Troubleshooting

Ubuntu Core docs
1

Ubuntu Core runs on, and can be built for, a diverse and constantly evolving set of platforms and devices.

The majority of our users and developers experience very few issues, but any technology this complex and diverse will likely encounter some issues and incompatibilities.

This page attempts to guide users to either an appropriate solution to their issues, or the correct forum/thread where they can get help.

Ubuntu Core install error: TPM is in DA Lockout Mode

Installing Ubuntu Core 2x on a device with a TPM (such as an Intel NUC, or QEMU with emulated TPM) can sometimes result in a stalled installation and a TPM is in DA Lockout Mode error, as shown in the following example install log:

ubuntu snapd[15531]: handlers install.go:254:
   make system runnable
ubuntu snapd[115531]: secboot_tpm.go:483: 
   TPM provisioning error: the TPM is in DA lockout mode
ubuntu snapd[115531]: taskrunner.go:271:
   [change 2 "Setup system for run mode" task] failed: 
   cannot make system runnable: cannot seal the encryption keys:
   cannot provision TPM: the TPM is in DA lockout mode
ubuntu snapd[15531]: secboot_tpm.go:483: TPM provisioning error:
   the TPM is in DA lockout mode
ubuntu snapd[15531]: taskrunner.go:271:
   [change 2 "Setup system for run mode" task] failed:
   cannot make system runnable:
   cannot seal the encryption keys:
   cannot provision TPM:
   the TPM is in DA lockout mode

This error typically means the TPM has been locked to protect the system against potential dictionary attacks (DA) and the TPM needs to be cleared before the Ubuntu Core installation will proceed.

To clear the TPM on hardware, boot a classic Ubuntu system (such as a live version of Ubuntu 20.04 LTS from USB storage) and run the following command from a terminal:

echo 5 | sudo tee /sys/class/tpm/tpm0/ppi/request

To clear a software TPM, such as the test-snapd-swtpm snap, remove it and re-install it again:

snap remove test-snapd-swtpm --purge; snap install test-snapd-swtpm

Now reboot the problematic system and re-attempt the Ubuntu Core installation, which should continue without error.

Console-conf shows no-ip

During a snap refresh, console-conf may display an no-ip message.

Despite the no-ip message, you should still be able to connect to the device using SSH if you actually know the IP.

The snap changes command will show that one or more snaps are being updated and the device may need to reboot.

The solution to the no-ip error is to simply wait for any updates to complete.

Ubuntu Core boot asking for recovery key

When using Full Disk Encryption, a deviceā€™s Trusted Platform Module (TPM) stores the encryption keys necessary to decrypt and boot the device.

If an encrypted drive is detected, but the TPM does not contain a valid key, the Ubuntu Core boot process will prompt for a recovery key.

šŸ” Please enter the recovery key for disk /dev/disk/by-partuuid/c7f7971b: (press TAB for no echo)

To progress from this point, you will need to enter a previously retrieved recovery key for the device.

See Using recovery keys for further details.

4 Likes
2

Thanks @degville :hugs: That one saved my day :sweat_smile:

Even after that though, on a fresh ubuntu-core-22-amd64.img.xz install, Iā€™m stuck on a Please enter the recovery key for disk /dev/disk/etc... where, well, I donā€™t have that recovery key, Ubuntu Core install process created it automatically for me, didnā€™t it? If I donā€™t type in a key, system will reboot and ask me for the key again and again. Iā€™ve tried re-flashing my hard drive with the image with no more luckā€¦

Did I miss something there?

3

Iā€™m not entirely sure what might be happening, as youā€™ve not even had a chance to access the system to retrieve the recovery key.

It sounds similar to https://bugs.launchpad.net/snapd/+bug/1979185 which has been fixed in snapd (but not older UC images). It might be worth trying a dangerous/edge build of Ubuntu Core 22 to see if it has the same problem (eg. from https://cdimage.ubuntu.com/ubuntu-core/22/dangerous-edge/current/).

Iā€™ll speak to the team and see if they have any ideas.

1 Like
4

Thanks for the link to the bug report! Fell on it earlier too, yet I thought ā€œrandomlyā€ and not during the install didnā€™t quite match what was happening to me (plus I had no idea how to update the Ubuntu Core image :upside_down_face:).

Soā€¦ thanks for pointing me out to the latest image! Just tried ubuntu-core-22-amd64+intel-iot.img.xz (dated 2022-10-18 10:39 on my Europe/Paris browser), which ended up on an error:

secboot_tpm.go:572: TPM provisioning error: cannot access resource at handle TPM_RH_LOCKOUT because an authorization check failed

I realize now that I had the same error earlier with the stable version of the Ubuntu Core image (it was just secboot_tpm.go:491 instead of line :572, took a picture then), and after a reboot Iā€™m back to the TPM is in DA lockout mode. Thatā€™s where I re-use the echo 5 | sudo tee /sys/class/tpm/tpm0/ppi/request to clear out my TPM, and upon reboot the Ubuntu Core installation goes throughā€¦ which logic I donā€™t understand :exploding_head: Is that something expected to need to clear the hardware TPM before trying and installing Ubuntu Core?

Now it doesnā€™t ask me for a recovery key anymore (yay :raised_hands:) but it stops on [ OK ] Mounted /run/mnt/ubuntu-seed. for a while (looks like the exact same time as the wait for the key before), and then reboots automatically. And again, and againā€¦ I managed to video-capture the next lines (those are fast to go) and it says

snap-bootstrap[220]: error: cannot activate encrypted device "/dev/disk/by-partuuid/etc...": cannot activate with platform protected keys:

Then it goes too fast to see if something is written after ā€œkeys:ā€, but the following lines are:

[FAILED] Failed to start Mount initial filesystems.
[96.552168] snap-bootstrap[220]: - : cannot recover key: invalid key data: cannot complete authorization policy assertion: cannot complete OR assertions: current session digest not found in policy data
[96.552168] snap-bootstrap[220]: and activation with recovery key failed: cannot obtain recovery key: /usr/sbin/systemd-ask-password failed: exist status 1

(subject to lines overlap due to image per image video extraction and manual typing :upside_down_face::nerd_face:)

Is my platform just not supported, or does it look like some kind of bug? Running a Dell OptiPlex 3000 Micro Form Factor (which comes with TPM2).

5

I am seeing the same issue as @clorichel on a different device (Compulab Fitlet2). The device has a fTPM - (Intel Atom x5-E3930).

Iā€™ve tried a variety of channels and kernel combinations. It seems that the generic UC22 image for amd64 results in DA lockout after the first boot that sets up the encrypted partitions. There is no error message indicated a failure to seal keys to the TPM. Only messages saying information is being sealed at 0x188001/0x188002 handles. However, Iā€™ve pulled power after the initial boot completes and checked the TPM state on classic ubuntu to confirm that the TPM is in DA lockout before ever attempting a normal core22 boot.

Alternatively when using the intel-iot kernel, DA lockout does not occur during setup but rather after a few failed iterations of attempts to mount the two encrypted partitions.

My guess is that the keys arenā€™t properly sealed to the fTPM in either case. My plan is to add some debugging statements to snapd to see if itā€™s possible to find out how that key material is maybe not persisted during setup.

6

Iā€™m here after trying to follow this tutorial for Ubuntu Core 22 on an Intel NUC.

Using the image from the tutorial failed with the same DA lockout and then recovery key prompt.

