This has happened to me 2x so far. Running ArchLinux (kernel 6.7.4). I book up the computer (this time I believe it had hibernated), and I see a message stating I need to reset my fTPM because I swapped the CPU:
Now, I did not swap the CPU, and I’m going to assume some threat actor didn’t break into my house, swap my CPU, etc, just to evilmaid my computer. There are two possible things that could cause this (or both at the same time):
I recently switched from suspend to suspend-to-hibernate.
I set up tpm2-totp (if you’re not familiar, in the initramfs it uses PCR sealed values to calculate a TOTP to verify nobody has disabled secureboot, swapped the kernel, etc).
It only runs in the initramfs, and it never gives me any errors, so I’m not sure how it could cause this. Any ideas?
Update: I just had it happen again after a reboot. It got stuck on shutdown saying tpm timed out, and then after a power cycle, I got the error.
Hi @Loell_Framework, thanks for getting back to me. I can’t really be sure since I don’t run those distros. I believe I have ruled out hibernation and think it’s a bug either with linux or tpm2-totp. It happens extremely frequently. I’m going to try disabling tpm2-totp and seeing what happens.
@Matt_Hartley thanks for the update. I’ll switch over now. I do believe TPM is the issue in conjunction with the new kernel. I’ve seen the system freeze up both from systemd-creds and from tpm2-totp, and it seems to cause the entire BIOS to reset. The power button pulses and the charging lights flash all colors, and when it comes back either the fTPM or BIOS have been reset.
Update for @Matt_Hartley@Loell_Framework I have reverted and my TPM seems to be working as expected again. I also noticed a few other issues you might be interested in: hardware decoding YT videos causes a lot of gitches, however hibernate seemed a lot more reliable.
Appreciate the update. As the original issue appears to be resolved, I will mark this thread accordingly. I have seen hardware decoding YT videos cause issues in the past. If you can duplicate, do file a bug report for sure.
