Can not get tcsd.service to start on boot tpm 1.2

i have enabled tpm in bios, i have enabled it for the kernel with the right tpm module with modprobe tpm and modprobe tpm_infineon. i can use tcsd by running tcsd -f and it will run and show version and self-test. i have enable tcsd by running sudo systemctl enable tcsd.service and rebooted but it will not start on boot.

  Kernel: 5.13.12-1-MANJARO x86_64 bits: 64 compiler: gcc v: 11.1.0 
  parameters: BOOT_IMAGE=/boot/vmlinuz-5.13-x86_64 
  root=UUID=eb5a3d5c-35f8-4cb7-85c2-b6367dd3f2e7 rw quiet apparmor=1 
  security=apparmor resume=UUID=cefe9419-d5a2-49ab-bc6b-6851525bc0e2 
  udev.log_priority=3 
  Desktop: KDE Plasma 5.22.4 tk: Qt 5.15.2 wm: kwin_x11 vt: 1 dm: SDDM 
  Distro: Manjaro Linux base: Arch Linux 
Machine:
  Type: Desktop System: Hewlett-Packard product: HP Z420 Workstation v: N/A 
  serial: <filter> Chassis: type: 6 serial: <filter> 
  Mobo: Hewlett-Packard model: 1589 v: 0.00 serial: <filter> 
  UEFI: Hewlett-Packard v: J61 v03.65 date: 12/19/2013 
Battery:
  Message: No system battery data found. Is one present? 
Memory:
  RAM: total: 15.56 GiB used: 10.85 GiB (69.7%) 
  RAM Report: permissions: Unable to run dmidecode. Root privileges required. 
CPU:
  Info: 6-Core model: Intel Xeon E5-1650 0 bits: 64 type: MT MCP 
  arch: Sandy Bridge family: 6 model-id: 2D (45) stepping: 7 microcode: 71A 
  cache: L2: 12 MiB bogomips: 76648 
  Speed: 1807 MHz min/max: 1200/3800 MHz Core speeds (MHz): 1: 1807 2: 1281 
  3: 1819 4: 1469 5: 2841 6: 1795 7: 2119 8: 1636 9: 1425 10: 1966 11: 1665 
  12: 1314 
  Flags: acpi aes aperfmperf apic arat arch_perfmon avx bts clflush cmov 
  constant_tsc cpuid cx16 cx8 dca de ds_cpl dtes64 dtherm dts epb ept est 
  flexpriority flush_l1d fpu fxsr ht ibpb ibrs ida lahf_lm lm mca mce md_clear 
  mmx monitor msr mtrr nonstop_tsc nopl nx pae pat pbe pcid pclmulqdq pdcm 
  pdpe1gb pebs pge pln pni popcnt pse pse36 pti pts rdtscp rep_good sep smx ss 
  ssbd sse sse2 sse4_1 sse4_2 ssse3 stibp syscall tm tm2 tpr_shadow tsc 
  tsc_deadline_timer vme vmx vnmi vpid x2apic xsave xsaveopt xtopology xtpr 
  Vulnerabilities: Type: itlb_multihit status: KVM: VMX disabled 
  Type: l1tf 
  mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable 
  Type: mds mitigation: Clear CPU buffers; SMT vulnerable 
  Type: meltdown mitigation: PTI 
  Type: spec_store_bypass 
  mitigation: Speculative Store Bypass disabled via prctl and seccomp 
  Type: spectre_v1 
  mitigation: usercopy/swapgs barriers and __user pointer sanitization 
  Type: spectre_v2 mitigation: Full generic retpoline, IBPB: conditional, 
  IBRS_FW, STIBP: conditional, RSB filling 
  Type: srbds status: Not affected 
  Type: tsx_async_abort status: Not affected 
Graphics:
  Device-1: NVIDIA GK104 [GeForce GTX 670] vendor: eVga.com. driver: nvidia 
  v: 470.63.01 alternate: nouveau,nvidia_drm bus-ID: 05:00.0 
  chip-ID: 10de:1189 class-ID: 0300 
  Device-2: Logitech Webcam C270 type: USB driver: snd-usb-audio,uvcvideo 
  bus-ID: 2-1.1:3 chip-ID: 046d:0825 class-ID: 0102 serial: <filter> 
  Display: x11 server: X.Org 1.20.13 compositor: kwin_x11 driver: 
  loaded: nvidia display-ID: :0 screens: 1 
  Screen-1: 0 s-res: 1920x1080 s-dpi: 49 s-size: 995x584mm (39.2x23.0") 
  s-diag: 1154mm (45.4") 
  Monitor-1: HDMI-0 res: 1920x1080 hz: 60 dpi: 50 size: 983x576mm (38.7x22.7") 
  diag: 1139mm (44.9") 
  OpenGL: renderer: NVIDIA GeForce GTX 670/PCIe/SSE2 v: 4.6.0 NVIDIA 470.63.01 
  direct render: Yes 
Audio:
  Device-1: Intel C600/X79 series High Definition Audio 
  vendor: Hewlett-Packard driver: snd_hda_intel v: kernel bus-ID: 00:1b.0 
  chip-ID: 8086:1d20 class-ID: 0403 
  Device-2: NVIDIA GK104 HDMI Audio vendor: eVga.com. driver: snd_hda_intel 
  v: kernel bus-ID: 05:00.1 chip-ID: 10de:0e0a class-ID: 0403 
  Device-3: Logitech Webcam C270 type: USB driver: snd-usb-audio,uvcvideo 
  bus-ID: 2-1.1:3 chip-ID: 046d:0825 class-ID: 0102 serial: <filter> 
  Sound Server-1: ALSA v: k5.13.12-1-MANJARO running: yes 
  Sound Server-2: sndio v: N/A running: no 
  Sound Server-3: JACK v: 1.9.19 running: no 
  Sound Server-4: PulseAudio v: 15.0 running: no 
  Sound Server-5: PipeWire v: 0.3.33 running: yes 
Network:
  Device-1: Intel 82579LM Gigabit Network vendor: Hewlett-Packard 
  driver: e1000e v: kernel port: e040 bus-ID: 00:19.0 chip-ID: 8086:1502 
  class-ID: 0200 
  IF: eno1 state: down mac: <filter> 
  Device-2: Realtek RTL88x2bu [AC1200 Techkey] type: USB driver: rtl88x2bu 
  bus-ID: 3-3:3 chip-ID: 0bda:b812 class-ID: 0000 serial: <filter> 
  IF: wlp8s0u3 state: up mac: <filter> 
  IP v4: <filter> type: dynamic noprefixroute scope: global 
  broadcast: <filter> 
  IP v6: <filter> type: dynamic noprefixroute scope: global 
  IP v6: <filter> type: noprefixroute scope: link 
  IF-ID-1: virbr0 state: down mac: <filter> 
  IP v4: <filter> scope: global broadcast: <filter> 
  WAN IP: <filter> 
Bluetooth:
  Device-1: Realtek Bluetooth Radio type: USB driver: btusb v: 0.8 
  bus-ID: 3-4:4 chip-ID: 0bda:8771 class-ID: e001 serial: <filter> 
  Report: rfkill ID: hci0 rfk-id: 0 state: up address: see --recommends 
Logical:
  Message: No logical block device data found. 
RAID:
  Hardware-1: Intel C600/X79 series SATA RAID Controller driver: ahci v: 3.0 
  port: e020 bus-ID: 00:1f.2 chip-ID: 8086.2826 rev: 05 class-ID: 0104 
Drives:
  Local Storage: total: 5.46 TiB used: 4.05 TiB (74.3%) 
  SMART Message: Unable to run smartctl. Root privileges required. 