I tried using the dangerous/edge build image that was linked above, but it failed with the same recovery key prompt. It looks like that image was built today, a few hours ago.

This was all tested on a NUC 8 i5 BEK.

Iā€™m going to revert back to the certified Ubuntu Core 18 image to be functional again. Let me know if there is a potential fix as I would be happy to wipe my system to test it out!

7

A follow up to my last post is that I updated the bios on my NUC to the latest version and installing Ubuntu Core 22 worked!

2 Likes
8

Thanks so much for letting us know. Iā€™ll add an entry here to help other people who may encounter a similar error.

9

The ā€œUbuntu Core install error: TPM is in DA Lockout Modeā€ instructions didnā€™t work for me.
Steps to reproduce on Ubuntu 22.04
download and extract image https://cdimage.ubuntu.com/ubuntu-core/20/stable/current/ubuntu-core-20-amd64.img.xz

sudo apt install qemu-kvm ovmf

sudo snap remove test-snapd-swtpm --purge; sudo snap install test-snapd-swtpm --edge

Run with:

sudo qemu-system-x86_64 \
 -enable-kvm \
 -smp 1 \
 -m 4096 \
 -machine q35 \
 -cpu host \
 -global ICH9-LPC.disable_s3=1 \
 -net nic,model=virtio \
 -net user,hostfwd=tcp::8022-:22,hostfwd=tcp::8090-:80  \
 -drive file=/usr/share/OVMF/OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on \
 -drive file=/usr/share/OVMF/OVMF_VARS.ms.fd,if=pflash,format=raw,unit=1 \
 -chardev socket,id=chrtpm,path="/var/snap/swtpm-mvo/current/swtpm-sock" \
 -tpmdev emulator,id=tpm0,chardev=chrtpm \
 -device tpm-tis,tpmdev=tpm0 \
 -drive "file=ubuntu-core-20-amd64.img",if=none,format=raw,id=disk1 \
 -device virtio-blk-pci,drive=disk1,bootindex=1 \
 -serial mon:stdio

I get the following log:

