2.0 in qemu. > > I found that the systemd-pcrphase-initrd.service failed. There are 3 > pcrphase service: > > 1. systemd-pcrphase-initrd.service (failed) > 2. systemd-pcrphase.service (ok) > 3. systemd-pcrphase-sysinit.service (ok) So the latter two run from the host fs, the first one from the initrd fs. > Related journal log: > systemd[1]: Failed to start systemd-pcrphase-initrd.service - TPM2 PCR > Barrier (initrd). > ... > systemd-pcrphase[130]: Failed to load TPM2 libraries: Operation not > supported > ... It appears you are lacking the tpm2-tss libraries in your initrd image. Lennart -- Lennart Poettering, Berlin
[systemd-devel] How to debug systemd-pcrphase-initrd.service failure
Hi, I am exploring OS image building with mkosi. It works great until I add TPM 2.0 in qemu. I found that the systemd-pcrphase-initrd.service failed. There are 3 pcrphase service: 1. systemd-pcrphase-initrd.service (failed) 2. systemd-pcrphase.service (ok) 3. systemd-pcrphase-sysinit.service (ok) Related journal log: systemd[1]: Failed to start systemd-pcrphase-initrd.service - TPM2 PCR Barrier (initrd). ... systemd-pcrphase[130]: Failed to load TPM2 libraries: Operation not supported ... My mkosi.conf: [Distribution] Distribution=debian Repositories=contrib,non-free,non-free-firmware Release=bookworm [Output] Format=disk ImageId=test ImageVersion=0.1.0 [Content] Bootable=yes Locale=en_US.UTF-8 LocaleMessages=en_US.UTF-8 Keymap=us Timezone=Asia/Jakarta Hostname=test KernelCommandLine= console=ttyS0 console=tty1 loglevel=4 Packages= amd64-microcode apt apt-transport-https bash-completion ca-certificates coreutils curl dbus-broker debian-archive-keyring dosfstools e2fsprogs efibootmgr file gdisk intel-microcode jq less libtss2-dev linux-image-amd64 locales man-db openssh-client parted systemd systemd-boot systemd-resolved systemd-sysv systemd-timesyncd tzdata udev usbutils zstd [Validation] SecureBoot=yes Bookworm still uses systemd 252, is that related? Previously without the libtss2-dev package installed, all 3 services above failed. So perhaps the initrd doesn't have libtss2-dev installed. How to include it then? Thanks