  ID-1: /dev/sda maj-min: 8:0 vendor: Hitachi model: HUA723030ALA640 
  size: 2.73 TiB block-size: physical: 512 B logical: 512 B speed: 6.0 Gb/s 
  type: HDD rpm: 7200 serial: <filter> rev: NS00 scheme: GPT 
  ID-2: /dev/sdb maj-min: 8:16 vendor: Hitachi model: HUA723030ALA641 
  size: 2.73 TiB block-size: physical: 512 B logical: 512 B speed: 6.0 Gb/s 
  type: HDD rpm: 7200 serial: <filter> rev: A840 scheme: GPT 
  Optical-1: /dev/sr0 vendor: HL-DT-ST model: BD-RE WH16NS40 rev: 1.02 
  dev-links: cdrom 
  Features: speed: 48 multisession: yes audio: yes dvd: yes 
  rw: cd-r,cd-rw,dvd-r,dvd-ram state: running 
Partition:
  ID-1: / raw-size: 2.71 TiB size: 2.67 TiB (98.39%) used: 1.52 TiB (57.1%) 
  fs: ext4 dev: /dev/sdb2 maj-min: 8:18 label: N/A 
  uuid: eb5a3d5c-35f8-4cb7-85c2-b6367dd3f2e7 
  ID-2: /boot/efi raw-size: 300 MiB size: 299.4 MiB (99.80%) 
  used: 296 KiB (0.1%) fs: vfat dev: /dev/sdb1 maj-min: 8:17 label: NO_LABEL 
  uuid: CF5D-8B08 
  ID-3: /run/media/silver/4e791ad8-37bc-4302-8014-d252aca7fd2a 
  raw-size: 2.72 TiB size: 2.68 TiB (98.39%) used: 2.52 TiB (94.3%) fs: ext4 
  dev: /dev/sda2 maj-min: 8:2 label: N/A 
  uuid: 4e791ad8-37bc-4302-8014-d252aca7fd2a 
Swap:
  Kernel: swappiness: 60 (default) cache-pressure: 100 (default) 
  ID-1: swap-1 type: partition size: 17.12 GiB used: 8.03 GiB (46.9%) 
  priority: -2 dev: /dev/sdb3 maj-min: 8:19 label: N/A 
  uuid: cefe9419-d5a2-49ab-bc6b-6851525bc0e2 
Unmounted:
  ID-1: /dev/sda1 maj-min: 8:1 size: 512 MiB fs: vfat label: N/A 
  uuid: DCED-8C98 
  ID-2: /dev/sda3 maj-min: 8:3 size: 8.85 GiB fs: swap label: N/A 
  uuid: f551f592-59f8-4c25-8bab-39ba383df62c 
USB:
  Hub-1: 1-0:1 info: Full speed (or root) Hub ports: 2 rev: 2.0 
  speed: 480 Mb/s chip-ID: 1d6b:0002 class-ID: 0900 
  Hub-2: 1-1:2 info: Intel Integrated Rate Matching Hub ports: 6 rev: 2.0 
  speed: 480 Mb/s chip-ID: 8087:0024 class-ID: 0900 
  Device-1: 1-1.3:8 info: HUION type: Mouse driver: uclogic,usbhid 
  interfaces: 2 rev: 1.1 speed: 12 Mb/s power: 100mA chip-ID: 256c:006e 
  class-ID: 0301 
  Hub-3: 2-0:1 info: Full speed (or root) Hub ports: 2 rev: 2.0 
  speed: 480 Mb/s chip-ID: 1d6b:0002 class-ID: 0900 
  Hub-4: 2-1:2 info: Intel Integrated Rate Matching Hub ports: 8 rev: 2.0 
  speed: 480 Mb/s chip-ID: 8087:0024 class-ID: 0900 
  Device-1: 2-1.1:3 info: Logitech Webcam C270 type: Video,Audio 
  driver: snd-usb-audio,uvcvideo interfaces: 4 rev: 2.0 speed: 480 Mb/s 
  power: 500mA chip-ID: 046d:0825 class-ID: 0102 serial: <filter> 
  Device-2: 2-1.2:4 info: HP Optical Mouse [672662-001] type: Mouse 
  driver: hid-generic,usbhid interfaces: 1 rev: 2.0 speed: 1.5 Mb/s 
  power: 100mA chip-ID: 03f0:094a class-ID: 0301 
  Hub-5: 3-0:1 info: Full speed (or root) Hub ports: 4 rev: 2.0 
  speed: 480 Mb/s chip-ID: 1d6b:0002 class-ID: 0900 
