Your message dated Thu, 14 Sep 2023 05:00:10 +0000
with message-id <e1qgesy-003ngv...@fasolo.debian.org>
and subject line Bug#1041007: fixed in linux 6.5.3-1
has caused the Debian Bug report #1041007,
regarding linux-image-6.1.0-0.deb11.7-amd64: Please enable TPM hardware RNG
support (CONFIG_HW_RANDOM_TPM)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1041007: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041007
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:linux
Version: 6.1.20-2~bpo11+1
Severity: normal
X-Debbugs-Cc: jflf_ker...@gmx.com
Dear Maintainer,
Currently no Debian kernel enables support for TPM hardware RNG. On one of my
systems:
$ uname -a
Linux XXX 6.1.0-0.deb11.7-amd64 #1 SMP PREEMPT_DYNAMIC Debian
6.1.20-2~bpo11+1 (2023-04-23) x86_64 GNU/Linux
$ cat /sys/class/tpm/tpm0/device/description
TPM 2.0 Device
$ ls /dev/tpm*
/dev/tpm0 /dev/tpmrm0
$ sudo tpm2_getrandom 16 | xxd -p
7ba65632453b191385a3989485ac80a3
$ grep HW_RANDOM_TPM /boot/config-$(uname -r)
<nothing>
$ find /lib/modules/$(uname -r) -iname \*tpm\*rng\*
<nothing again>
$ ls /dev/hwrng
ls: cannot access '/dev/hwrng': No such file or directory
I have checked the current bookworm and trixie kernel debs, and they don't
include it either. It should be enabled there too.
I manage multiple older amd64 machines that have discrete TPM chips, but no
RDRAND instruction or any other hardware RNG. Enabling support for the TPM RNG
would provide the kernel with additional entropy earlier in the boot process.
Thank you very much!
-- Package-specific info:
** Version:
Linux version 6.1.0-0.deb11.7-amd64 (debian-kernel@lists.debian.org) (gcc-10
(Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1
SMP PREEMPT_DYNAMIC Debian 6.1.20-2~bpo11+1 (2023-04-23)
** Command line:
BOOT_IMAGE=/boot/vmlinuz-6.1.0-0.deb11.7-amd64
root=UUID=0c206836-a588-4a57-9c6d-92d3f3e20d01 ro quiet nmi_watchdog=0
** Tainted: PUOE (12353)
* proprietary module was loaded
* taint requested by userspace application
* externally-built ("out-of-tree") module was loaded
* unsigned module was loaded
** Kernel log:
Jul 13 07:19:40 silverpad kernel: ACPI: SSDT 0x00000000D7FFA000 0004B7 (v02
LENOVO Tpm2Tabl 00001000 INTL 20141107)
Jul 13 07:19:40 silverpad kernel: ACPI: TPM2 0x00000000D7FF8000 000034 (v03
LENOVO TP-R0C 00001370 PTEC 00000002)
Jul 13 07:19:40 silverpad kernel: ACPI: Reserving TPM2 table memory at [mem
0xd7ff8000-0xd7ff8033]
** Model information
sys_vendor: LENOVO
product_name: 20GJCTO1WW
product_version: ThinkPad 13
chassis_vendor: LENOVO
chassis_version: None
bios_vendor: LENOVO
bios_version: R0CET49W (1.37 )
board_vendor: LENOVO
board_name: 20GJCTO1WW
board_version: SDK0J40709 WIN
** Loaded modules:
isofs
cdrom
uas
usb_storage
uinput
ctr
ccm
rfcomm
nft_fib_inet
nft_fib_ipv4
nft_fib_ipv6
nft_fib
nft_reject_inet
nf_reject_ipv4
vboxnetadp(OE)
nf_reject_ipv6
