1. Forum
  2. FidoNet
  3. linux.debian.user

  • Cannot have TPM2 and IOMMU both working on Debian Trixie

    From Andre Rodier@3:633/10 to All on Saturday, February 21, 2026 10:00:02
    Hello,

    I have a Lenovo Thinkpad, running Debian Trixie.

    I have enabled TPM and IOMMU in the BIOS

    However, when I boot the laptop, I cannot have both options working
    together. It is either tpm2 or iommu, but not both.

    If I add "iommu=off" on the Linux command line, the TPM is working. If
    I don't do anything. IOMMU is working. but the TPM2 chip is not found:

    I have secure boot enabled.

    Kernel: Linux lovelace 6.18.5+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.18.5-1~bpo13+1 (2026-02-04) x86_64 GNU/Linux

    Any idea why, please ?


    Thanks for your help.

    --- PyGate Linux v1.5.11
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From Andre Rodier@3:633/10 to All on Saturday, February 21, 2026 10:10:01
    Hello,

    I have a Lenovo Thinkpad T460, running Debian Trixie.

    I have enabled TPM and IOMMU in the BIOS.

    However, when I boot the laptop, I cannot have both options working
    together. It is either tpm2 or iommu, but not both.

    If I add "iommu=off" on the Linux command line, the TPM is working. If
    I don't do anything. IOMMU is working. but the TPM2 chip is not found:

    I have secure boot enabled, and working.

    Here some boot messages:

    Feb 21 08:46:41 lovelace kernel: Linux version 6.18.5+deb13-amd64 (debian-kernel@lists.debian.org) (x86_64-linux-gnu-gcc-14 (Debian
    14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44) #1 SMP PREEMPT_DYNAMIC Debian 6.18.5-1~bpo13+1 (2026-02-04)
    Feb 21 08:46:41 lovelace kernel: Command line: BOOT_IMAGE=/vmlinuz- 6.18.5+deb13-amd64 root=/dev/mapper/safe-sys ro splash intel_iommu=on iommu=pt i915.preliminary_hw_support=1 tpm_tis.force=1 quiet
    Feb 21 08:46:41 lovelace kernel: BIOS-provided physical RAM map:
    --
    Feb 21 08:46:41 lovelace kernel: efi: EFI v2.4 by Lenovo
    Feb 21 08:46:41 lovelace kernel: efi: SMBIOS=0xaee0f000
    ACPI=0xafffd000 ACPI 2.0=0xafffd014 ESRT=0xaec9e000 MOKvar=0xaec8
    3000
    INITRD=0x9dc5a818 RNG=0xaffcbf98 TPMEventLog=0x9289b018
    Feb 21 08:46:41 lovelace kernel: random: crng init done
    Feb 21 08:46:41 lovelace kernel: TPM Final Events table not present
    Feb 21 08:46:41 lovelace kernel: efi: Not removing mem65: MMIO range=[0xf80fa000-0xf80fafff] (4KB) from e820 map
    --
    Feb 21 08:46:41 lovelace kernel: ACPI: TCPA 0x00000000AFFFB000 000032
    (v02 LENOVO TP-R06 00000002 PTEC 00000002)
    Feb 21 08:46:41 lovelace kernel: ACPI: SSDT 0x00000000AFFFA000 0004B7
    (v02 LENOVO Tpm2Tabl 00001000 INTL 20141107)
    Feb 21 08:46:41 lovelace kernel: ACPI: SSDT 0x00000000AFFF9000 00004B
    (v02 LENOVO MeSsdt 00003000 INTL 20141107)
    Feb 21 08:46:41 lovelace kernel: ACPI: TPM2 0x00000000AFFF8000 000034
    (v03 LENOVO TP-R06 00001450 PTEC 00000002)
    Feb 21 08:46:41 lovelace kernel: ACPI: UEFI 0x00000000AFFA6000 000042
    (v01 LENOVO TP-R06 00001450 PTEC 00000002)
    --
    Feb 21 08:46:41 lovelace kernel: ACPI: Reserving SSDT table memory at
    [mem 0xafff9000-0xafff904a]
    Feb 21 08:46:41 lovelace kernel: ACPI: Reserving TPM2 table memory at
    [mem 0xafff8000-0xafff8033]
    Feb 21 08:46:41 lovelace kernel: ACPI: Reserving UEFI table memory at
    [mem 0xaffa6000-0xaffa6041]
    --
    Feb 21 08:46:41 lovelace kernel: pcpu-alloc: [0] 0 1 2 3
    Feb 21 08:46:41 lovelace kernel: Kernel command line: BOOT_IMAGE=/vmlinuz-6.18.5+deb13-amd64 root=/dev/mapper/safe-sys ro
    splash intel_iommu=on iommu=pt i915.preliminary_hw_support=1
    tpm_tis.force=1 quiet
    Feb 21 08:46:41 lovelace kernel: DMAR: IOMMU enabled
    --
    Feb 21 08:46:41 lovelace kernel: Linux agpgart interface v0.103
    Feb 21 08:46:41 lovelace kernel: tpm_tis tpm_tis: error -EBUSY: can't
    request region for resource [mem 0xfed40000-0xfed44fff]
    Feb 21 08:46:41 lovelace kernel: tpm_tis tpm_tis: probe with driver
    tpm_tis failed with error -16
    Feb 21 08:46:41 lovelace kernel: DMAR: DRHD: handling fault status
    reg 3
    --
    Feb 21 08:46:41 lovelace kernel: clocksource: Switched to clocksource
    tsc
    Feb 21 08:46:41 lovelace kernel: tpm tpm0: Operation Timed out
    Feb 21 08:46:41 lovelace kernel: tpm tpm0: Operation Timed out
    Feb 21 08:46:41 lovelace kernel: tpm_crb MSFT0101:00: probe with
    driver tpm_crb failed with error -62
    Feb 21 08:46:41 lovelace kernel: i8042: PNP: PS/2 Controller [PNP0303:KBD,PNP0f13:MOU] at 0x60,0x64 irq 1,12
    --
    Feb 21 08:46:41 lovelace kernel: integrity: Loaded X.509 cert 'Debian
    Secure Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1'
    Feb 21 08:46:41 lovelace kernel: ima: No TPM chip found, activating TPM-bypass!
    Feb 21 08:46:41 lovelace kernel: ima: Allocated hash algorithm:
    sha256
    --
    Feb 21 08:46:42 lovelace systemd[1]: Inserted module 'autofs4'
    Feb 21 08:46:42 lovelace systemd[1]: systemd 257.9-1~deb13u1 running
    in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +IPE +SMACK
    +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2
    +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBCRYPTSETUP_PLUGINS
    +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ
    +ZLIB +ZSTD +BPF_FRAMEWORK +BTF -XKBCOMMON -UTMP +SYSVINIT
    +LIBARCHIVE)
    Feb 21 08:46:42 lovelace systemd[1]: Detected architecture x86-64.
    --
    Feb 21 08:46:42 lovelace systemd[1]: Expecting device dev-mapper- safe\x2dvar.device - /dev/mapper/safe-var...
    Feb 21 08:46:42 lovelace systemd[1]: Expecting device dev-
    tpmrm0.device - /dev/tpmrm0...
    Feb 21 08:46:42 lovelace systemd[1]: Reached target
    integritysetup.target - Local Integrity Protected Volumes.
    --
    Feb 21 08:46:45 lovelace systemd[1]: Reached target sound.target -
    Sound Card.
    Feb 21 08:48:11 lovelace systemd[1]: dev-tpmrm0.device: Job dev- tpmrm0.device/start timed out.
    Feb 21 08:48:11 lovelace systemd[1]: Timed out waiting for device dev-tpmrm0.device - /dev/tpmrm0.
    Feb 21 08:48:11 lovelace systemd[1]: dev-tpmrm0.device: Job dev- tpmrm0.device/start failed with result 'timeout'.
    Feb 21 08:48:11 lovelace systemd[1]: Reached target tpm2.target -
    Trusted Platform Module.
    Feb 21 08:48:11 lovelace systemd[1]: systemd-pcrextend.socket - TPM
    PCR Measurements was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
    Feb 21 08:48:11 lovelace systemd[1]: systemd-pcrlock.socket - Make
    TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
    Feb 21 08:48:11 lovelace systemd[1]: systemd-pcrmachine.service - TPM
    PCR Machine ID Measurement was skipped because of an unmet condition
    check (ConditionSecurity=measured-uki).
    Feb 21 08:48:11 lovelace systemd[1]: systemd-tpm2-setup-early.service
    - Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
    Feb 21 08:48:11 lovelace systemd[1]: Starting systemd-cryptsetup@eswap.service - Cryptography Setup for eswap...
    Feb 21 08:48:11 lovelace systemd[1]: Starting systemd-cryptsetup@sda4_crypt.service - Cryptography Setup for
    sda4_crypt...
    Feb 21 08:48:11 lovelace systemd[1]: systemd-tpm2-setup.service - TPM
    SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
    Feb 21 08:48:12 lovelace systemd-cryptsetup[1514]: Volume sda4_crypt
    already active.
    --
    Feb 21 08:48:12 lovelace systemd[1]: Listening on systemd-
    hostnamed.socket - Hostname Service Socket.
    Feb 21 08:48:12 lovelace systemd[1]: systemd-pcrphase-sysinit.service
    - TPM PCR Barrier (Initialization) was skipped because of an unmet
    condition check (ConditionSecurity=measured-uki).
    Feb 21 08:48:12 lovelace systemd[1]: Starting wtmpdb-update-
    boot.service - Write boot and shutdown times into wtmpdb...
    --
    Feb 21 08:48:12 lovelace systemd[1]: Starting systemd-logind.service
    - User Login Management...
    Feb 21 08:48:12 lovelace systemd[1]: systemd-pcrphase.service - TPM
    PCR Barrier (User) was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
    Feb 21 08:48:12 lovelace systemd[1]: Starting udisks2.service - Disk Manager...


    Kernel: Linux lovelace 6.18.5+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.18.5-1~bpo13+1 (2026-02-04) x86_64 GNU/Linux

    Any idea why, please ?


    Thanks for your help.

    --- PyGate Linux v1.5.11
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From didier gaumet@3:633/10 to All on Saturday, February 21, 2026 11:20:01
    Hello,

    Perhaps you will find a way to have both working properly together by
    passing one or multiple option(s) to the kernel. Look at both TPM and
    IOMMU options (search for these terms in the page): https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html

    --- PyGate Linux v1.5.11
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)