  Device-1: 3-1:2 info: China Resource Semico USB Keyboard 
  type: Keyboard,Mouse driver: hid-generic,usbhid interfaces: 2 rev: 1.1 
  speed: 1.5 Mb/s power: 500mA chip-ID: 1a2c:4c5e class-ID: 0301 
  Device-2: 3-3:3 info: Realtek RTL88x2bu [AC1200 Techkey] type: Network 
  driver: rtl88x2bu interfaces: 1 rev: 2.1 speed: 480 Mb/s power: 500mA 
  chip-ID: 0bda:b812 class-ID: 0000 serial: <filter> 
  Device-3: 3-4:4 info: Realtek Bluetooth Radio type: Bluetooth driver: btusb 
  interfaces: 2 rev: 1.1 speed: 12 Mb/s power: 500mA chip-ID: 0bda:8771 
  class-ID: e001 serial: <filter> 
  Hub-6: 4-0:1 info: Full speed (or root) Hub ports: 4 rev: 3.0 speed: 5 Gb/s 
  chip-ID: 1d6b:0003 class-ID: 0900 
Sensors:
  System Temperatures: cpu: 58.0 C mobo: N/A gpu: nvidia temp: 55 C 
  Fan Speeds (RPM): N/A gpu: nvidia fan: 35% 
Info:
  Processes: 450 Uptime: 1d 20h 55m wakeups: 7 Init: systemd v: 248 
  tool: systemctl Compilers: gcc: 11.1.0 alt: 10 clang: 12.0.1 Packages: 2931 
  pacman: 2856 lib: 605 flatpak: 57 snap: 18 Shell: Bash v: 5.1.8 
  running-in: kitty inxi: 3.3.06```

```Aug 28 18:49:43 silver-hpz420workstation systemd[1]: Started Manager for Trusted Computing resources.
Aug 28 18:49:44 silver-hpz420workstation tcsd[946]: TCSD TCS ERROR: system PS: open() of /var/lib/tpm/system.data failed: Permission denied
Aug 28 18:49:43 silver-hpz420workstation systemd[1]: tcsd.service: Main process exited, code=exited, status=4/NOPERMISSION
Aug 28 18:49:43 silver-hpz420workstation systemd[1]: tcsd.service: Failed with result 'exit-code'.```
1 Like

:+1: Welcome to Manjaro! :+1:

  1. Please read this:
    How to provide good information
    and press the three dots below your post and press the :pencil2: to give us more information so we can see what’s really going on.
    Now we know the symptom of the disease, but we need some more probing to know where the origin lies… :grin:

  2. An inxi --admin --verbosity=7 --filter --no-host --width would be the minimum required information for us to be able to help you. (Personally Identifiable Information like serial numbers and MAC addresses will be filtered out by the above command)
    Also, please copy-paste that output in-between 3 backticks ``` at the beginning and end of the code/text.

  3. The output of:

    journalctl --system --boot=0 --unit=tcsd.service
    

    would be helpful as well

:+1:

P.S. If you want to notify me that you did provide this information, please :heart: this message and I’ll come back and have another look.

1 Like

Is there a compelling reason to be on Kernel 5.13 Stable? If not: have you tried 5.10 LTS yet?

Is there an UEFI firmware upgrade for your machine?

After you’ve implemented the above, try:

chmod a+r /etc/tcsd.conf

:crossed_fingers: