Re: [systemd-devel] systemd-pcrlock Failed to submit super PCR policy
On Mo, 05.02.24 09:24, Dominick Grift (dominick.gr...@defensec.nl) wrote: Please run "SYSTEMD_LOG_LEVEL=debug systemd-pcrlock make-policy" from the command line, then file a github issue about this, and pastethe output there. Lennart -- Lennart Poettering, Berlin
[systemd-devel] systemd-pcrlock Failed to submit super PCR policy
systemd v255 Debian Testing Linux nimbus 6.6.13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.6.13-1 (2024-01-20) x86_64 GNU/Linux systemd-pcrlock Feb 04 20:00:02 nimbus audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=sys.id:sys.role:sys.subj:s0 msg='unit=systemd-pcrlock-make-policy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed' Feb 04 20:00:02 nimbus systemd[1]: Failed to start systemd-pcrlock-make-policy.service - Make TPM2 PCR Policy. Feb 04 20:00:02 nimbus systemd[1]: systemd-pcrlock-make-policy.service: Failed with result 'exit-code'. Feb 04 20:00:02 nimbus systemd[1]: systemd-pcrlock-make-policy.service: Main process exited, code=exited, status=1/FAILURE Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Failed to submit super PCR policy: State not recoverable Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Failed to add OR policy to TPM: tpm:parameter(1):value is out of range or is not correct for the context Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: ERROR:esys:src/tss2-esys/api/Esys_PolicyOR.c:100:Esys_PolicyOR() Esys Finish ErrorCode (0x01c4) Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: WARNING:esys:src/tss2-esys/api/Esys_PolicyOR.c:286:Esys_PolicyOR_Finish() Received TPM Error Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting OR Branch #1: a36d5b482f1c0ff2c57737c7e8c671d88f0bb2cf52140034ec4b67774eb47e87 Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting OR Branch #0: 2cacf1f3ded4eead1044bd14c4e519a4614c6af51a4781a89126834b7830e81b Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting OR policy. Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: PolicyPCR calculated digest: a36d5b482f1c0ff2c57737c7e8c671d88f0bb2cf52140034ec4b67774eb47e87 Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: PolicyPCR calculated digest: 2cacf1f3ded4eead1044bd14c4e519a4614c6af51a4781a89126834b7830e81b Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Session policy digest: b117275cc6ee990f9c572b80e67a98f133cd092029b450eda445fb1ff2454886 Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Acquiring policy digest. Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting PCR hash policy. Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting PCR/OR policy for PCR 1 Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Session policy digest: 6cc828077856fbe4333c4372ec374df31f6c3a36b2e63b778d2e2ae6b3ef532a Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Acquiring policy digest. Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting OR Branch #1: 940dbe9fc9a5c4cb73e30e6454b659f8f635ebc0b6d4b327c4f98fad9bc56ccf Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting OR Branch #0: eeec8aadd13fef1af29067b499a8e9eeb82215a32a2bc838b5d5e4984c4d7100 Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting OR policy. Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: PolicyPCR calculated digest: 940dbe9fc9a5c4cb73e30e6454b659f8f635ebc0b6d4b327c4f98fad9bc56ccf Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: PolicyPCR calculated digest: eeec8aadd13fef1af29067b499a8e9eeb82215a32a2bc838b5d5e4984c4d7100 Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Session policy digest: eeec8aadd13fef1af29067b499a8e9eeb82215a32a2bc838b5d5e4984c4d7100 Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Acquiring policy digest. Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Submitting PCR hash policy. Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Submitting PCR/OR policy for PCR 0 Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Session policy digest: af31ab03c1d2d596f518acc44424bfa26c777400bc7c4e60f883663512a84988 Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Acquiring policy digest. Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Submitting PCR hash policy. Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Including PCR 14 in single value PolicyPCR expression Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Including PCR 13 in single value PolicyPCR expression Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Including PCR 12 in single value PolicyPCR expression Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Starting policy session. Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Retrieving PIN from sealed data. Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Starting HMAC encryption session. Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Getting TPM2 capability 0x0005 property 0x count 1. Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Getting TPM2 capability 0x0008 property 0x count 508. Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Getting TPM2 capability 0x0002 property 0x011f count 256. Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Getting TPM2 capability 0x property 0x0001 count 127. Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: TPM successfully started up. Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Loaded TCTI module 'tcti-device' (TCTI module for communication with Linux kernel interface.) [Version 2] Feb 04 20:00:01 nimbus