After installing IncusOS getting PCR-04-SHA256 TPM error

rugk · May 31, 2026, 2:59pm

After I was dumb and tried installing IncusOS from the ISO, first trying Ventoy, which (kinda obviously) did not work, I could install it. STRs were:

I have set UEFI Secure Boot to “setup mode” as the docs explain, which shows Secure Boot as disabled, but apparently allows enrolling keys.
Boot from USB device.
IncusOS properly shows a warning for some seconds before enrolling the key.
Then it reboots.
First, it did not boot at all (selecting “Linux Boot Manager” [now shown as the #1 entry, which is okay IMHO, but before it was my USB drive] in the boot menu).
Okay so, got back to UEFi menu, enable setup mode → add “factory keys” and then boot.

Then IncusOS boots, but shows this:

incus-pcr-error

IncusOS is starting…
IncusOS failed to verify PE binaries: Error: open /sys/class/tpm/tpm0/pcr-sha256/4: no such file or directory

Also here more BIOS screenshots:

The main view shows secure boot as enabled:

Here the option to “reset to setup mode” that I initially used:

Edit: Needed to comment the images uploaded because of Discourse forum restrictions…

For completeness the boot options, note that Fedora is there from a previous Fedora installation:

The device is: Lenovo Ideapad 5 15ARE05
Image: IncusOS_202605310326.img

stgraber · May 31, 2026, 3:15pm

I’d go check the TPM settings in the BIOS. Make sure that SHA256 is enabled if it’s an option and if there’s nothing interesting in there, at least try clearing the TPM state.

Note that if this is an operation image, you may need to re-write the image to the USB stick. If this was the first boot post installation from an installation image, you may need to reinstall as a TPM reset would cause the OS to prompt for the recovery key which you haven’t yet had a chance to retrieve.

rugk · May 31, 2026, 4:04pm

Hmm okay, the information that the USB image needs to be rewritten is an important fact. Because it somehow always boots into the on-disk image (I think) and thus ends in the TPM error.

Also after enrolling the BIOS key, it does reboot, does not it? Then setup mode is gone (I guess), and it has (at least the last time) successfully booted from the USB device (because my boot order prioritized the USB device). And only then writes the data to “disk”?

Hmm, there is no such option. But I can try a reinstallation in “setup mode” again.

Also see the OP again, I could now edit it so the other images are shown.

Also here the description for each (relevant) option:

Note this is an AMD device. I did not dare to use the “Clear AMD PSP key” yet as I am unsure whether that helps, it seems to be the root of trust for TPM on AMD somehow(?).

Also note I cannot – as your docs indicate – deploy the key manually in the BIOS. I know, however that a manual key deployment as shown in Ventoy’s guide for Secure Boot when it tries to boot Ventoy(?) works, via that blue menu screens that guides you through it (exactly like the GIF there shows). I, however, cannot trigger that from the UEFI’s GUI.

stgraber · May 31, 2026, 5:29pm

Hmm, the TPM is often under Configuration rather than Security for some rason.

rugk · May 31, 2026, 5:34pm

Frustratingly, when trying to redo the whole process (again in “Secure Boot setup mode” and after clearing the target disk with a GParted live ISO; reflashing the USB drive and then booting from it), it also boots from the USB drive and shows the “I am going to enroll the key” message, but at the next reboot directly(!, without even trying to write any data to the target disk) shows the PCR-04 error…

Note BTW that the “[Secure Boot] setup mode” I am referring to, when enabled (aka I selected the highlighted “Reset to Setup Mode”) shows this (IMHO confusing) state:

“Secure Boot Mode” shows what I guess it should be set to “Custom” - the first lines I interpret as "Secure Bot is currently enabled, but disabled in next reboot [for the “setup mode”/“purpose”)? But I may be wrong here.

rugk · May 31, 2026, 5:41pm

Oh and no, the Secure Boot and “AMD PSP” part is indeed the only related setting I could find.

