On Sun, 2016-03-13 at 20:20 +0100, Philip Hands wrote: > cpblpublic+deb...@gmail.com writes: > > > > > Package: installation-reports > > > > Version: 8.3 > > > > Hello. I just installed Debian 8.3 in a partition alongside Ubuntu 15.10 > > on a Lenovo X230 Tablet. > > > > > > Everything goes okay, and it claims that it writing the boot record should > > be safe and will preserve the Ubuntu 15.10 that it found. > > > > However, upon rebooting, Ubuntu no longer boots. Its graphical booting > > sequence just hangs on the little logo with dots moving along. > > > > In the terminal 1 screen, the following errors are reported: > > > > tpm_tis A TPM error (6) occurred atempting to read a pcr > OK, so that's failing to talk to the TPM (Trusted Platform Module) > > I'm guessing (not having tried any of this) that the problem is that > Ubuntu had installed the secure boot shim and GRUB, and that stuff is > somehow needed for the TPM to work properly, and that having overwritten > that GRUB with Debian's, it won't work. [...]
I think you're confusing Secure Boot with Trusted Boot. Secure Boot does not use a TPM, and it ensures the integrity of the core OS in the face of remote attacks only. Trusted Boot requires a TPM and ensures integrity even in the face of physically present attackers that can tamper with hardware (to some extent). If integrity is lost, that should not prevent reading PCRs, but it would prevent reading secrets (such as disk decryption keys) that are stored in the TPM. I would instead suspect one of the following: 1. The error in the tpm_tis driver has been there all along, is harmless (because nothing is using the TPM), and the failure is unrelated to this message. 2. The Ubuntu kernel behaves differently on this hardware depending on whether it was booted 'cold' (from power-off) or 'warm' (reboot). 3. This is a regression in the tpm_tis driver in the Ubuntu kernel that is unrelated to the upgrade. Ben. -- Ben Hutchings If at first you don't succeed, you're doing about average.
signature.asc
Description: This is a digitally signed message part
