Re: TPM chip prevents machine from suspending

[Stefan Berger]

On 03/29/2011 08:08 AM, Jeff Layton wrote:
> On Mon, 28 Mar 2011 19:10:55 -0400
> Stefan Berger<stefanb@xxxxxxxxxxxxxxxxxx>  wrote:
>
> > Ok, so this error code means TPM_INVALID_POSTINIT  (not a posix code)
> > and means that this command was received in the wrong sequence relative
> > to a TPM_Startup command. Well, what's supposed to be happening is this:
> >
> > When the machines (S3) suspends then the OS needs to send a
> > TPM_SaveState() to the TPM. This is done by the Linux driver. Once the
> > VM resumes, the BIOS is supposed to send a TPM_Startup(ST_STATE) to the TPM.
> >
> > Now the fun starts when a BIOS isn't doing that (even though the spec
> > says it's supposed to), which could very well be the case in your case
> > (don't know what broken BIOSes are out there...  Did it ever work before
> > with the TPM driver in the kernel ?). I could try to send you a small
> > tool that you would have to run from user space upon resume so that we
> > can see that this error goes away. If that's verified we could
> > subsequently write a patch for the TPM driver to also send the
> > TPM_Startup(ST_STATE) to the TPM, which then in the case of most BIOSes
> > would be the 2nd time that the TPM receives such a command. I think TPMs
> > should be able to digest this 2nd TPM_Startup() well, but I'd have to
> > check -- but really we would ill-fix it just because of one (possibly)
> > buggy BIOS.
> >
> > The failure of the 2nd suspend then likely stems from the TPM not
> > accepting the TPM_SaveState() anymore since it hasn't seen the
> > TPM_Startup(ST_STATE) that we expected the BIOS to send.
> Yep. That program fixed the problem. When I run it after a resume, I
> can then cat the caps file and get output from it, and the machine will
> successfully suspend again.
Well, we now could (once) probe the TPM after the resume and send a test 
command to it and see whether it returns error code 38 and if so send 
the TPM_Startup() from the driver -- as a work-around for your broken BIOS.

> > Another possibility would be for you to check for BIOS updates from the
> > laptop manufacturer...
> This is actually a desktop machine and the BIOS for the motherboard is
> at the latest version, though it is quite old -- 2007/09/01. For the
> record this is a:
>
>       Foxconn 6150BK8MC
>
> I'm actually not using the TPM in this thing at all. I'd be just as
> happy if there were some way to disable it. Unfortunately, the option
> in the BIOS to do this doesn't seem to actually work. When I set "TPM
> Control" in the BIOS to "Disable" it always ends up reset back to "No
> Change". I'd report both problems to the mfr, but this thing is long
> out of warranty and I'm pretty sure they won't care.
>
> Is there some way short of recompiling with CONFIG_TCG_* turned off
> to disable the TPM driver at boot time?
As far as I know, 'no'. I'd defer it to the maintainers as to how they 
would want to solve your particular problem... either by using above 
work-around, which would be more transparent, or actively having to turn 
the driver off with a command line parameter.

   Stefan

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/