Configuration is totally unrelated:

Maybe I am gonna reset that AMD PSP key…

stgraber · May 31, 2026, 5:43pm

Ah so looks like your BIOS is missing the entire AMD configuration menu

rugk · May 31, 2026, 6:02pm

Hmmpf, some more observations:

No “reset AMD PSP key” seems to have like no effect at all…
when I am in this broken PCR-04 state the BIOS as shown earlier shows Secure Boot Mode: Custom and enforces it, and properly boots Incus (which itself then just shows that error)
when I there “Restore Factory keys” this switches to Secure Boot Mode: Standard (which I guess clears Incus enrolled key?) Incus does not even boot anymore (from the USB)

I have wild memories though that once that device had a TPM error and had there itself offered such a reset…

I’ll maybe try to get Windows on that machine to search for BIOS updates or whatever…
Or trying that Novo button…

stgraber · May 31, 2026, 7:01pm

You could also grab an image that uses the software TPM instead. But that assumes that disabling PSP turns off the AMD fTPM. I don’t know that it’s necessary the case as those are usually different options under a traditional AMD BIOS menu.

rugk · May 31, 2026, 7:14pm

Okay system update via Windows has no new information (and for the record: that novo button is useless, you also just get to the usual boot menu etc.), but I used the chance to use some Windows tools to collect some random TPM diagnostics. E.g. it can list the PCRs:

TPM diagnostics

**********************************************************************************
* This diagnostic information may be used by an IT administrator to troubleshoot *
* the installed Trusted Platform Module (TPM). Please zip the folder and attach  *
* it to issues filed through Feedback Hub or with an IT admin.                   *
**********************************************************************************


System Information

  -Product Name: Windows 10 Pro
  -Build String: 26100.1.amd64fre.ge_release.240331-1435
  -Base Board Manufacturer: LENOVO
  -Base Board Product: LNVNB161216
  -BIOS Mode: Uefi
  -BIOS Release Date: 01/29/2021
  -BIOS Vendor: LENOVO
  -BIOS Version: E7CN40WW
  -System Family: IDEAPAD
  -System Manufacturer: LENOVO
  -System Product Name: 81YQ
  -System SKU: LENOVO_MT_81YQ_BU_idea_FM_IDEAPAD


TPM Device Information

  -TPM Present: True
  -TPM Version: 2.0
  -TPM Manufacturer ID: AMD
  -TPM Manufacturer Version: 3.47.0.5
  -PPI Spec Version: 1.3
  -Is Initialized: True
  -Ready For Storage: True
  -Ready For Attestation: False
  -Information Flags:
      -INFORMATION_EK_CERTIFICATE
  -Is Clear Possible: True
  -Is Capable For Attestation: False
  -Clear Needed To Recover: False
  -TPM Has Vulnerable FW: False
  -PCR7 Binding State: 2
  -Maintenance Task Complete: True
  -TPM Spec Version: 1.38
  -TPM Errata Date: Friday, March 02, 2018
  -PC Client Version: 1.01
  -Lockout Information:
      -Locked Out: False
      -Lockout Counter: 0
      -Max Auth Fail: 31
      -Lockout Interval: 600 seconds
      -Lockout Recovery: 86400 seconds
  -Capabilities:
      -TPM_PT_FAMILY_INDICATOR       : 0x322E3000
      -TPM_PT_LEVEL                  : 0x00000000
      -TPM_PT_REVISION               : 0x0000008A
      -TPM_PT_DAY_OF_YEAR            : 0x0000003D
      -TPM_PT_YEAR                   : 0x000007E2
      -TPM_PT_MANUFACTURER           : 0x414D4400
      -TPM_PT_VENDOR_STRING_1        : 0x414D4400
      -TPM_PT_VENDOR_STRING_2        : 0x00000000
      -TPM_PT_VENDOR_STRING_3        : 0x00000000
      -TPM_PT_VENDOR_STRING_4        : 0x00000000
      -TPM_PT_VENDOR_TPM_TYPE        : 0x00000001
      -TPM_PT_FIRMWARE_VERSION_1     : 0x0003002F
      -TPM_PT_FIRMWARE_VERSION_2     : 0x00000005
      -TPM_PT_INPUT_BUFFER           : 0x00000400
      -TPM_PT_HR_TRANSIENT_MIN       : 0x00000006
      -TPM_PT_HR_PERSISTENT_MIN      : 0x00000002
      -TPM_PT_HR_LOADED_MIN          : 0x00000003
      -TPM_PT_ACTIVE_SESSIONS_MAX    : 0x00000040
      -TPM_PT_PCR_COUNT              : 0x00000018
      -TPM_PT_PCR_SELECT_MIN         : 0x00000003
      -TPM_PT_CONTEXT_GAP_MAX        : 0x000000FF
      -TPM_PT_NV_COUNTERS_MAX        : 0x00000000
      -TPM_PT_NV_INDEX_MAX           : 0x00000800
      -TPM_PT_MEMORY                 : 0x00000006
      -TPM_PT_CLOCK_UPDATE           : 0x00001000
      -TPM_PT_CONTEXT_HASH           : 0x0000000B
      -TPM_PT_CONTEXT_SYM            : 0x00000006
      -TPM_PT_CONTEXT_SYM_SIZE       : 0x00000100
      -TPM_PT_ORDERLY_COUNT          : 0x000000FF
      -TPM_PT_MAX_COMMAND_SIZE       : 0x00001000
      -TPM_PT_MAX_RESPONSE_SIZE      : 0x00001000
      -TPM_PT_MAX_DIGEST             : 0x00000020
      -TPM_PT_MAX_OBJECT_CONTEXT     : 0x000006D0
      -TPM_PT_MAX_SESSION_CONTEXT    : 0x000000FC
      -TPM_PT_PS_FAMILY_INDICATOR    : 0x322E3000
      -TPM_PT_PS_LEVEL               : 0x00000000
      -TPM_PT_PS_REVISION            : 0x00000101
      -TPM_PT_PS_DAY_OF_YEAR         : 0x0000003D
      -TPM_PT_PS_YEAR                : 0x000007E2
      -TPM_PT_SPLIT_MAX              : 0x00000080
      -TPM_PT_TOTAL_COMMANDS         : 0x0000006E
      -TPM_PT_LIBRARY_COMMANDS       : 0x0000006D
      -TPM_PT_VENDOR_COMMANDS        : 0x00000001
      -TPM_PT_NV_BUFFER_MAX          : 0x00000400
      -TPM_PT_MODES                  : 0x00000000
      -TPM_PT_MAX_CAP_BUFFER         : 0x00000400
      -TPM_PT_PERMANENT              : 0x00000404
      -TPM_PT_STARTUP_CLEAR          : 0x8000000F
      -TPM_PT_HR_NV_INDEX            : 0x00000006
      -TPM_PT_HR_LOADED              : 0x00000000
      -TPM_PT_HR_LOADED_AVAIL        : 0x00000003
      -TPM_PT_HR_ACTIVE              : 0x00000000
      -TPM_PT_HR_ACTIVE_AVAIL        : 0x00000040
      -TPM_PT_HR_TRANSIENT_AVAIL     : 0x00000006
      -TPM_PT_HR_PERSISTENT          : 0x00000003
      -TPM_PT_HR_PERSISTENT_AVAIL    : 0x00000004
      -TPM_PT_NV_COUNTERS            : 0x00000003
      -TPM_PT_NV_COUNTERS_AVAIL      : 0x00000018
      -TPM_PT_ALGORITHM_SET          : 0x00000000
      -TPM_PT_LOADED_CURVES          : 0x00000003
      -TPM_PT_LOCKOUT_COUNTER        : 0x00000000
      -TPM_PT_MAX_AUTH_FAIL          : 0x0000001F
      -TPM_PT_LOCKOUT_INTERVAL       : 0x00000258
      -TPM_PT_LOCKOUT_RECOVERY       : 0x00015180
      -TPM_PT_NV_WRITE_RECOVERY      : 0x00000000
      -TPM_PT_AUDIT_COUNTER_0        : 0x00000000
      -TPM_PT_AUDIT_COUNTER_1        : 0x00000000
  -Supported Algorithms:
      -TPM_ALG_RSA
      -TPM_ALG_SHA1
      -TPM_ALG_HMAC
      -TPM_ALG_AES
      -TPM_ALG_MGF1
      -TPM_ALG_KEYEDHASH
      -TPM_ALG_XOR
      -TPM_ALG_SHA256
      -TPM_ALG_RSASSA
      -TPM_ALG_RSAES
      -TPM_ALG_RSAPSS
      -TPM_ALG_OAEP
      -TPM_ALG_ECDSA
      -TPM_ALG_ECDH
      -TPM_ALG_KDF1_SP800_56A
      -TPM_ALG_KDF1_SP800_108
      -TPM_ALG_ECC
      -TPM_ALG_SYMCIPHER
      -TPM_ALG_CTR
      -TPM_ALG_OFB
      -TPM_ALG_CBC
      -TPM_ALG_CFB
      -TPM_ALG_ECB
  -Supported Commands:
      -TPM2_NV_UndefineSpaceSpecial
      -TPM2_EvictControl
      -TPM2_HierarchyControl
      -TPM2_NV_UndefineSpace
      -TPM2_ChangeEPS
      -TPM2_ChangePPS
      -TPM2_Clear
      -TPM2_ClearControl
      -TPM2_ClockSet
      -TPM2_HierarchyChangeAuth
      -TPM2_NV_DefineSpace
      -TPM2_PCR_Allocate
      -TPM2_PCR_SetAuthPolicy
      -TPM2_PP_Commands
      -TPM2_SetPrimaryPolicy
      -TPM2_ClockRateAdjust
      -TPM2_CreatePrimary
      -TPM2_NV_GlobalWriteLock
      -TPM2_GetCommandAuditDigest
      -TPM2_NV_Increment
      -TPM2_NV_SetBits
      -TPM2_NV_Extend
      -TPM2_NV_Write
      -TPM2_NV_WriteLock
      -TPM2_DictionaryAttackLockReset
      -TPM2_DictionaryAttackParameters
      -TPM2_NV_ChangeAuth
      -TPM2_PCR_Event
      -TPM2_PCR_Reset
      -TPM2_SequenceComplete
      -TPM2_SetAlgorithmSet
      -TPM2_SetCommandCodeAuditStatus
      -TPM2_IncrementalSelfTest
      -TPM2_SelfTest
      -TPM2_Startup
      -TPM2_Shutdown
      -TPM2_StirRandom
      -TPM2_ActivateCredential
      -TPM2_Certify
      -TPM2_PolicyNV
      -TPM2_CertifyCreation
      -TPM2_Duplicate
      -TPM2_GetTime
      -TPM2_GetSessionAuditDigest
      -TPM2_NV_Read
      -TPM2_NV_ReadLock
      -TPM2_ObjectChangeAuth
      -TPM2_PolicySecret
      -TPM2_Rewrap
      -TPM2_Create
      -TPM2_ECDH_ZGen
      -TPM2_HMAC
      -TPM2_Import
      -TPM2_Load
      -TPM2_Quote
      -TPM2_RSA_Decrypt
      -TPM2_HMAC_Start
      -TPM2_SequenceUpdate
      -TPM2_Sign
      -TPM2_Unseal
      -TPM2_PolicySigned
      -TPM2_ContextLoad
      -TPM2_ContextSave
      -TPM2_ECDH_KeyGen
      -TPM2_EncryptDecrypt
      -TPM2_FlushContext
      -TPM2_LoadExternal
      -TPM2_MakeCredential
      -TPM2_NV_ReadPublic
      -TPM2_PolicyAuthorize
      -TPM2_PolicyAuthValue
      -TPM2_PolicyCommandCode
      -TPM2_PolicyCounterTimer
      -TPM2_PolicyCpHash
      -TPM2_PolicyLocality
      -TPM2_PolicyNameHash
      -TPM2_PolicyOR
      -TPM2_PolicyTicket
      -TPM2_ReadPublic
      -TPM2_RSA_Encrypt
      -TPM2_StartAuthSession
      -TPM2_VerifySignature
      -TPM2_ECC_Parameters
      -TPM2_GetCapability
      -TPM2_GetRandom
      -TPM2_GetTestResult
      -TPM2_Hash
      -TPM2_PCR_Read
      -TPM2_PolicyPCR
      -TPM2_PolicyRestart
      -TPM2_ReadClock
      -TPM2_PCR_Extend
      -TPM2_PCR_SetAuthValue
      -TPM2_NV_Certify
      -TPM2_EventSequenceComplete
      -TPM2_HashSequenceStart
      -TPM2_PolicyPhysicalPresence
      -TPM2_PolicyDuplicationSelect
      -TPM2_PolicyGetDigest
      -TPM2_TestParms
      -TPM2_Commit
      -TPM2_PolicyPassword
      -TPM2_ZGen_2Phase
      -TPM2_EC_Ephemeral
      -TPM2_PolicyNvWritten
      -TPM2_PolicyTemplate
      -TPM2_CreateLoaded
      -TPM2_PolicyAuthorizeNV
      -TPM2_EncryptDecrypt2
  -TPM_ALG_SHA1 PCRs:
      -PCR[00] - 548708571dc3b832ddac144e118ad4928f1457b7
      -PCR[01] - 0f89fb2fb834a1b9be5a4dbcd396c7284a187932
      -PCR[02] - b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
      -PCR[03] - b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
      -PCR[04] - 3ada49e20bcde4aaf8901570515afe82b3716a7a
      -PCR[05] - cafd2817571f0d7ffbf1026de30851a98fdf3857
      -PCR[06] - b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
      -PCR[07] - f16c1d5bf71ee9ffedb9627b47e3d26ff533c082
      -PCR[08] - 0000000000000000000000000000000000000000
      -PCR[09] - 0000000000000000000000000000000000000000
      -PCR[10] - 0000000000000000000000000000000000000000
      -PCR[11] - ebb98df76613280f20dc38221143a9e727399486
      -PCR[12] - 410ddaf5a13a8cce252e8b95d8af48988c69e269
      -PCR[13] - 032195ab0f16091f17edbc95c77818e17c640b61
      -PCR[14] - 62aabb45314db6a801d1695e64b0d604d20889f8
      -PCR[15] - 0000000000000000000000000000000000000000
      -PCR[16] - 0000000000000000000000000000000000000000
      -PCR[17] - ffffffffffffffffffffffffffffffffffffffff
      -PCR[18] - ffffffffffffffffffffffffffffffffffffffff
      -PCR[19] - ffffffffffffffffffffffffffffffffffffffff
      -PCR[20] - ffffffffffffffffffffffffffffffffffffffff
      -PCR[21] - ffffffffffffffffffffffffffffffffffffffff
      -PCR[22] - ffffffffffffffffffffffffffffffffffffffff
      -PCR[23] - 0000000000000000000000000000000000000000

As you can see SHA256 is apparently supported.

Also tpm.msc apparenly has a button “reset tpm”, which triggers a reboot and well… it’s a try…

stgraber · May 31, 2026, 7:22pm

Ah yeah, you can try doing a TPM reset from Windows.

We also trigger one during IncusOS installation when using an installation image as we’ve definitely found systems where the TPM needs a nudge to behave.

rugk · May 31, 2026, 7:35pm

Well… in any case a TPM reset also does not change it a bit. So I’ll conclude this is a totally broken TPM. What just is wondering me is why it has worked once (as said in the original post it has enrolled the key and apparently could complete the “installation” once.
All tries afterwards already failed after the first reboot after the key was enrolled (it seems?) - at least now also noticed the boot menu shows a “enroll key: auto” entry or so, which then disappears (at next boot).

gibmat · June 2, 2026, 11:11am

@rugk just to clarify, have you ever gotten to the screen that states “Starting install of IncusOS to local disk” and shows a progress bar on the screen? The normal sequence of events should be an initial enrollment of Secure Boot certificates, reboot, running of install, reboot, IncusOS first boot.

I’d also be interested to see what the TPM reports from a Linux live system, specifically if tpm2_pcrread returns any SHA256 values.