Slow boot after update, this is related to TPM

Support
,
1

Slow boot after recent updates (stable) of latest Manjaro (4 feb?). When I hit ESC while booting I can see a message that the system is looking for TPM but times out after 1m30s:
(1 of 2) A start job is running for /dev/tpm0
and after that:
(1 of 2) A start job is running for /dev/tpmrm0

After a while the booting resumes. Searching online offers a solution that seemed to have helped a lot of others:

sudo systemctl mask dev-tpmrm0.device

Or you can disable TPM in the BIOS. On my system it is enabled (and as far as I know was enabled before the updates) in the BIOS and I would like to have it enabled, so NOT masking it. But it seems something is preventing Manjaro from using TPM. Is there something I can do other than masking dev-tpmrm0.device?

By the way, my disk is encrypted.
[UPDATE] When I disable TPM in BIOS the boot time is indeed normal
thanks,
Richard

2

Hi @airdew and welcome to the Manjaro Community! :vulcan_salute:

I’m afraid my knowledge of TPM and encryption is rather limited :roll_eyes: but I’m sure someone will come along; to that end it is always good to provide system info:

inxi -zv8

… use the code formatting (the </> button at the top of the Reply window or the three backticks ``` on lines above and below the pasted output.

Note: This output is privacy-filtered using the above command.

Cheers! :wink:

1 Like
3 
System:
  Kernel: 6.12.68-1-MANJARO arch: x86_64 bits: 64 compiler: gcc v: 15.2.1
    clocksource: tsc avail: hpet,acpi_pm
    parameters: BOOT_IMAGE=/boot/vmlinuz-6.12-x86_64
    root=UUID=60ec38a9-a04f-43ba-aa25-c80f7c566289 rw quiet
    cryptdevice=UUID=5901e1a2-4e29-4e4c-8c2f-0dcc07f60ad4:luks-5901e1a2-4e29-4e4c-8c2f-0dcc07f60ad4
    root=/dev/mapper/luks-5901e1a2-4e29-4e4c-8c2f-0dcc07f60ad4 splash
    udev.log_priority=3
  Desktop: KDE Plasma v: 6.5.5 tk: Qt v: N/A info: frameworks v: 6.22.0
    wm: kwin_wayland vt: 1 dm: SDDM Distro: Manjaro base: Arch Linux
Machine:
  Type: Laptop System: Dell product: XPS 15 9560 v: N/A
    serial: <superuser required> Chassis: type: 10 serial: <superuser required>
  Mobo: Dell model: 05FFDN v: A00 serial: <superuser required> part-nu: 07BE
    uuid: <superuser required> Firmware: UEFI vendor: Dell v: 1.31.0
    date: 11/10/2022
Battery:
  ID-1: BAT0 charge: 54.8 Wh (84.5%) condition: 64.9/97 Wh (66.9%)
    volts: 12.25 min: 11.4 model: SMP DELL GPM0365 type: Li-ion serial: <filter>
    charging: status: not charging control: start: 50% end: 85% type: custom
    avail: adaptive,custom,fast,standard,trickle cycles: N/A
Memory:
  System RAM: total: 16 GiB available: 15.47 GiB used: 2.12 GiB (13.7%)
  Message: For most reliable report, use superuser + dmidecode.
  Array-1: capacity: 32 GiB slots: 2 modules: 2 EC: None
    max-module-size: 16 GiB note: est.
  Device-1: DIMM A type: DDR4 detail: synchronous unbuffered (unregistered)
    size: 8 GiB speed: 2400 MT/s volts: note: check curr: 1 min: 1 max: 1
    width (bits): data: 64 total: 64 manufacturer: SK Hynix
    part-no: HMA81GS6AFR8N-UH serial: <filter>
  Device-2: DIMM B type: DDR4 detail: synchronous unbuffered (unregistered)
    size: 8 GiB speed: 2400 MT/s volts: note: check curr: 1 min: 1 max: 1
    width (bits): data: 64 total: 64 manufacturer: SK Hynix
    part-no: HMA81GS6AFR8N-UH serial: <filter>
PCI Slots:
  Permissions: Unable to run dmidecode. Root privileges required.
CPU:
  Info: model: Intel Core i7-7700HQ bits: 64 type: MT MCP arch: Kaby Lake
    gen: core 7 level: v3 note: check built: 2018 process: Intel 14nm family: 6
    model-id: 0x9E (158) stepping: 9 microcode: 0xF8
  Topology: cpus: 1x dies: 1 clusters: 4 cores: 4 threads: 8 tpc: 2
    smt: enabled cache: L1: 256 KiB desc: d-4x32 KiB; i-4x32 KiB L2: 1024 KiB
    desc: 4x256 KiB L3: 6 MiB desc: 1x6 MiB
  Speed (MHz): avg: 800 min/max: 800/3800 scaling: driver: intel_pstate
    governor: powersave cores: 1: 800 2: 800 3: 800 4: 800 5: 800 6: 800 7: 800
    8: 800 bogomips: 44817
  Flags: 3dnowprefetch abm acpi adx aes aperfmperf apic arat
    arch_capabilities arch_perfmon art avx avx2 bmi1 bmi2 bts clflush
    clflushopt cmov constant_tsc cpuid cpuid_fault cx16 cx8 de ds_cpl dtes64
    dtherm dts epb ept ept_ad erms est f16c flexpriority flush_l1d fma fpu
    fsgsbase fxsr ht hwp hwp_act_window hwp_epp hwp_notify ibpb ibrs ida
    intel_pt invpcid lahf_lm lm mca mce md_clear mmx monitor movbe mpx msr
    mtrr nonstop_tsc nopl nx pae pat pbe pcid pclmulqdq pdcm pdpe1gb pebs pge
    pln pni popcnt pse pse36 pti pts rdrand rdseed rdtscp rep_good sdbg sep
    smap smep ss ssbd sse sse2 sse4_1 sse4_2 ssse3 stibp syscall tm tm2
    tpr_shadow tsc tsc_adjust tsc_deadline_timer vme vmx vnmi vpid x2apic
    xgetbv1 xsave xsavec xsaveopt xsaves xtopology xtpr
  Vulnerabilities:
  Type: gather_data_sampling mitigation: Microcode
  Type: indirect_target_selection status: Not affected
  Type: itlb_multihit status: KVM: Split huge pages
  Type: l1tf mitigation: PTE Inversion; VMX: conditional cache flushes, SMT
    vulnerable
  Type: mds mitigation: Clear CPU buffers; SMT vulnerable
  Type: meltdown mitigation: PTI
  Type: mmio_stale_data mitigation: Clear CPU buffers; SMT vulnerable
  Type: reg_file_data_sampling status: Not affected
  Type: retbleed mitigation: IBRS
  Type: spec_rstack_overflow status: Not affected
  Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via
    prctl
  Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer
    sanitization
  Type: spectre_v2 mitigation: IBRS; IBPB: conditional; STIBP: conditional;
    RSB filling; PBRSB-eIBRS: Not affected; BHI: Not affected
  Type: srbds mitigation: Microcode
  Type: tsa status: Not affected
  Type: tsx_async_abort status: Not affected
  Type: vmscape mitigation: IBPB before exit to userspace
Graphics:
  Device-1: Intel Kaby Lake-H GT2 [HD Graphics 630] vendor: Dell driver: i915
    v: kernel arch: Gen-9.5 process: Intel 14nm built: 2016-20 ports:
    active: eDP-1 empty: DP-1, DP-2, HDMI-A-1, HDMI-A-2 bus-ID: 00:02.0
    chip-ID: 8086:591b class-ID: 0300
  Device-2: NVIDIA GP107M [GeForce GTX 1050 Mobile] vendor: Dell
    driver: nouveau v: kernel non-free: 550-580.xx+ status: current (as of
    2025-11; EOL~2026-12-xx) arch: Pascal code: GP10x process: TSMC 16nm
    built: 2016-2021 pcie: gen: 1 speed: 2.5 GT/s lanes: 16 link-max: gen: 3
    speed: 8 GT/s bus-ID: 01:00.0 chip-ID: 10de:1c8d class-ID: 0302
    temp: 39.0 C
  Device-3: Microdia Integrated_Webcam_HD driver: uvcvideo type: USB
    rev: 2.0 speed: 480 Mb/s lanes: 1 mode: 2.0 bus-ID: 1-12:4
    chip-ID: 0c45:6713 class-ID: 0e02
  Display: wayland server: X.org v: 1.21.1.21 with: Xwayland v: 24.1.9
    compositor: kwin_wayland driver: X: loaded: modesetting
    alternate: fbdev,vesa dri: iris,nouveau gpu: i915 display-ID: 0
  Monitor-1: eDP-1 model: Sharp 0x1453 built: 2015 res: mode: 1920x1080
    hz: 60 scale: 100% (1) dpi: 141 gamma: 1.2 chroma: red: x: 0.639 y: 0.329
    green: x: 0.298 y: 0.600 blue: x: 0.149 y: 0.059 white: x: 0.314 y: 0.329
    size: 346x194mm (13.62x7.64") diag: 397mm (15.6") ratio: 16:9
    modes: 1920x1080
  EDID-Warnings: 1: parse_edid: unknown flag 0
  API: EGL v: 1.5 hw: drv: intel iris drv: nvidia nouveau platforms:
    device: 0 drv: iris device: 1 drv: nouveau device: 2 drv: swrast gbm:
    drv: iris surfaceless: drv: iris wayland: drv: iris x11: drv: iris
  API: OpenGL v: 4.6 compat-v: 4.3 vendor: intel mesa v: 25.3.4-arch1.1
    glx-v: 1.4 direct-render: yes renderer: Mesa Intel HD Graphics 630 (KBL GT2)
    device-ID: 8086:591b memory: 15.11 GiB unified: yes display-ID: :1.0
  API: Vulkan v: 1.4.335 layers: 2 device: 0 type: integrated-gpu name: Intel
    HD Graphics 630 (KBL GT2) driver: mesa intel v: 25.3.4-arch1.1
    device-ID: 8086:591b surfaces: N/A device: 1 type: discrete-gpu
    name: NVIDIA GeForce GTX 1050 (NVK GP107) driver: mesa nvk
    v: 25.3.4-arch1.1 device-ID: 10de:1c8d surfaces: N/A
  Info: Tools: api: clinfo, eglinfo, glxinfo, vulkaninfo
    de: kscreen-console,kscreen-doctor wl: wayland-info x11: xdpyinfo,xprop
Audio:
  Device-1: Intel CM238 HD Audio vendor: Dell driver: snd_hda_intel v: kernel
    alternate: snd_soc_avs bus-ID: 00:1f.3 chip-ID: 8086:a171 class-ID: 0403
  API: ALSA v: k6.12.68-1-MANJARO status: kernel-api with: aoss
    type: oss-emulator tools: alsactl,alsamixer,amixer
  Server-1: JACK v: 1.9.22 status: off tools: N/A
  Server-2: PipeWire v: 1.4.10 status: active with: 1: pipewire-pulse
    status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
    tools: pactl,pw-cat,pw-cli,wpctl
Network:
  Device-1: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter
    vendor: Rivet Networks Killer Wireless-n/a/ac 1535 driver: ath10k_pci
    v: kernel pcie: gen: 1 speed: 2.5 GT/s lanes: 1 bus-ID: 02:00.0
    chip-ID: 168c:003e class-ID: 0280 temp: 47.0 C
  IF: wlp2s0 state: up mac: <filter>
  IP v4: <filter> type: dynamic noprefixroute scope: global
    broadcast: <filter>
  IP v6: <filter> type: dynamic noprefixroute scope: global
  IP v6: <filter> type: dynamic noprefixroute scope: global
  IP v6: <filter> type: noprefixroute scope: link
  Info: services: NetworkManager, systemd-timesyncd, wpa_supplicant
  WAN IP: <filter>
Bluetooth:
  Device-1: Qualcomm Atheros QCA61x4 Bluetooth 4.0 driver: btusb v: 0.8
    type: USB rev: 2.0 speed: 12 Mb/s lanes: 1 mode: 1.1 bus-ID: 1-4:2
    chip-ID: 0cf3:e300 class-ID: e001
  Report: rfkill ID: hci0 rfk-id: 0 state: up address: see --recommends
Logical:
  Message: No logical block device data found.
  Device-1: luks-5901e1a2-4e29-4e4c-8c2f-0dcc07f60ad4 maj-min: 254:0
    type: LUKS dm: dm-0 size: 476.64 GiB
  Components:
