Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1691138 - tpm2 update enabled tpm bios settings and f***** up the boot process
Summary: tpm2 update enabled tpm bios settings and f***** up the boot process
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: tpm2-abrmd-selinux
Version: 29
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Javier Martinez Canillas
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2019-03-20 23:56 UTC by customercare
Modified: 2019-03-21 00:15 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description customercare 2019-03-20 23:56:39 UTC
Description of problem:

tpm2-abrmd-selinux-2.0.0-3.fc29 from 	2019-03-08 12:59:20
got upgraded today on a F29 system at 9:50 in the morning.
After a reboot at 18:00 , the system did not come up, as kernel
oopses mentioning "kmem" spread on the entire boot process, leading
to a halt of the system before GDM was started. 

First, we thought a kernel build was responsible, but that kernel wasn't even build final nor installed at all.  Later, as a 4.20.5 kernel booted, but
system components failed 4 times per minute, without telling what failed, 
i booted to the bios, to check if something is missing there. 

I found the tpm moduled enabled in the bios. So i disabled it and the tpm2-abrmd.service and booted the same kernel, that had the worst failures before. It booted fine, FIXED SELINUX policies on the entire disk, rebooted and system was back to normal.

Questions emerging right now:

a) I have a 2 hour crond interval to update that system, why was a package from 8.3. installed today, 12 days later ?

b) why did it crash a working installation ?

c) I'm not entirly sure about the tpm bios settings ( M$ Surface Pro 4 has a very special bios ) in the bios before, so there is a small chance, it was enabled in the bios and only the SEL Policies are solely responsible for this mess. Q: was it possible for the tpm2 upgrade to enable tpm2 in the bios, when it was disabled before? IF so, rethink this method pls.

Version-Release number of selected component (if applicable):


Note You need to log in before you can comment on or make changes to this bug.