Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to acquire DBus name com.intel.tss2.Tabrmd #778

Open
kgold2 opened this issue Apr 30, 2021 · 10 comments
Open

Failed to acquire DBus name com.intel.tss2.Tabrmd #778

kgold2 opened this issue Apr 30, 2021 · 10 comments

Comments

@kgold2
Copy link

kgold2 commented Apr 30, 2021
edited
Loading

This is my variation on what seems to be a frequent issue. Ubuntu groovy, abrmd installed with apt.

tpm2-abrmd --tcti=mssim (not as root)

Gives this error:

** (tpm2-abrmd:2275): CRITICAL **: 14:38:22.835: Failed to acquire DBus name com.intel.tss2.Tabrmd. UID 1000 must be allowed to "own" this name. Check DBus config and check that this is running as user tss or root.

  • How should I 'own' this name?
  • What's 'DBUS config' and what should be checked
  • What is 'this' that should be running as user tss or root?

UID 1000 is kgold

My tpm2-abrmd.conf was edited to add:

<policy user="kgold">
 <allow own="com.intel.tss2.Tabrmd"/>
</policy>

/etc/group has

tss:x:111:kgold
@kgold2 kgold2 changed the title ailed to acquire DBus name com.intel.tss2.Tabrmd Failed to acquire DBus name com.intel.tss2.Tabrmd Apr 30, 2021
@tstruk
Copy link
Contributor

tstruk commented Apr 30, 2021

If you want to run it as a user different than tss (or root) you need to edit abrmd dbus config file "/etc/dbus-1/system.d/tpm2-abrmd.conf" and add the following section:

  <policy user="tss">
    <allow own="com.intel.tss2.Tabrmd"/>
  </policy>
+ <policy user="kgold">
+  <allow own="com.intel.tss2.Tabrmd"/>
+ </policy>

and then reload the new configuration with:

$ sudo systemctl daemon-reload
$ sudo pkill -HUP dbus-daemon

After that it should work.

@kgold2
Copy link
Author

kgold2 commented Apr 30, 2021

I already had that. The markdown hid it, but I fixed it in the original comment.

It does not work. I tried your reload, tried rebooting a few times. I haven't gotten it to work on any Ubuntu, 16, 18, 20.

I also tried rebuilding from source, tried adding "./configure --with-dbuspolicydir=/etc/dbus-1/system.d" No success.

What does the error message mean?

@kgold2
Copy link
Author

kgold2 commented Apr 30, 2021

I tried running as root with the command

tpm2-abrmd --tcti=mssim --allow-root

and it apparently got the same error:

** (tpm2-abrmd:2344): CRITICAL **: 18:41:21.359: Failed to acquire DBus name com.intel.tss2.Tabrmd. UID 0 must be allowed to "own" this name. Check DBus config and check that this is running as user tss or root.

@tstruk
Copy link
Contributor

tstruk commented May 1, 2021

Could you check if apparmor isn't blocking access to dbus?

@kgold2
Copy link
Author

kgold2 commented May 17, 2021

Could you check if apparmor isn't blocking access to dbus?

There is no process with 'app' in the name. What else should I look for?

If it matters, both gnome and MATE seem to have dbus processes, and both work.

It may be something I'm doing wrong, but what. Three different Ubuntu distros all fail to run abrmd.

@williamcroberts
Copy link
Member

Could you check if apparmor isn't blocking access to dbus?

There is no process with 'app' in the name. What else should I look for?

If it matters, both gnome and MATE seem to have dbus processes, and both work.

It may be something I'm doing wrong, but what. Three different Ubuntu distros all fail to run abrmd.

apparmor is a linux kernel LSM, like SE Linux. You can check system logs as enabled state as discussed here:

Did you try that script I sent you?