BdsDxe: loading Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x3,0x0)
BdsDxe: starting Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x3,0x0)
EFI stub: UEFI Secure Boot is enabled.
[    0.000000] Linux version 5.4.0-136-generic (buildd@lcy02-amd64-068) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #153-Ubuntu SMP Thu Nov 24 15:56:58 UTC 2022 (Ubuntu 5.4.0-136.153-generic 5.4.218)
[    0.000000] Command line: snapd_recovery_mode=install snapd_recovery_system=20230119 console=ttyS0 console=tty1 panic=-1
[    0.000000] KERNEL supported cpus:
[    0.000000]   Intel GenuineIntel
[    0.000000]   AMD AuthenticAMD
[    0.000000]   Hygon HygonGenuine
[    0.000000]   Centaur CentaurHauls
[    0.000000]   zhaoxin   Shanghai  
[    0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x008: 'MPX bounds registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x010: 'MPX CSR'
[    0.000000] x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
[    0.000000] x86/fpu: xstate_offset[3]:  832, xstate_sizes[3]:   64
[    0.000000] x86/fpu: xstate_offset[4]:  896, xstate_sizes[4]:   64
[    0.000000] x86/fpu: Enabled xstate features 0x1f, context size is 960 bytes, using 'compacted' format.
[    0.000000] BIOS-provided physical RAM map:
[    0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000002ffff] usable
[    0.000000] BIOS-e820: [mem 0x0000000000030000-0x000000000004ffff] reserved
[    0.000000] BIOS-e820: [mem 0x0000000000050000-0x000000000009ffff] usable
[    0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000007e7eefff] usable
[    0.000000] BIOS-e820: [mem 0x000000007e7ef000-0x000000007eaeefff] reserved
[    0.000000] BIOS-e820: [mem 0x000000007eaef000-0x000000007eb72fff] usable
[    0.000000] BIOS-e820: [mem 0x000000007eb73000-0x000000007eb7efff] ACPI data
[    0.000000] BIOS-e820: [mem 0x000000007eb7f000-0x000000007ebfefff] ACPI NVS
[    0.000000] BIOS-e820: [mem 0x000000007ebff000-0x000000007effffff] usable
[    0.000000] BIOS-e820: [mem 0x000000007f000000-0x000000007fffffff] reserved
[    0.000000] BIOS-e820: [mem 0x00000000b0000000-0x00000000bfffffff] reserved
[    0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000017fffffff] usable
[    0.000000] NX (Execute Disable) protection: active
[    0.000000] extended physical RAM map:
[    0.000000] reserve setup_data: [mem 0x0000000000000000-0x000000000002ffff] usable
[    0.000000] reserve setup_data: [mem 0x0000000000030000-0x000000000004ffff] reserved
[    0.000000] reserve setup_data: [mem 0x0000000000050000-0x000000000009ffff] usable
[    0.000000] reserve setup_data: [mem 0x0000000000100000-0x000000007d209017] usable
[    0.000000] reserve setup_data: [mem 0x000000007d209018-0x000000007d23b457] usable
[    0.000000] reserve setup_data: [mem 0x000000007d23b458-0x000000007d23c017] usable
[    0.000000] reserve setup_data: [mem 0x000000007d23c018-0x000000007d245a57] usable
[    0.000000] reserve setup_data: [mem 0x000000007d245a58-0x000000007e7eefff] usable
[    0.000000] reserve setup_data: [mem 0x000000007e7ef000-0x000000007eaeefff] reserved
[    0.000000] reserve setup_data: [mem 0x000000007eaef000-0x000000007eb72fff] usable
[    0.000000] reserve setup_data: [mem 0x000000007eb73000-0x000000007eb7efff] ACPI data
[    0.000000] reserve setup_data: [mem 0x000000007eb7f000-0x000000007ebfefff] ACPI NVS
[    0.000000] reserve setup_data: [mem 0x000000007ebff000-0x000000007effffff] usable
[    0.000000] reserve setup_data: [mem 0x000000007f000000-0x000000007fffffff] reserved
[    0.000000] reserve setup_data: [mem 0x00000000b0000000-0x00000000bfffffff] reserved
[    0.000000] reserve setup_data: [mem 0x0000000100000000-0x000000017fffffff] usable
[    0.000000] efi: EFI v2.70 by EDK II
[    0.000000] efi:  SMBIOS=0x7e9d7000  TPMFinalLog=0x7ebd7000  ACPI=0x7eb7e000  ACPI 2.0=0x7eb7e014  MEMATTR=0x7d9b0198  MOKvar=0x7d273000  TPMEventLog=0x7d246018 
[    0.000000] secureboot: Secure boot enabled
[    0.000000] Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7
[    0.000000] SMBIOS 2.8 present.
[    0.000000] DMI: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
[    0.000000] Hypervisor detected: KVM
[    0.000000] kvm-clock: Using msrs 4b564d01 and 4b564d00
[    0.000000] kvm-clock: cpu 0, msr 140a01001, primary cpu clock
[    0.000000] kvm-clock: using sched offset of 2086242036464 cycles
[    0.000005] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[    0.000011] tsc: Detected 2592.002 MHz processor
[    0.000113] last_pfn = 0x180000 max_arch_pfn = 0x400000000
[    0.000162] x86/PAT: Configuration [0-7]: WB  WC  UC- UC  WB  WP  UC- WT  
[    0.000177] last_pfn = 0x7f000 max_arch_pfn = 0x400000000
[    0.009747] check: Scanning 1 areas for low memory corruption
[    0.009856] Using GB pages for direct mapping
[    0.010164] secureboot: Secure boot enabled
[    0.010167] RAMDISK: [mem 0x57eeb000-0x59880fff]
[    0.010181] ACPI: Early table checksum verification disabled
[    0.010200] ACPI: RSDP 0x000000007EB7E014 000024 (v02 BOCHS )
[    0.010206] ACPI: XSDT 0x000000007EB7D0E8 00005C (v01 BOCHS  BXPC     00000001      01000013)
[    0.010220] ACPI: FACP 0x000000007EB79000 0000F4 (v03 BOCHS  BXPC     00000001 BXPC 00000001)
[    0.010226] ACPI: DSDT 0x000000007EB7A000 00235D (v01 BOCHS  BXPC     00000001 BXPC 00000001)
[    0.010231] ACPI: FACS 0x000000007EBA5000 000040
[    0.010235] ACPI: APIC 0x000000007EB78000 000078 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
[    0.010239] ACPI: HPET 0x000000007EB77000 000038 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
[    0.010243] ACPI: TPM2 0x000000007EB76000 00004C (v04 BOCHS  BXPC     00000001 BXPC 00000001)
[    0.010248] ACPI: MCFG 0x000000007EB75000 00003C (v01 BOCHS  BXPC     00000001 BXPC 00000001)
[    0.010252] ACPI: WAET 0x000000007EB74000 000028 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
[    0.010256] ACPI: BGRT 0x000000007EB73000 000038 (v01 INTEL  EDK2     00000002      01000013)
[    0.010258] ACPI: Reserving FACP table memory at [mem 0x7eb79000-0x7eb790f3]
[    0.010259] ACPI: Reserving DSDT table memory at [mem 0x7eb7a000-0x7eb7c35c]
[    0.010260] ACPI: Reserving FACS table memory at [mem 0x7eba5000-0x7eba503f]
[    0.010260] ACPI: Reserving APIC table memory at [mem 0x7eb78000-0x7eb78077]
[    0.010261] ACPI: Reserving HPET table memory at [mem 0x7eb77000-0x7eb77037]
[    0.010262] ACPI: Reserving TPM2 table memory at [mem 0x7eb76000-0x7eb7604b]
[    0.010262] ACPI: Reserving MCFG table memory at [mem 0x7eb75000-0x7eb7503b]
[    0.010263] ACPI: Reserving WAET table memory at [mem 0x7eb74000-0x7eb74027]
[    0.010263] ACPI: Reserving BGRT table memory at [mem 0x7eb73000-0x7eb73037]
[    0.010560] No NUMA configuration found
[    0.010561] Faking a node at [mem 0x0000000000000000-0x000000017fffffff]
[    0.010572] NODE_DATA(0) allocated [mem 0x17ffd5000-0x17fffffff]
[    0.010777] Zone ranges:
[    0.010778]   DMA      [mem 0x0000000000001000-0x0000000000ffffff]
[    0.010779]   DMA32    [mem 0x0000000001000000-0x00000000ffffffff]
[    0.010780]   Normal   [mem 0x0000000100000000-0x000000017fffffff]
[    0.010780]   Device   empty
[    0.010781] Movable zone start for each node
[    0.010783] Early memory node ranges
[    0.010783]   node   0: [mem 0x0000000000001000-0x000000000002ffff]
[    0.010784]   node   0: [mem 0x0000000000050000-0x000000000009ffff]
[    0.010785]   node   0: [mem 0x0000000000100000-0x000000007e7eefff]
[    0.010785]   node   0: [mem 0x000000007eaef000-0x000000007eb72fff]
[    0.010786]   node   0: [mem 0x000000007ebff000-0x000000007effffff]
[    0.010786]   node   0: [mem 0x0000000100000000-0x000000017fffffff]
[    0.010814] Zeroed struct page in unavailable ranges: 5133 pages
[    0.010815] Initmem setup node 0 [mem 0x0000000000001000-0x000000017fffffff]
[    0.019789] ACPI: PM-Timer IO Port: 0x608
[    0.019802] ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1])
[    0.019835] IOAPIC[0]: apic_id 0, version 17, address 0xfec00000, GSI 0-23