  p-1: nvme0n1p2 maj-min: 259:2 size: 476.64 GiB
RAID:
  Message: No RAID data found.
Drives:
  Local Storage: total: 476.94 GiB used: 112.22 GiB (23.5%)
  SMART Message: Unable to run smartctl. Root privileges required.
  ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: SanDisk model: THNSN5512GPUK
    NVMe TOSHIBA 512GB size: 476.94 GiB block-size: physical: 512 B
    logical: 512 B speed: 31.6 Gb/s lanes: 4 tech: SSD serial: <filter>
    fw-rev: 5KDA4103 temp: 36.9 C scheme: GPT
  Message: No optical or floppy data found.
Partition:
  ID-1: / raw-size: 476.64 GiB size: 468.09 GiB (98.21%)
    used: 112.22 GiB (24.0%) fs: ext4 dev: /dev/dm-0 maj-min: 254:0
    mapped: luks-5901e1a2-4e29-4e4c-8c2f-0dcc07f60ad4 label: N/A
    uuid: 60ec38a9-a04f-43ba-aa25-c80f7c566289
  ID-2: /boot/efi raw-size: 300 MiB size: 299.4 MiB (99.80%)
    used: 704 KiB (0.2%) fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1 label: N/A
    uuid: 7F4C-2CE5
Swap:
  Alert: No swap data was found.
Unmounted:
  Message: No unmounted partitions found.
USB:
  Hub-1: 1-0:1 info: hi-speed hub with single TT ports: 16 rev: 2.0
    speed: 480 Mb/s (57.2 MiB/s) lanes: 1 mode: 2.0 chip-ID: 1d6b:0002
    class-ID: 0900
  Device-1: 1-4:2 info: Qualcomm Atheros QCA61x4 Bluetooth 4.0
    type: bluetooth driver: btusb interfaces: 2 rev: 2.0
    speed: 12 Mb/s (1.4 MiB/s) lanes: 1 mode: 1.1 power: 100mA
    chip-ID: 0cf3:e300 class-ID: e001
  Device-2: 1-7:3 info: Validity Sensors VFS7552 Touch Fingerprint Sensor
    type: <vendor specific> driver: N/A interfaces: 1 rev: 2.0
    speed: 12 Mb/s (1.4 MiB/s) lanes: 1 mode: 1.1 power: 100mA
    chip-ID: 138a:0091 class-ID: ff00 serial: <filter>
  Device-3: 1-12:4 info: Microdia Integrated_Webcam_HD type: video
    driver: uvcvideo interfaces: 2 rev: 2.0 speed: 480 Mb/s (57.2 MiB/s)
    lanes: 1 mode: 2.0 power: 500mA chip-ID: 0c45:6713 class-ID: 0e02
  Hub-2: 2-0:1 info: super-speed hub ports: 8 rev: 3.0
    speed: 5 Gb/s (596.0 MiB/s) lanes: 1 mode: 3.2 gen-1x1 chip-ID: 1d6b:0003
    class-ID: 0900
Sensors:
  System Temperatures: cpu: 44.0 C pch: 45.5 C mobo: 40.0 C gpu: nouveau
    temp: 39.0 C
  Fan Speeds (rpm): cpu: 2495 fan-2: 2482
Repos:
  Packages: pm: pacman pkgs: 1313 libs: 373 tools: pamac pm: flatpak pkgs: 0
  Active pacman repo servers in: /etc/pacman.conf
    1: http://download.opensuse.org/repositories/home:/pbek:/QOwnNotes/Arch_Extra/$arch
  Active pacman repo servers in: /etc/pacman.d/mirrorlist
    1: https://manjaro.kurdy.org/stable/$repo/$arch
    2: https://www.mirrorservice.org/sites/repo.manjaro.org/repos/stable/$repo/$arch
    3: https://mirror.raiolanetworks.com/manjaro/stable/$repo/$arch
    4: https://mirrors.ft.uam.es/manjaro/stable/$repo/$arch
    5: https://manjaro.mirror.liquidtelecom.com/stable/$repo/$arch
    6: https://mirror.meowsmp.net/manjaro/stable/$repo/$arch
    7: https://ftp.caliu.cat/pub/distribucions/manjaro/stable/$repo/$arch
    8: https://ftp.yz.yamagata-u.ac.jp/pub/linux/manjaro/stable/$repo/$arch
Processes:
  CPU top: 5 of 260
  1: cpu: 16.3% command: firefox pid: 1797 mem: 442.5 MiB (2.7%)
  2: cpu: 8.7% command: plasmashell pid: 1344 mem: 303.1 MiB (1.9%)
  3: cpu: 7.3% command: firefox pid: 2043 mem: 245.9 MiB (1.5%)
  4: cpu: 5.1% command: kwin_wayland pid: 1161 mem: 168.1 MiB (1.0%)
  5: cpu: 5.1% command: firefox pid: 2109 mem: 213.9 MiB (1.3%)
  Memory top: 5 of 260
  1: mem: 442.5 MiB (2.7%) command: firefox pid: 1797 cpu: 16.3%
  2: mem: 303.1 MiB (1.9%) command: plasmashell pid: 1344 cpu: 8.7%
  3: mem: 245.9 MiB (1.5%) command: firefox pid: 2043 cpu: 7.3%
  4: mem: 213.9 MiB (1.3%) command: firefox pid: 2109 cpu: 5.1%
  5: mem: 168.1 MiB (1.0%) command: kwin_wayland pid: 1161 cpu: 5.1%
Info:
  Processes: 260 Power: uptime: 3m states: freeze,mem,disk suspend: deep
    avail: s2idle wakeups: 0 hibernate: platform avail: shutdown, reboot,
    suspend, test_resume image: 6.16 GiB services: org_kde_powerdevil,
    power-profiles-daemon, upowerd Init: systemd v: 258 default: graphical
    tool: systemctl
  Compilers: gcc: 15.2.1 Shell: Zsh v: 5.9 running-in: konsole inxi: 3.3.40
1 Like
4

Did you try masking the tpm2 target?

systemctl list-dependencies tpm2.target
tpm2.target
● ├─dev-tpm0.device
● └─dev-tpmrm0.device

It includes all my tpm devices.

5

Which is what you should do. Manjaro does not support TPM, any more than that we support Secure Boot.

TPM serves no purpose that can also not be attained by way of Free Software means. It is a proprietary technology intended to limit what you can do with the computer that you paid for with your own money.

Mind you, I’m not saying that you cannot use it with Manjaro, but then getting it to work properly is on you. I’m sure that the Arch Wiki will have some good advice on how to set it up — disclaimer: I haven’t verified that.

4 Likes
6

The matter is a bit more complicated, but TLDR yes, disable it.

Once upon a time like 15-20+ years ago, as WINTEL was ruling the world, they tried to sell a nice idea (just like the case with secure boot). “Hey, why don’t we offload the encryption operations to a dedicated chip? It will be a lot faster and that will save a lot of CPU power”. This worked nice. For a very short time. Shortly after, dedicated encryption instructions began appearing in the cpus (and yes your inxi says you have this too). That meant no more 100% on en/decrypting an encrypted volume. So what happened with the now seemingly purposeless TPM chip…well, the hidden agenda of Microsoft and Intel surfaced and became evident. Licenses, Anticheat in Games, tracking and identifying user, remote control of machines to “protect them in case of theft” (or to follow political dissidents). Such stuff.
Fast forwarding a few decades, nowadays there often isn’t a physical chip anymore. The functionality is included in the firmware - fTPM. Because of course, the OEMs are playing in one team with Microsoft and co. and if MS says it has to be there it will be. It is also a nice way to force sell new hardware - “The new Winbose will not install if you do not have the new version of it and unfortunately your 3 year old PC has only the previous version and of course we cannot update it per firmware update”.

On AMD, since they are the underdog and as such the innovator, this software implementation came first. Unfortunately it was so buggy and that Linus Torvalds himself in his typical style wrote some nice emails and removed it from the linux kernel at some point a couple years ago.
You have intel, so in theory is not problematic (in my case for example i have PTT - Intel Platform trust or something, which is provided through Intel Management engine - the â– â– â– â–  that is a mini OS for remote control running behind your main OS which you cannot disable), but is it any good under Manjaro? I mean, you do not care about Microsoft licensing or telemetry, do you?

Performancewise, you can do a simple test with and without

openssl speed -evp aes-128-cbc

And i bet you will not see a difference since aes is in your CPU. Since you are using encryption, test a bit more without, but i am pretty sure your system and disk performance will not be slower.

3 Likes
7

Thanks everyone for taking the time for helping with my problem. It is clear to me now that I don´t need TPM. I disabled TPM in the BIOS and boot time is back to normal. It is just strange that this boot problem suddenly appeared.

1 Like
8

If you are dual-booting with MS-Glassware, then an update of that could indeed alter the settings in your UEFI. It is known to do that.

9

No dual boot here. Full Manjaro :grinning_face:

1 Like
10

Then a BIOS update, maybe? That would also apply some default settings.

11

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.