vboxnetflt(OE)
nft_reject
nft_ct
nft_chain_nat
nf_nat
nf_conntrack
nf_defrag_ipv6
nf_defrag_ipv4
vboxdrv(OE)
ip_set
nf_tables
nfnetlink
zstd
zstd_compress
cmac
algif_hash
algif_skcipher
zram
af_alg
zsmalloc
bnep
zfs(POE)
zunicode(POE)
zzstd(OE)
zlua(OE)
zavl(POE)
icp(POE)
zcommon(POE)
znvpair(POE)
spl(OE)
hid_logitech
ff_memless
hid_generic
snd_usb_audio
usbhid
snd_usbmidi_lib
snd_rawmidi
hid
snd_seq_device
cdc_ether
usbnet
r8152
mii
btusb
btrtl
btbcm
btintel
btmtk
bluetooth
jitterentropy_rng
uvcvideo
videobuf2_vmalloc
drbg
videobuf2_memops
videobuf2_v4l2
ansi_cprng
videobuf2_common
ecdh_generic
ecc
videodev
crc16
mc
snd_sof_pci_intel_skl
intel_rapl_msr
intel_rapl_common
snd_sof_intel_hda_common
snd_hda_codec_hdmi
x86_pkg_temp_thermal
intel_powerclamp
soundwire_intel
soundwire_generic_allocation
soundwire_cadence
coretemp
snd_sof_intel_hda
crc32_pclmul
snd_sof_pci
snd_sof_xtensa_dsp
snd_sof
snd_sof_utils
soundwire_bus
ghash_clmulni_intel
sha512_ssse3
sha512_generic
snd_soc_skl
snd_soc_hdac_hda
snd_ctl_led
snd_hda_ext_core
snd_soc_sst_ipc
snd_hda_codec_realtek
snd_soc_sst_dsp
snd_soc_acpi_intel_match
snd_soc_acpi
snd_hda_codec_generic
snd_soc_core
snd_compress
iwlmvm
snd_hda_intel
snd_intel_dspcfg
snd_intel_sdw_acpi
snd_hda_codec
intel_xhci_usb_role_switch
roles
snd_hda_core
aesni_intel
mac80211
crypto_simd
snd_hwdep
xhci_pci
cryptd
xhci_hcd
snd_pcm
mei_hdcp
ee1004
nls_ascii
rapl
libarc4
iwlwifi
e1000e
thinkpad_acpi
usbcore
nls_cp437
i2c_i801
mei_me
ptp
snd_timer
nvram
think_lmi
intel_lpss_pci
intel_cstate
platform_profile
vfat
intel_lpss
ledtrig_audio
fat
cfg80211
intel_uncore
intel_wmi_thunderbolt
wmi_bmof
firmware_attributes_class
pps_core
mei
i2c_smbus
usb_common
snd
idma64
intel_pch_thermal
battery
soundcore
rfkill
ac
button
intel_pmc_core
acpi_pad
joydev
sg
msr
sunrpc
ecryptfs
fuse
efi_pstore
configfs
ip_tables
x_tables
xfs
efivarfs
raid10
raid456
async_raid6_recov
async_memcpy
async_pq
async_xor
xor
async_tx
raid6_pq
libcrc32c
crc32c_generic
raid1
raid0
multipath
linear
md_mod
i915
i2c_algo_bit
drm_buddy
drm_display_helper
sd_mod
t10_pi
drm_kms_helper
crc64_rocksoft
crc64
crc_t10dif
cec
crct10dif_generic
rc_core
ahci
crct10dif_pclmul
libahci
ttm
crct10dif_common
libata
drm
crc32c_intel
psmouse
scsi_mod
evdev
serio_raw
scsi_common
video
wmi
-- System Information:
Debian Release: 11.7
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500,
'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-0.deb11.7-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_USER, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages linux-image-6.1.0-0.deb11.7-amd64 depends on:
ii initramfs-tools [linux-initramfs-tool] 0.140
ii kmod 28-1
ii linux-base 4.6
Versions of packages linux-image-6.1.0-0.deb11.7-amd64 recommends:
ii apparmor 2.13.6-10
ii firmware-linux-free 20200122-1
Versions of packages linux-image-6.1.0-0.deb11.7-amd64 suggests:
pn debian-kernel-handbook <none>
ii grub-efi-amd64 2.06-3~deb11u5
pn linux-doc-6.1 <none>
Versions of packages linux-image-6.1.0-0.deb11.7-amd64 is related to:
pn firmware-amd-graphics <none>
pn firmware-atheros <none>
pn firmware-bnx2 <none>
pn firmware-bnx2x <none>
pn firmware-brcm80211 <none>
pn firmware-cavium <none>
pn firmware-intel-sound <none>
pn firmware-intelwimax <none>
pn firmware-ipw2x00 <none>
pn firmware-ivtv <none>
ii firmware-iwlwifi 20230210-4~bpo11+1
pn firmware-libertas <none>
pn firmware-linux-nonfree <none>
ii firmware-misc-nonfree 20230210-4~bpo11+1
pn firmware-myricom <none>
pn firmware-netxen <none>
pn firmware-qlogic <none>
ii firmware-realtek 20230210-4~bpo11+1
pn firmware-samsung <none>
pn firmware-siano <none>
pn firmware-ti-connectivity <none>
pn xen-hypervisor <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: linux
Source-Version: 6.5.3-1
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
linux, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1041...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated linux package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 13 Sep 2023 22:20:48 +0200
Source: linux
Architecture: source
Version: 6.5.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1025845 1041007 1051249 1051455
Changes:
linux (6.5.3-1) unstable; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.2
https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3
.
[ Christian Göttsche ]
* Enable KFENCE support (not enabled by default) (Closes: #1025845)
.
[ Diederik de Haas ]
* net/xdp: Enable XDP_SOCKETS_DIAG as module (Closes: #1051455)
.
[ Ben Hutchings ]
* udeb: Make MPT modules optional in scsi-modules (fixes FTBFS on s390x)
(Closes: #1051249)
.
[ Salvatore Bonaccorso ]
* Refresh "radeon, amdgpu: Firmware is required for DRM and KMS on R600
onward"
* Set ABI to 1
* [rt] Update to 6.5.2-rt8
.
[ Emanuele Rocca ]
* [arm64] Add reset-rzg2l-usbphy-ctrl to usb-modules udeb in order to enable
USB support on Renesas RZ/G2L-SMARC boards.
* [arm64,armhf] drivers/hwspinlock: Enable CONFIG_HWSPINLOCK
* [arm64] Add support for Lenovo ThinkPad X13s: enable as modules
SC_DISPCC_8280XP, SC_GCC_8280XP, SC_GPUCC_8280XP, QCOM_SPMI_ADC5,
INTERCONNECT_QCOM_OSM_L3, INTERCONNECT_QCOM_SC8280XP, LEDS_QCOM_LPG,
QCOM_IPCC, QCOM_FASTRPC, NVMEM_SPMI_SDAM, PHY_QCOM_EDP, PHY_QCOM_QMP_PCIE,
PHY_QCOM_USB_SNPS_FEMTO_V2, PINCTRL_SC8280XP, PINCTRL_SC8280XP_LPASS_LPI,
PINCTRL_LPASS_LPI, POWER_RESET_QCOM_PON, BATTERY_QCOM_BATTMGR,
QCOM_Q6V5_ADSP, QCOM_Q6V5_PAS, QCOM_Q6V5_WCSS, QCOM_SYSMON, QCOM_LLCC,
QCOM_OCMEM, QCOM_PMIC_GLINK, QCOM_STATS, QCOM_APR, QCOM_ICC_BWMON,
SPI_QCOM_GENI, TYPEC_MUX_GPIO_SBU, QRTR_SMD, SND_SOC_WCD938X_SDW,
SND_SOC_LPASS_WSA_MACRO, SND_SOC_LPASS_VA_MACRO, SND_SOC_LPASS_RX_MACRO,
SND_SOC_LPASS_TX_MACRO, SND_SOC_QDSP6
(Thanks Steve Capper!)