@veikkoeeva
Copy link

veikkoeeva commented Jul 25, 2021
edited
Loading

I will add here that I seem to experience this same problem both by using WSL2 Ubuntu on Windows and using ubuntu-latest (Ubuntu) on GitHub Actions. My set up is like this:

    # This follows instructions at https://wiki.ubuntu.com/TPM/Testing.
    - name: Install Linux TPM 2.0 module (tpm2-abrmd)
      if: ${{ matrix.os == 'ubuntu-latest' }}
      run: |
        sudo apt-get update
        sudo apt-get install tpm2-abrmd
        sudo apt-get install libtss2-tcti-tabrmd-dev

    - name: Check Linux TPM 2.0 module functionality
      if: ${{ matrix.os == 'ubuntu-latest' }}
      run: |
        sudo service tpm2-abrmd start
        sudo tpm2-abrmd --allow-root --tcti=mssim --logger=stdout

And failure seem to be like described here. Looking at dbus etc. seem to indicate things are as they should, no AppArmor running either. Maybe on WSL2 some of the issue seem to be that one gets

System has not been booted with systemd as init system (PID 1).

if doing anything with systemd.

Some more, maybe useful, information

cat tpm2-abrmd.service

[Unit]
Description=TPM2 Access Broker and Resource Management Daemon
After=systemd-udev-settle.service
Requires=systemd-udev-settle.service
# This condition is needed when using the device TCTI. If the
# TCP mssim is used then the condition should be commented out.
# ConditionPathExistsGlob=/dev/tpm*

[Service]
Type=dbus
BusName=com.intel.tss2.Tabrmd
StandardOutput=syslog
ExecStart=/usr/sbin/tpm2-abrmd --tcti=mssim
User=tss

[Install]
WantedBy=multi-user.target

Running

sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti=mssim --logger=stdout &

produces

> [2] 163
XYZ@ABC:/$ sudo: /usr/local/sbin/tpm2-abrmd: command not found

[2]-  Exit 1                  sudo -u tss /usr/local/sbin/tpm2-abrmd --tcti=mssim --logger=stdout

Some issues may be relevant only to WSL2 on Windows and not ubuntu-latest on GitHub Actions. I've used WSL2 to troubleshoot, but it maybe be different.

I add this here in case others are trying to set up a TPM simulator either in GitHub Actions or globally and run into this problem. I used the instructions at https://wiki.ubuntu.com/TPM/Testing. This way there's at least some more search engine hits.

@Artiom-Morozov-Resilio
Copy link

For WSL2/ubuntu i've seen Failed to acquire DBus name com.intel.tss2.Tabrmd. UID <uid> must be allowed to "own" this name. Check DBus config and check that this is running as user tss or root. both for root and tss. Error message is misleading. Turned out dbus-daemon is not running by default ps wfax | fgrep dbus.
sudo service start dbus-daemon helps, tpm2-abrmd is now running.

@satheesh-kk
Copy link

For WSL2/ubuntu i've seen Failed to acquire DBus name com.intel.tss2.Tabrmd. UID <uid> must be allowed to "own" this name. Check DBus config and check that this is running as user tss or root. both for root and tss. Error message is misleading. Turned out dbus-daemon is not running by default ps wfax | fgrep dbus. sudo service start dbus-daemon helps, tpm2-abrmd is now running.

Facing same issue any update could help?

@AleDecre
Copy link

AleDecre commented Apr 21, 2023
edited
Loading

Hello everyone,
I'm not really an expert on the subject but I've been stuck on this error for several days too.
After trying to understand a bit I figured out that the tpm2-abrmd.service starts automatically (if enabled) and commits the bus to the default tpm device.
Stopping the service (on Ubuntu sudo systemctl stop tpm2-abrmd) and then rerunning the command sudo tpm2-abrmd --allow-root --tcti=mssim or sudo - u tss tpm2-abrmd --tcti=mssim everything seems to work fine, both with "mssim" and "swtpm" devices.
With refer to #782 it seems that it is our error message.
I hope it was helpful!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@tstruk @veikkoeeva @williamcroberts @kgold2 @AleDecre @satheesh-kk @Artiom-Morozov-Resilio