[    0.019837] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
[    0.019838] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level)
[    0.019838] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level)
[    0.019841] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level)
[    0.019842] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level)
[    0.019847] Using ACPI (MADT) for SMP configuration information
[    0.019849] ACPI: HPET id: 0x8086a201 base: 0xfed00000
[    0.019903] TSC deadline timer available
[    0.019910] smpboot: Allowing 1 CPUs, 0 hotplug CPUs
[    0.019927] KVM setup pv sched yield
[    0.019950] PM: Registered nosave memory: [mem 0x00000000-0x00000fff]
[    0.019951] PM: Registered nosave memory: [mem 0x00030000-0x0004ffff]
[    0.019952] PM: Registered nosave memory: [mem 0x000a0000-0x000fffff]
[    0.019953] PM: Registered nosave memory: [mem 0x7d209000-0x7d209fff]
[    0.019954] PM: Registered nosave memory: [mem 0x7d23b000-0x7d23bfff]
[    0.019955] PM: Registered nosave memory: [mem 0x7d23c000-0x7d23cfff]
[    0.019955] PM: Registered nosave memory: [mem 0x7d245000-0x7d245fff]
[    0.019957] PM: Registered nosave memory: [mem 0x7d273000-0x7d273fff]
[    0.019958] PM: Registered nosave memory: [mem 0x7d277000-0x7d27ffff]
[    0.019959] PM: Registered nosave memory: [mem 0x7e7ef000-0x7eaeefff]
[    0.019960] PM: Registered nosave memory: [mem 0x7eb73000-0x7eb7efff]
[    0.019960] PM: Registered nosave memory: [mem 0x7eb7f000-0x7ebfefff]
[    0.019961] PM: Registered nosave memory: [mem 0x7f000000-0x7fffffff]
[    0.019962] PM: Registered nosave memory: [mem 0x80000000-0xafffffff]
[    0.019962] PM: Registered nosave memory: [mem 0xb0000000-0xbfffffff]
[    0.019962] PM: Registered nosave memory: [mem 0xc0000000-0xffffffff]
[    0.019964] [mem 0xc0000000-0xffffffff] available for PCI devices
[    0.019965] Booting paravirtualized kernel on KVM
[    0.019974] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645519600211568 ns
[    0.019984] setup_percpu: NR_CPUS:8192 nr_cpumask_bits:1 nr_cpu_ids:1 nr_node_ids:1
[    0.020812] percpu: Embedded 60 pages/cpu s208896 r8192 d28672 u2097152
[    0.020845] setup async PF for cpu 0
[    0.020849] kvm-stealtime: cpu 0, msr 17ba32040
[    0.020860] Built 1 zonelists, mobility grouping on.  Total pages: 1025096
[    0.020860] Policy zone: Normal
[    0.020861] Kernel command line: snapd_recovery_mode=install snapd_recovery_system=20230119 console=ttyS0 console=tty1 panic=-1
[    0.021028] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, linear)
[    0.021092] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, linear)
[    0.021141] mem auto-init: stack:off, heap alloc:on, heap free:off
[    0.052360] Memory: 3934524K/4173772K available (14339K kernel code, 2394K rwdata, 9500K rodata, 2756K init, 4952K bss, 239248K reserved, 0K cma-reserved)
[    0.052995] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[    0.053037] Kernel/User page tables isolation: enabled
[    0.053063] ftrace: allocating 44631 entries in 175 pages
[    0.067075] rcu: Hierarchical RCU implementation.
[    0.067077] rcu:     RCU restricting CPUs from NR_CPUS=8192 to nr_cpu_ids=1.
[    0.067077]  Tasks RCU enabled.
[    0.067078] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies.
[    0.067079] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1
[    0.069143] NR_IRQS: 524544, nr_irqs: 256, preallocated irqs: 16
[    0.069293] random: crng init done
[    0.069311] Console: colour dummy device 80x25
[    0.069433] printk: console [tty1] enabled
[    0.234330] printk: console [ttyS0] enabled
[    0.234991] ACPI: Core revision 20190816
[    0.235730] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604467 ns
[    0.237183] APIC: Switch to symmetric I/O mode setup
[    0.238165] x2apic enabled
[    0.238801] Switched APIC routing to physical x2apic.
[    0.239564] KVM setup pv IPIs
[    0.241077] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
[    0.242048] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x255cb8d7d74, max_idle_ns: 440795265546 ns
[    0.243602] Calibrating delay loop (skipped) preset value.. 5184.00 BogoMIPS (lpj=10368008)
[    0.244911] pid_max: default: 32768 minimum: 301
[    0.251798] LSM: Security Framework initializing
[    0.252532] Yama: becoming mindful.
[    0.253115] AppArmor: AppArmor initialized
[    0.253789] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes, linear)
[    0.255625] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes, linear)
[    0.256870] *** VALIDATE tmpfs ***
[    0.257572] *** VALIDATE proc ***
[    0.258183] *** VALIDATE cgroup1 ***
[    0.258711] *** VALIDATE cgroup2 ***
[    0.259677] x86/cpu: User Mode Instruction Prevention (UMIP) activated
[    0.260817] Last level iTLB entries: 4KB 0, 2MB 0, 4MB 0
[    0.261608] Last level dTLB entries: 4KB 0, 2MB 0, 4MB 0, 1GB 0
[    0.262534] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[    0.263612] Spectre V2 : Mitigation: IBRS
[    0.264248] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[    0.265857] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT
[    0.266807] RETBleed: Mitigation: IBRS
[    0.267605] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
[    0.268865] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl and seccomp
[    0.270242] MDS: Mitigation: Clear CPU buffers
[    0.270878] MMIO Stale Data: Vulnerable: Clear CPU buffers attempted, no microcode
[    0.271604] SRBDS: Unknown: Dependent on hypervisor status
[    0.279339] Freeing SMP alternatives memory: 40K
[    0.281497] smpboot: CPU0: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz (family: 0x6, model: 0x9e, stepping: 0xa)
[    0.283192] Performance Events: Skylake events, full-width counters, Intel PMU driver.
[    0.283599] ... version:                2
[    0.283599] ... bit width:              48
[    0.283602] ... generic registers:      4
[    0.284176] ... value mask:             0000ffffffffffff
[    0.284917] ... max period:             00007fffffffffff
[    0.285710] ... fixed-purpose events:   3
[    0.286274] ... event mask:             000000070000000f
[    0.287169] rcu: Hierarchical SRCU implementation.
[    0.288175] smp: Bringing up secondary CPUs ...
[    0.288834] smp: Brought up 1 node, 1 CPU
[    0.289423] smpboot: Max logical packages: 1
[    0.290032] smpboot: Total of 1 processors activated (5184.00 BogoMIPS)
[    0.291382] devtmpfs: initialized
[    0.291663] x86/mm: Memory block size: 128MB
[    0.292756] PM: Registering ACPI NVS region [mem 0x7eb7f000-0x7ebfefff] (524288 bytes)
[    0.293963] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[    0.295620] futex hash table entries: 256 (order: 2, 16384 bytes, linear)
[    0.296671] pinctrl core: initialized pinctrl subsystem
[    0.297560] PM: RTC time: 12:29:31, date: 2023-02-14
[    0.298384] NET: Registered protocol family 16
[    0.299126] audit: initializing netlink subsys (disabled)
[    0.299743] EISA bus registered
[    0.300238] cpuidle: using governor ladder
[    0.300821] cpuidle: using governor menu
[    0.301443] KVM setup pv remote TLB flush
[    0.301998] ACPI: bus type PCI registered
[    0.302574] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
[    0.303606] audit: type=2000 audit(1676377770.132:1): state=initialized audit_enabled=0 res=1
[    0.304838] PCI: MMCONFIG for domain 0000 [bus 00-ff] at [mem 0xb0000000-0xbfffffff] (base 0xb0000000)
[    0.306151] PCI: MMCONFIG at [mem 0xb0000000-0xbfffffff] reserved in E820
[    0.307109] PCI: Using configuration type 1 for base access
[    0.309040] HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages
[    0.310681] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
[    0.312473] fbcon: Taking over console
[    0.313036] ACPI: Added _OSI(Module Device)
[    0.313638] ACPI: Added _OSI(Processor Device)
[    0.314274] ACPI: Added _OSI(3.0 _SCP Extensions)
[    0.314952] ACPI: Added _OSI(Processor Aggregator Device)
[    0.315613] ACPI: Added _OSI(Linux-Dell-Video)
[    0.316257] ACPI: Added _OSI(Linux-Lenovo-NV-HDMI-Audio)
[    0.317035] ACPI: Added _OSI(Linux-HPI-Hybrid-Graphics)
[    0.319719] ACPI: 1 ACPI AML tables successfully acquired and loaded
[    0.321288] ACPI: Interpreter enabled
[    0.321852] ACPI: (supports S0 S4 S5)
[    0.322376] ACPI: Using IOAPIC for interrupt routing
[    0.323090] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[    0.323711] ACPI: Enabled 2 GPEs in block 00 to 3F
[    0.326839] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[    0.327623] acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI HPX-Type3]
[    0.329072] acpi PNP0A08:00: _OSC: platform does not support [PCIeHotplug LTR]
[    0.330220] acpi PNP0A08:00: _OSC: OS now controls [SHPCHotplug PME AER PCIeCapability]
[    0.331377] PCI host bridge to bus 0000:00
[    0.331602] pci_bus 0000:00: root bus resource [io  0x0000-0x0cf7 window]
[    0.332453] pci_bus 0000:00: root bus resource [io  0x0d00-0xffff window]
[    0.333426] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window]
[    0.334517] pci_bus 0000:00: root bus resource [mem 0x80000000-0xafffffff window]
[    0.335594] pci_bus 0000:00: root bus resource [mem 0xc0000000-0xfebfffff window]
[    0.335602] pci_bus 0000:00: root bus resource [mem 0x800000000-0xfffffffff window]
[    0.336705] pci_bus 0000:00: root bus resource [mem 0xfed40000-0xfed44fff]
[    0.337797] pci_bus 0000:00: root bus resource [bus 00-ff]
[    0.338726] pci 0000:00:00.0: [8086:29c0] type 00 class 0x060000
[    0.340186] pci 0000:00:01.0: [1234:1111] type 00 class 0x030000
[    0.342765] pci 0000:00:01.0: reg 0x10: [mem 0xc0000000-0xc0ffffff pref]
[    0.345737] pci 0000:00:01.0: reg 0x18: [mem 0xc1083000-0xc1083fff]
[    0.350734] pci 0000:00:01.0: reg 0x30: [mem 0xffff0000-0xffffffff pref]
[    0.351711] pci 0000:00:01.0: BAR 0: assigned to efifb
[    0.353007] pci 0000:00:02.0: [1af4:1000] type 00 class 0x020000
[    0.356918] pci 0000:00:02.0: reg 0x10: [io  0x60e0-0x60ff]
[    0.359005] pci 0000:00:02.0: reg 0x14: [mem 0xc1082000-0xc1082fff]
[    0.363203] pci 0000:00:02.0: reg 0x20: [mem 0x800000000-0x800003fff 64bit pref]
[    0.364788] pci 0000:00:02.0: reg 0x30: [mem 0xfff80000-0xffffffff pref]
[    0.366941] pci 0000:00:03.0: [1af4:1001] type 00 class 0x010000
[    0.368497] pci 0000:00:03.0: reg 0x10: [io  0x6000-0x607f]
[    0.370090] pci 0000:00:03.0: reg 0x14: [mem 0xc1081000-0xc1081fff]
[    0.373365] pci 0000:00:03.0: reg 0x20: [mem 0x800004000-0x800007fff 64bit pref]
[    0.381725] pci 0000:00:1f.0: [8086:2918] type 00 class 0x060100
[    0.383017] pci 0000:00:1f.0: quirk: [io  0x0600-0x067f] claimed by ICH6 ACPI/GPIO/TCO
[    0.383830] pci 0000:00:1f.2: [8086:2922] type 00 class 0x010601
[    0.387604] pci 0000:00:1f.2: reg 0x20: [io  0x60c0-0x60df]
[    0.388937] pci 0000:00:1f.2: reg 0x24: [mem 0xc1080000-0xc1080fff]
[    0.391174] pci 0000:00:1f.3: [8086:2930] type 00 class 0x0c0500
[    0.393122] pci 0000:00:1f.3: reg 0x20: [io  0x6080-0x60bf]
[    0.396237] ACPI: PCI Interrupt Link [LNKA] (IRQs 5 *10 11)
[    0.397121] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 *10 11)
[    0.398003] ACPI: PCI Interrupt Link [LNKC] (IRQs 5 10 *11)
[    0.398872] ACPI: PCI Interrupt Link [LNKD] (IRQs 5 10 *11)
[    0.399694] ACPI: PCI Interrupt Link [LNKE] (IRQs 5 *10 11)
[    0.400565] ACPI: PCI Interrupt Link [LNKF] (IRQs 5 *10 11)
[    0.401456] ACPI: PCI Interrupt Link [LNKG] (IRQs 5 10 *11)
[    0.402433] ACPI: PCI Interrupt Link [LNKH] (IRQs 5 10 *11)
[    0.403199] ACPI: PCI Interrupt Link [GSIA] (IRQs *16)
[    0.403612] ACPI: PCI Interrupt Link [GSIB] (IRQs *17)
[    0.404752] ACPI: PCI Interrupt Link [GSIC] (IRQs *18)
[    0.405520] ACPI: PCI Interrupt Link [GSID] (IRQs *19)
[    0.406524] ACPI: PCI Interrupt Link [GSIE] (IRQs *20)
[    0.407382] ACPI: PCI Interrupt Link [GSIF] (IRQs *21)
[    0.407615] ACPI: PCI Interrupt Link [GSIG] (IRQs *22)
[    0.408382] ACPI: PCI Interrupt Link [GSIH] (IRQs *23)
[    0.409710] iommu: Default domain type: Translated 
[    0.410595] SCSI subsystem initialized
[    0.411186] pci 0000:00:01.0: vgaarb: setting as boot VGA device
[    0.411599] pci 0000:00:01.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none
[    0.411602] pci 0000:00:01.0: vgaarb: bridge control possible
[    0.412318] vgaarb: loaded
[    0.412732] ACPI: bus type USB registered
[    0.413386] usbcore: registered new interface driver usbfs
[    0.414267] usbcore: registered new interface driver hub
[    0.415077] usbcore: registered new device driver usb
[    0.415639] pps_core: LinuxPPS API ver. 1 registered
[    0.416398] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
[    0.417554] PTP clock support registered
[    0.418563] EDAC MC: Ver: 3.0.0
[    0.419160] Registered efivars operations
[    0.419671] PCI: Using ACPI for IRQ routing
[    0.514443] NetLabel: Initializing
[    0.514900] NetLabel:  domain hash size = 128
[    0.515508] NetLabel:  protocols = UNLABELED CIPSOv4 CALIPSO
[    0.515621] NetLabel:  unlabeled traffic allowed by default
[    0.518594] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
[    0.519174] hpet0: 3 comparators, 64-bit 100.000000 MHz counter
[    0.522758] clocksource: Switched to clocksource kvm-clock
[    0.528943] *** VALIDATE bpf ***
[    0.529428] VFS: Disk quotas dquot_6.6.0
[    0.529903] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[    0.530733] *** VALIDATE ramfs ***
[    0.531141] *** VALIDATE hugetlbfs ***
[    0.531675] AppArmor: AppArmor Filesystem Enabled
[    0.532253] pnp: PnP ACPI init
[    0.532811] system 00:05: [mem 0xb0000000-0xbfffffff window] has been reserved
[    0.533923] pnp: PnP ACPI: found 6 devices
[    0.535421] thermal_sys: Registered thermal governor 'fair_share'
[    0.535421] thermal_sys: Registered thermal governor 'bang_bang'
[    0.536145] thermal_sys: Registered thermal governor 'step_wise'
[    0.536990] thermal_sys: Registered thermal governor 'user_space'
[    0.537949] thermal_sys: Registered thermal governor 'power_allocator'
[    0.543454] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns
[    0.545714] pci 0000:00:01.0: can't claim BAR 6 [mem 0xffff0000-0xffffffff pref]: no compatible bridge window
[    0.547108] pci 0000:00:02.0: can't claim BAR 6 [mem 0xfff80000-0xffffffff pref]: no compatible bridge window
[    0.548531] pci 0000:00:02.0: BAR 6: assigned [mem 0x80000000-0x8007ffff pref]
[    0.549554] pci 0000:00:01.0: BAR 6: assigned [mem 0x80080000-0x8008ffff pref]
[    0.550570] pci_bus 0000:00: resource 4 [io  0x0000-0x0cf7 window]
[    0.551446] pci_bus 0000:00: resource 5 [io  0x0d00-0xffff window]
[    0.552313] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
[    0.553323] pci_bus 0000:00: resource 7 [mem 0x80000000-0xafffffff window]
[    0.554322] pci_bus 0000:00: resource 8 [mem 0xc0000000-0xfebfffff window]
[    0.555290] pci_bus 0000:00: resource 9 [mem 0x800000000-0xfffffffff window]
[    0.556307] pci_bus 0000:00: resource 10 [mem 0xfed40000-0xfed44fff]
[    0.557299] NET: Registered protocol family 2
[    0.558472] IP idents hash table entries: 65536 (order: 7, 524288 bytes, linear)
[    0.560052] tcp_listen_portaddr_hash hash table entries: 2048 (order: 3, 32768 bytes, linear)
[    0.561474] TCP established hash table entries: 32768 (order: 6, 262144 bytes, linear)
[    0.562789] TCP bind hash table entries: 32768 (order: 7, 524288 bytes, linear)
[    0.563859] TCP: Hash tables configured (established 32768 bind 32768)
[    0.564941] UDP hash table entries: 2048 (order: 4, 65536 bytes, linear)
[    0.565943] UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes, linear)
[    0.567000] NET: Registered protocol family 1
[    0.567673] NET: Registered protocol family 44
[    0.568413] pci 0000:00:01.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff]
[    0.569871] PCI: CLS 0 bytes, default 64
[    0.570490] Trying to unpack rootfs image as initramfs...
[    0.633055] Freeing initrd memory: 26200K
[    0.633722] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
[    0.634845] software IO TLB: mapped [mem 0x76fbe000-0x7afbe000] (64MB)
[    0.635897] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x255cb8d7d74, max_idle_ns: 440795265546 ns
[    0.637419] check: Scanning for low memory corruption every 60 seconds
[    0.639133] Initialise system trusted keyrings
[    0.639828] Key type blacklist registered
[    0.640476] workingset: timestamp_bits=36 max_order=20 bucket_order=0
[    0.642384] zbud: loaded
[    0.643020] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.644024] fuse: init (API version 7.31)
[    0.644763] *** VALIDATE fuse ***
[    0.645336] *** VALIDATE fuse ***
[    0.646044] Platform Keyring initialized
[    0.648648] Key type asymmetric registered
[    0.649253] Asymmetric key parser 'x509' registered
[    0.649965] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 244)
[    0.651031] io scheduler mq-deadline registered
[    0.651768] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
[    0.652802] efifb: probing for efifb
[    0.653339] efifb: framebuffer at 0xc0000000, using 3072k, total 3072k
[    0.654794] efifb: mode is 1024x768x32, linelength=4096, pages=1
[    0.655667] efifb: scrolling: redraw
[    0.656173] efifb: Truecolor: size=8:8:8:8, shift=24:16:8:0
[    0.657106] Console: switching to colour frame buffer device 128x48
[    0.659887] fb0: EFI VGA frame buffer device
[    0.660726] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[    0.661870] ACPI: Power Button [PWRF]
[    0.663056] PCI Interrupt Link [GSIG] enabled at IRQ 22
[    0.664710] PCI Interrupt Link [GSIH] enabled at IRQ 23
[    0.666107] Serial: 8250/16550 driver, 32 ports, IRQ sharing enabled
[    0.693214] 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[    0.695302] Linux agpgart interface v0.103
[    0.697400] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1, rev-id 1)
[    0.808069] loop: module loaded
[    0.810350] tun: Universal TUN/TAP device driver, 1.6
[    0.813020] PPP generic driver version 2.4.2
[    0.815326] VFIO - User Level meta-driver version: 0.3
[    0.818127] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    0.823698] ehci-pci: EHCI PCI platform driver
[    0.825898] ehci-platform: EHCI generic platform driver
[    0.828207] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[    0.830750] ohci-pci: OHCI PCI platform driver
[    0.832612] ohci-platform: OHCI generic platform driver
[    0.834725] uhci_hcd: USB Universal Host Controller Interface driver
[    0.839498] i8042: PNP: PS/2 Controller [PNP0303:KBD,PNP0f13:MOU] at 0x60,0x64 irq 1,12
[    0.845518] serio: i8042 KBD port at 0x60,0x64 irq 1
[    0.847537] serio: i8042 AUX port at 0x60,0x64 irq 12
[    0.850676] mousedev: PS/2 mouse device common for all mice
[    0.857167] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input1
[    0.860130] rtc_cmos 00:04: RTC can wake from S4
[    0.862520] rtc_cmos 00:04: registered as rtc0
[    0.863965] rtc_cmos 00:04: alarms up to one day, y3k, 242 bytes nvram, hpet irqs
[    0.865814] i2c /dev entries driver
[    0.867258] device-mapper: uevent: version 1.0.3
[    0.868643] device-mapper: ioctl: 4.41.0-ioctl (2019-09-16) initialised: dm-devel@redhat.com
[    0.870776] platform eisa.0: Probing EISA bus 0
[    0.872110] platform eisa.0: EISA: Cannot allocate resource for mainboard
[    0.877593] platform eisa.0: Cannot allocate resource for EISA slot 1
[    0.878894] platform eisa.0: Cannot allocate resource for EISA slot 2
[    0.880109] platform eisa.0: Cannot allocate resource for EISA slot 3
[    0.881322] platform eisa.0: Cannot allocate resource for EISA slot 4
[    0.882512] platform eisa.0: Cannot allocate resource for EISA slot 5
[    0.883717] platform eisa.0: Cannot allocate resource for EISA slot 6
[    0.885490] platform eisa.0: Cannot allocate resource for EISA slot 7
[    0.886814] platform eisa.0: Cannot allocate resource for EISA slot 8
[    0.888037] platform eisa.0: EISA: Detected 0 cards
[    0.889095] intel_pstate: CPU model not supported
[    0.893743] ledtrig-cpu: registered to indicate activity on CPUs
[    0.894959] EFI Variables Facility v0.08 2004-May-17
[    0.921093] intel_pmc_core intel_pmc_core.0:  initialized
[    0.923293] drop_monitor: Initializing network drop monitor service
[    0.924940] NET: Registered protocol family 10
[    0.926458] Segment Routing with IPv6
[    0.927252] NET: Registered protocol family 17
[    0.928290] Key type dns_resolver registered
[    0.929435] RAS: Correctable Errors collector initialized.
[    0.930423] IPI shorthand broadcast: enabled
[    0.931266] sched_clock: Marking stable (757879981, 170327206)->(953348693, -25141506)
[    0.932905] registered taskstats version 1
[    0.933745] Loading compiled-in X.509 certificates
[    0.938467] Loaded X.509 cert 'Build time autogenerated kernel key: 322c67cc9a9c870cb155c961a3c936153e57aad0'
[    0.940678] Loaded X.509 cert 'Canonical Ltd. Live Patch Signing: 14df34d1a87cf37625abec039ef2bf521249b969'
[    0.942520] Loaded X.509 cert 'Canonical Ltd. Kernel Module Signing: 88f752e560a1e0737e31163a466ad7b70a850c19'
[    0.944030] blacklist: Loading compiled-in revocation X.509 certificates
[    0.945242] Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0'
[    0.946819] zswap: loaded using pool lzo/zbud
[    0.947788] Key type ._fscrypt registered
[    0.948773] Key type .fscrypt registered
[    0.949866] Key type big_key registered
[    0.952976] Key type trusted registered
[    0.953972] Key type encrypted registered
[    0.954823] AppArmor: AppArmor sha1 policy hashing enabled
[    0.957037] integrity: Loading X.509 certificate: UEFI:db
[    0.959079] integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53'
[    0.961087] integrity: Loading X.509 certificate: UEFI:db
[    0.962273] integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4'
[    0.964922] integrity: Loading X.509 certificate: UEFI:MokListRT (MOKvar table)
[    0.970122] integrity: Loaded X.509 cert 'Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63'
[    0.972472] ima: Allocated hash algorithm: sha1
[    0.989897] ima: No architecture policies found
[    0.991186] evm: Initialising EVM extended attributes:
[    0.992192] evm: security.selinux
[    0.993016] evm: security.SMACK64
[    0.993787] evm: security.SMACK64EXEC
[    0.994592] evm: security.SMACK64TRANSMUTE
[    0.995480] evm: security.SMACK64MMAP
[    0.996297] evm: security.apparmor
[    0.997081] evm: security.ima
[    0.997807] evm: security.capability
[    1.002104] evm: HMAC attrs: 0x1
[    1.003346] PM:   Magic number: 11:225:481
[    1.004471] rtc_cmos 00:04: setting system clock to 2023-02-14T12:29:31 UTC (1676377771)
[    1.006056] Lockdown: swapper/0: hibernation is restricted; see man kernel_lockdown.7
[    1.008171] Freeing unused decrypted memory: 2040K
[    1.009845] Freeing unused kernel image memory: 2756K
[    1.010869] Write protecting the kernel read-only data: 26624k
[    1.012922] Freeing unused kernel image memory: 2036K
[    1.015714] Freeing unused kernel image memory: 740K
[    1.026311] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[    1.027474] x86/mm: Checking user space page tables
[    1.037971] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[    1.039292] Run /init as init process
[    1.046247] systemd[1]: Inserted module 'autofs4'
[    1.090318] systemd[1]: systemd 245 running in system mode. (+PAM +AUDIT +SELINUX -IMA +APPARMOR -SMACK -SYSVINIT -UTMP +LIBCRYPTSETUP -GCRYPT -GNUTLS +ACL -XZ +LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid)
[    1.096037] systemd[1]: Detected virtualization kvm.
[    1.097329] systemd[1]: Detected architecture x86-64.
[    1.098323] systemd[1]: Running in initial RAM disk.
[    1.102189] systemd[1]: No hostname configured.
[    1.103085] systemd[1]: Set hostname to <ubuntu>.