* [arm64] Add Thinkpad X13s modules to udebs
.
[ Vincent Blut ]
* drivers/char/hw_random: Change HW_RANDOM from module to built-in
(Closes: #1041007)
* drivers/char/tpm: Do not explicitly set HW_RANDOM_TPM
* [arm64, cloud, x86] drivers/char/tpm: Do not explicitly enable TCG_TPM
* [arm*,ppc64*,sparc64,s390x] drivers/char/hw_random: Prevent some HW Random
Number Generator drivers from being built-in
Checksums-Sha1:
077843e2f9c08cc1def55e134ff52e8067609573 288931 linux_6.5.3-1.dsc
90adc41d78bcec83f78851281ba290052570d36c 141462376 linux_6.5.3.orig.tar.xz
a3bbbf54f9b9d60d69afa331ff96392fdab6a8a5 1493144 linux_6.5.3-1.debian.tar.xz
a2e326f7933128849657e7472fe053c721c5f4af 6858 linux_6.5.3-1_source.buildinfo
Checksums-Sha256:
e41e0a33c5eb34d3c53d50ad358ef5485107c148281ef9bf58f4c2a8a2080c66 288931
linux_6.5.3-1.dsc
55bc546f0b3e5b1fd984f0e22155fa9e0e7eca20fcb5f327a86f9ecfa3789983 141462376
linux_6.5.3.orig.tar.xz
f71a0ee85d794ce35b9cc181ef2d110739fdf0c3be3b347d57914a54e3eab4f3 1493144
linux_6.5.3-1.debian.tar.xz
fad7f3c2303d45bc31143efb780fc7a1cfd5892c2a992a86bd8fcba110e48a34 6858
linux_6.5.3-1_source.buildinfo
Files:
aa494d94e08a7d4ee3048bb845091d57 288931 kernel optional linux_6.5.3-1.dsc
d71d5db66002ebac64d41511a092a240 141462376 kernel optional
linux_6.5.3.orig.tar.xz
091bd031c1d3897a0b62986290918c18 1493144 kernel optional
linux_6.5.3-1.debian.tar.xz
3dcde84830920f3fe14a9ae0406898f6 6858 kernel optional
linux_6.5.3-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUCG7xfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ETL4P/3gd1GVYVrsgsbEHO8r7rtLP+tT2wQd8
J23k4l8hJwdGpbj9+RA/nRA5SApM47sltzHXvDjNeoEcNxMbY2EHmFjQRRi9CDh2
0F7fik+BinjOhgZ9Z66Cz/C9S9bXaLVbmxIUTU5Xs9NggQFZG+nhoKlgcdKx1unl
SDdRvSMGl+Pj0qYV1zKZNR7eE24T2/hgqNBljZD97NwvkAB/oW3OX3BQ841m5K7d
5USpje035AHUiTuZzMjSqKPWvc/S0JsTHnUuV39713Wt2IrupAS0w8ChSoAj4SEJ
rpAoMZdouAjcSYFsAobCcmBMsN7wykQRysp96niFKB08sg6LKxcTQTf66x5D/3TQ
o7w80bjwH9iCnvssRZknEWvMKl1Ie0SU9DNzQOP3Uc6GV+xNhxUMYVMcIyA3TZyW
8H+VoJ6ElaiUK14qUtozrc8DV4SvrDVJ540gFKq5Gwc8A6LQNrgKGvxG6ssVvRSM
AzyvFo5GvXz3gZN0nvegZvqHV3jLcUEYcr6ggSqkh/lEczwLWIv3hUFGfrBnc8/R
qGhEPDTgdJt4zwosB/8SfIEbxzgGiQLOw25ZgWmfQce0qpPQqLDnt53pFq863V5L
2Fw5qXDESn6any8DZYQKmteOTOalQhOBbBeiZUJtYE44bDsb5GHq1FnxeHmAyBJI
ILSglDr3fKOR
=XEiV
-----END PGP SIGNATURE-----
--- End Message ---
