Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-122641

DELL+UEFI: Boot waits for 90 seconds for TPM to initialize before continuing

Linking RHIVOS CVEs to...Migration: Automation ...RHELPRIO AssignedTeam ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Undefined Undefined
    • None
    • rhel-10.0
    • systemd
    • None
    • None
    • Low
    • rhel-systemd
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      A customer is having DELL PowerEdge R640 systems, some booted in UEFI and some in BIOS mode.
      After disabling the TPM in the iDRAC, the UEFI system waits for 90 seconds for /dev/tpmrm0 to show up:

      Oct 07 14:39:20 xxx systemd[1]: Expecting device dev-tpmrm0.device - /dev/tpmrm0...
 :
Oct 07 14:40:49 xxx systemd[1]: dev-tpmrm0.device: Job dev-tpmrm0.device/start timed out.
Oct 07 14:40:49 xxx systemd[1]: Timed out waiting for device dev-tpmrm0.device - /dev/tpmrm0.
Oct 07 14:40:49 xxx systemd[1]: dev-tpmrm0.device: Job dev-tpmrm0.device/start failed with result 'timeout'.
Oct 07 14:40:49 xxx systemd[1]: Reached target tpm2.target - Trusted Platform Module.

      This occurs because systemd-tpm2-generator finds that there is /sys/firmware/efi directory and there is an ACPI table related to TPM2 (as unrelated /sys/firmware/acpi/tables/TPM2 node), causing the pull of tpm2.target unit by sysinit.target:

      # ls -l /run/systemd/generator/sysinit.target.wants/tpm2.target
[...] /run/systemd/generator/sysinit.target.wants/tpm2.target -> ../../../../usr/lib/systemd/system/tpm2.target

      When booting in BIOS mode, there is also /sys/firmware/acpi/tables/TPM2 node but the generator doesn't pull the target because /sys/firmware/efi doesn't exist as seen in debug mode:

      147299 10:40:36.369895 access("/sys/firmware/efi/", F_OK) = -1 ENOENT (No such file or directory) <0.000008>
 :
147299 10:40:36.371989 writev(2</dev/pts/0<char 136:0>>, [{iov_base="Not generating tpm2.target synchronization point, as firmware reports no TPM2 present.", iov_len=86}, {iov_base="\r\n", iov_len=2}], 2) = 88 <0.000008>

      Clearly the code is suboptimal but I don't know what should be done to be efficient: if the code doesn't rely on presence of /sys/firmware/efi then the boot will always be delayed when iDRAC disabled the TPM.

      What is the impact of this issue to you?

      Slowness booting.

      Please provide the package NVR for which the bug is seen:

      systemd-257-9.el10_0.1

      How reproducible is this bug?

      Always on DELL system with iDRAC disabling the TPM

              systemd-maint systemd maint mailing list
              rhn-support-rmetrich Renaud Métrich
              systemd maint mailing list systemd maint mailing list
              Frantisek Sumsal Frantisek Sumsal
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: