forked from ThomasHabets/simple-tpm-pk11
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TPM-TROUBLESHOOTING
55 lines (55 loc) · 1.66 KB
/
TPM-TROUBLESHOOTING
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
Problem:
tpm_clear --force
[...] TPM is disabled
Solution:
Go into BIOS and enable the TPM chip.
---
Problem:
tpm_clear --force
TPM Successfully Cleared. You need to reboot to complete this operation.
After reboot the TPM will be in the default state: unowned,
disabled and inactive.
Solution:
Reboot.
---
Problem
tpm_clear --force
[...] Bad physical presence value
Solution
Reset using a cold boot and the BIOS. See below.
---
Problem
stpm-keygen -o my.key
[...] TPM is defending against dictionary attacks and is in some time-out period
Solution
tpm_resetdalock
---
Problem
One of the solutions assumes I know the owner password, and I don't.
Solution
1) Shut off the machine. Reboot will not do. Power it down.
2) Boot the machine and enter the BIOS.
3) In the BIOS, find "Clear TPM chip" and run that.
4) Boot the OS and start from scratch with tpm_takeownership.
---
Problem
Key not found in persistent storage.
Solution
Did you reboot after clearing/taking ownership? Try that first.
---
Problem
stpm-keygen -o my.key
Tspi_Context_LoadKeyByUUID: Code=0x00002020: tcs: Key not found in persistent storage
Solution
Is the TPM chip active? Check with tpm_getpubek. If it says it's
inactive you may need to turn it on in the BIOS. If that doesn't
work, try clearing it and starting from scratch.
---
Problem
After re-installation of the operating system the key is not found.
$ ssh server
C_GetTokenInfo failed: 6 no keys
Solution
The base library trousers saves some part of the key on the local filesystem.
https://sourceforge.net/p/trousers/mailman/message/28828649/
Copy the file /var/lib/tpm/system.data as root to your new system.