tcsd daemon fails to start up, becuase its init script tries to change user to tss and this user doesn't have sufficient right to operate tpm0. Reproducible: Always Steps to Reproduce: 1. Load tpm_tis module 2. Start up tcsd daemon by calling: /etc/init.d/tcsd start 3. Actual Results: tcsd fails to start up with the fllowing error message: "TrouSerS ERROR: Could not find a device to open!" Expected Results: tcsd should start up. tpm0 device (/dev/tpm0) is owned by root:root with 660 rights, and tcsd daemon run under tss user doesn't have sufficient rights to operate that device. So one of the solutions would be to run tcsd as root. Current version: start-stop-daemon --start --chuid tss --exec /usr/sbin/tcsd Way to fix: start-stop-daemon --start --exec /usr/sbin/tcsd Using the aboveline line resolves the issue.
Created attachment 160712 [details, diff] patch for tcsd init script
You could of course also write a udev rule to set the user/group for /dev/tpm* instead of running tcsd as root...
Here's the rule from tpm-emulator. We should install it for trousers as well I think. /etc/udev/rules.d/60-tpm-emulator.rules:KERNEL=="tpm", NAME="%k", SYMLINK+="tpm0", GROUP="tss", MODE="0660"
Well, the udev rule is not working for a real TPM device. /etc/udev/rules.d/45-tpm.rules : KERNEL=="tpm[0-9]*", MODE="0600", OWNER="tss", GROUP="tss" This is working pretty well on my Thinkpad.
Also the ownership of the data file is wrong : chmod tss:tss /var/lib/tpm/ chmod tss:tss /var/lib/tpm/system.data
udev rules added in 0.3.6.