FS#74421 : [edk2-ovmf] Broken TPM2 Support due to changed build flag

FS#74421 - [edk2-ovmf] Broken TPM2 Support due to changed build flag

Attached to Project: Arch Linux
Opened by E. Werberich (bephinix) - Saturday, 09 April 2022, 15:34 GMT
Last edited by Morten Linderud (Foxboron) - Tuesday, 19 April 2022, 19:10 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	David Runge (dvzrv)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	8 Prajna Sariputra (m7) (2022-04-16) Andrej Podzimek (andrej) (2022-04-15) Davide Girardi (GiRa) (2022-04-13) Robert Straw (drbawb) (2022-04-13) JW (methyl) (2022-04-13) Brenton Noesges (monocrystalmonkey) (2022-04-10) Jendrik (JeWe37) (2022-04-09) E. Werberich (bephinix) (2022-04-09)
Private	No

Details

Description:

According to [1], upstream renamed the flag used to determine whether TPM1/2 support is enabled or not [2].
Instead of `TPM_ENABLED`, `TPM1_ENABLED` and `TPM2_ENABLED` are used.
As this fact is noted but not implemented in PKGCONFIG, TPM2 does not work in KVM/QEMU VMs.
Therefore e.g. Windows 11 VMs cannot be installed due to missing (not working) TPM2.

Patch Draft:

Replace `-D TPM_ENABLE` in PKGBUILD with:

```
-D TPM1_ENABLE
-D TPM2_ENABLE
```

Links:
[1]: https://groups.google.com/g/linux.debian.bugs.dist/c/KIARY7bL5RI
[2]: https://github.com/tianocore/edk2/commit/4de8d61bcec02a13ceed84f92b0cf3ea58adf9c5

This task depends upon

Closed by Morten Linderud (Foxboron)
Tuesday, 19 April 2022, 19:10 GMT
Reason for closing: Fixed
Additional comments about closing: 202202-2

Comment by E. Werberich (bephinix) - Saturday, 09 April 2022, 15:35 GMT

Using the patch draft to build a patched version fixed the issue for me; TPM 2.0 modules are correctly shown and ready to use in Windows 11 VM.

Comment by Jendrik (JeWe37) - Saturday, 09 April 2022, 20:35 GMT

I can confirm this works.

Comment by Davide Girardi (GiRa) - Wednesday, 13 April 2022, 12:18 GMT

I tested it successfully too. Here's a more complete patch:
```
diff --git a/edk2/trunk/PKGBUILD b/edk2/trunk/PKGBUILD
index 4c3b745..6d838b3 100644
--- a/edk2/trunk/PKGBUILD
+++ b/edk2/trunk/PKGBUILD
@@ -104,7 +104,8 @@ build() {
local _efi_args=(
-D NETWORK_IP6_ENABLE
-D TPM_CONFIG_ENABLE
- -D TPM_ENABLE
+ -D TPM1_ENABLE
+ -D TPM2_ENABLE
)
# shared targets x86_64 and i686
local _x86_args=(
```

Comment by Robert Straw (drbawb) - Wednesday, 13 April 2022, 15:20 GMT

I found this after having an issue w/ the TPM showing up with an error in Windows 11 device manager.
I tried the patch and it didn't work for me. The device does show up w/ no driver errors, and as "ready to use" in the TPM MMC snap-in, but it doesn't actually work.
BitLocker remains suspended after booting w/ the patched package, and if I try to unsuspend BitLocker I get a message saying "the BIOS failed to communicate w/ the TPM."

Comment by Andrej Podzimek (andrej) - Friday, 15 April 2022, 11:46 GMT

The PKGBUILD fix works for me as well; TPM 2.0 works again.

Comment by David Runge (dvzrv) - Saturday, 16 April 2022, 21:46 GMT

@bephinix: Thanks for the report!

Please check whether 202202-2 fixes this for you.

Comment by E. Werberich (bephinix) - Monday, 18 April 2022, 08:28 GMT

@dvzrv Yes, it is working now!

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#74421 - [edk2-ovmf] Broken TPM2 Support due to changed build flag

Details

Loading...