[    1.104273] systemd[1]: Initializing machine ID from random generator.
[    1.174522] systemd[1]: emergency.target: Requested dependency OnFailure=reboot.target ignored (target units cannot fail).
[    1.182728] systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
[    1.184631] systemd[1]: Reached target Local Encrypted Volumes.
[    1.186151] systemd[1]: Reached target Paths.
[    1.187946] systemd[1]: Reached target Slices.
[    1.189450] systemd[1]: Reached target Swap.
[    1.192799] systemd[1]: Listening on initctl Compatibility Named Pipe.
[    1.194487] systemd[1]: Listening on Journal Audit Socket.
[    1.195974] systemd[1]: Listening on Journal Socket (/dev/log).
[    1.197626] systemd[1]: Listening on Journal Socket.
[    1.199160] systemd[1]: Listening on udev Control Socket.
[    1.200739] systemd[1]: Listening on udev Kernel Socket.
[    1.202351] systemd[1]: Reached target Sockets.
[    1.205457] systemd[1]: Mounting Huge Pages File System...
[    1.208888] systemd[1]: Mounting POSIX Message Queue File System...
[    1.213629] systemd[1]: Mounting Kernel Debug File System...
[    1.219202] systemd[1]: Mounting Kernel Trace File System...
[    1.223450] systemd[1]: Mounting Temporary Directory (/tmp)...
[    1.229730] systemd[1]: Starting Journal Service...
[    1.232093] systemd[1]: Starting Create list of static device nodes for the current kernel...
[    1.241841] systemd[1]: Condition check resulted in Boot Process Profiler being skipped.
[    1.243543] systemd[1]: Condition check resulted in Rebuild Hardware Database being skipped.
[    1.248405] systemd[1]: Starting Load Kernel Modules...
[    1.264098] systemd[1]: Starting Create System Users...
[    1.286671] hidraw: raw HID events driver (C) Jiri Kosina
[    1.290726] systemd[1]: Starting udev Coldplug all Devices...
[    1.309285] usbcore: registered new interface driver usbhid
[    1.310416] usbhid: USB HID core driver
[    1.320883] systemd[1]: Mounted Huge Pages File System.
[    1.331855] systemd[1]: Mounted POSIX Message Queue File System.
[    1.335553] PCI Interrupt Link [GSIA] enabled at IRQ 16
[    1.339778] systemd[1]: Mounted Kernel Debug File System.
[    1.344291] ahci 0000:00:1f.2: AHCI 0001.0000 32 slots 6 ports 1.5 Gbps 0x3f impl SATA mode
[    1.345807] ahci 0000:00:1f.2: flags: 64bit ncq only 
[    1.347783] systemd[1]: Mounted Kernel Trace File System.
[    1.354652] systemd[1]: Mounted Temporary Directory (/tmp).
[    1.359127] systemd[1]: Started Journal Service.
[    1.362912] scsi host0: ahci
[    1.368496] scsi host1: ahci
[    1.380175] scsi host2: ahci
[    1.395420] scsi host3: ahci
[    1.403076] systemd-journald[133]: Received client request to flush runtime journal.
[    1.404769] scsi host4: ahci
[    1.415648] scsi host5: ahci
[    1.416732] ata1: SATA max UDMA/133 abar m4096@0xc1080000 port 0xc1080100 irq 24
[    1.418176] ata2: SATA max UDMA/133 abar m4096@0xc1080000 port 0xc1080180 irq 24
[    1.419570] ata3: SATA max UDMA/133 abar m4096@0xc1080000 port 0xc1080200 irq 24
[    1.421056] ata4: SATA max UDMA/133 abar m4096@0xc1080000 port 0xc1080280 irq 24
[    1.422398] ata5: SATA max UDMA/133 abar m4096@0xc1080000 port 0xc1080300 irq 24
[    1.423820] ata6: SATA max UDMA/133 abar m4096@0xc1080000 port 0xc1080380 irq 24
[    1.694210] virtio_blk virtio1: [vda] 7577600 512-byte logical blocks (3.88 GB/3.61 GiB)
[    1.729744] cryptd: max_cpu_qlen set to 1000
[    1.733397]  vda: vda1 vda2 vda3 vda4 vda5
[    1.740886] ata2: SATA link down (SStatus 0 SControl 300)
[    1.742253] ata1: SATA link down (SStatus 0 SControl 300)
[    1.745919] ata4: SATA link down (SStatus 0 SControl 300)
[    1.747109] ata3: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[    1.748605] ata5: SATA link down (SStatus 0 SControl 300)
[    1.749696] ata3.00: ATAPI: QEMU DVD-ROM, 2.5+, max UDMA/100
[    1.751897] ata3.00: applying bridge limits
[    1.753160] ata6: SATA link down (SStatus 0 SControl 300)
[    1.758071] ata3.00: configured for UDMA/100
[    1.759422] scsi 2:0:0:0: CD-ROM            QEMU     QEMU DVD-ROM     2.5+ PQ: 0 ANSI: 5
[    1.775806] sr 2:0:0:0: [sr0] scsi3-mmc drive: 4x/4x cd/rw xa/form2 tray
[    1.777204] cdrom: Uniform CD-ROM driver Revision: 3.20
[    1.783775] sr 2:0:0:0: Attached scsi generic sg0 type 5
[    1.786877] usbcore: registered new interface driver usb-storage
[    1.792898] sdhci: Secure Digital Host Controller Interface driver
[    1.794002] sdhci: Copyright(c) Pierre Ossman
[    1.798082] AVX2 version of gcm_enc/dec engaged.
[    1.800081] AES CTR mode by8 optimization enabled
[    1.809510] NET: Registered protocol family 38
[    1.889727] megasas: 07.713.01.00-rc1
[    1.892795] Fusion MPT base driver 3.04.20
[    1.893621] Copyright (c) 1999-2008 LSI Corporation
[    1.905166] Fusion MPT SPI Host driver 3.04.20
[    7.694126] systemd-journald[133]: Received SIGTERM from PID 1 (systemd).
[    7.968185] systemd[1]: systemd 245.4-4ubuntu3.19 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid)
[    7.974375] systemd[1]: Detected virtualization kvm.
[    7.975645] systemd[1]: Detected architecture x86-64.
[    7.986223] systemd[1]: Initializing machine ID from random generator.
[    7.989025] systemd[1]: Installed transient /etc/machine-id file.
[    8.329343] systemd[1]: Unnecessary job for /dev/loop2 was removed.
[    8.331774] systemd[1]: Unnecessary job for /dev/vda2 was removed.
[    8.333323] systemd[1]: Unnecessary job for /dev/loop1 was removed.
[    8.334930] systemd[1]: Unnecessary job for /dev/loop0 was removed.
[    8.336537] systemd[1]: Unnecessary job for /dev/loop3 was removed.
[    8.339323] systemd[1]: Created slice system-getty.slice.
[    8.341480] systemd[1]: Created slice system-modprobe.slice.
[    8.343655] systemd[1]: Created slice system-serial\x2dgetty.slice.
[    8.348726] systemd[1]: Created slice User and Session Slice.
[    8.350832] systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
[    8.353483] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
[    8.356521] systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point.
[    8.359937] systemd[1]: Reached target Local Encrypted Volumes.
[    8.363279] systemd[1]: Reached target Paths.
[    8.365134] systemd[1]: Reached target Remote File Systems.
[    8.367113] systemd[1]: Reached target Slices.
[    8.368956] systemd[1]: Reached target Swap.
[    8.371091] systemd[1]: Listening on initctl Compatibility Named Pipe.
[    8.373661] systemd[1]: Listening on Journal Audit Socket.
[    8.375754] systemd[1]: Listening on Journal Socket (/dev/log).
[    8.378774] systemd[1]: Listening on Journal Socket.
[    8.381072] systemd[1]: Listening on udev Control Socket.
[    8.383263] systemd[1]: Listening on udev Kernel Socket.
[    8.386477] systemd[1]: Starting Journal Service...
[    8.395849] systemd[1]: Starting Create list of static device nodes for the current kernel...
[    8.411016] systemd[1]: Starting Load Kernel Module chromeos_pstore...
[    8.423857] systemd[1]: Starting Load Kernel Module drm...
[    8.441866] systemd[1]: Starting Load Kernel Module efi_pstore...
[    8.453267] pstore: Using crash dump compression: deflate
[    8.454872] pstore: Registered efi as persistent store backend
[    8.461782] systemd[1]: Starting Load Kernel Module pstore_blk...
[    8.500455] systemd[1]: Starting Load Kernel Module pstore_zone...
[    8.514377] systemd[1]: Starting Load Kernel Module ramoops...
[    8.522949] systemd[1]: Condition check resulted in OpenVSwitch configuration for cleanup being skipped.
[    8.529681] systemd[1]: Condition check resulted in Set Up Additional Binary Formats being skipped.
[    8.531985] systemd[1]: Condition check resulted in Boot Process Profiler being skipped.
[    8.535289] systemd[1]: Starting Load Kernel Modules...
[    8.544909] systemd[1]: Starting Remount Root and Kernel File Systems...
[    8.572874] systemd[1]: Starting udev Coldplug all Devices...
[    8.597442] systemd[1]: Started Journal Service.


Installing the system, please wait for reboot
-- Logs begin at Tue 2023-02-14 12:29:31 UTC. --
Feb 14 12:29:51 ubuntu snapd[1225]: secboot_tpm.go:87: secure boot is enabled
Feb 14 12:29:51 ubuntu snapd[1225]: secboot_tpm.go:89: checking if TPM device is available...
Feb 14 12:29:51 ubuntu snapd[1225]: secboot_tpm.go:103: TPM device detected and enabled
Feb 14 12:29:51 ubuntu snapd[1225]: handlers_install.go:367: create and deploy partitions
Feb 14 12:29:51 ubuntu snapd[1225]: install.go:221: installing a new system
Feb 14 12:29:51 ubuntu snapd[1225]: install.go:222:         gadget data from: /snap/pc/132
Feb 14 12:29:51 ubuntu snapd[1225]: install.go:223:         encryption: cryptsetup
Feb 14 12:29:52 ubuntu snapd[1225]: partition.go:232: partition /dev/vda3 was created during previous install
Feb 14 12:29:52 ubuntu snapd[1225]: partition.go:232: partition /dev/vda4 was created during previous install
Feb 14 12:29:52 ubuntu snapd[1225]: partition.go:232: partition /dev/vda5 was created during previous install
Feb 14 12:29:53 ubuntu snapd[1225]: install.go:325: created new partition /dev/vda3 for structure #3 ("ubuntu-boot") (size 750 MiB) role system-boot
Feb 14 12:29:53 ubuntu snapd[1225]: install.go:325: created new partition /dev/vda4 for structure #4 ("ubuntu-save") (size 16 MiB) role system-save
Feb 14 12:29:53 ubuntu snapd[1225]: install.go:126: encrypting partition device /dev/vda4
Feb 14 12:29:53 ubuntu snapd[1225]: install.go:153: encrypted filesystem device /dev/mapper/ubuntu-save
Feb 14 12:29:53 ubuntu snapd[1225]: install.go:325: created new partition /dev/vda5 for structure #5 ("ubuntu-data") (size 1.69 GiB) role system-data
Feb 14 12:29:53 ubuntu snapd[1225]: install.go:126: encrypting partition device /dev/vda5
Feb 14 12:29:54 ubuntu snapd[1225]: install.go:153: encrypted filesystem device /dev/mapper/ubuntu-data
Feb 14 12:29:54 ubuntu snapd[1225]: handlers_install.go:389: make system runnable
Feb 14 12:29:59 ubuntu snapd[1225]: secboot_tpm.go:572: TPM provisioning error: the TPM is in DA lockout mode
Feb 14 12:29:59 ubuntu snapd[1225]: taskrunner.go:289: [change 2 "Setup system for run mode" task] failed: cannot make system runnable: cannot provision TPM: the TPM is in DA lockout mode

Same result after re-running the test-snapd-swtpm snap command and rebooting or shutting down the vm reinstalling the snap and then starting again.

Any ideas?

10

Iā€™ve experienced the same issue as @clorichel while trying to install Ubuntu 23.10 with the new experimental TPM-backed full disk encryption option.

I get the DA lock out message in the installer, so I run the command to fix it while in that live session and reboot my system.

After booting back into the live session, Iā€™m able to install using the TPM-backed encryption.

But after install, I get stuck on the screen asking for the recovery key (which I was never given because I was never able to boot into the system).

11

Hi,

I was forwarded here by the Link ā€œHelp improve this document in the forumā€ on the Troubleshooting page.

There should be mentioned, which keyboard layout the Ubuntu Core boot process expects. I use German keyboard layout. Do I need to type ā€œ-ā€ or ā€œĆŸā€ (key right to 0), because the key recovery thing expect US-layout? (I think it expects US).

Where I can file bugs against Ubuntu Core boot process? Is it snapd?