Comment 4 for bug 963587

I have the problem in 14.04 as well, I believe I found the root issue at play here.

FWIW: I noticed that just starting the tcsd daemon directly, with no option whatsoever, it worked:

# tcsd

# ps -edf | grep tcsd
tss 31805 1 0 09:23 ? 00:00:00 tcsd

# fuser /dev/tpm0
/dev/tpm0: 31805

It appears the issue comes from this lines in the /etc/init.d/trousers script, which tries too hard to do the right thing::

start-stop-daemon --start --quiet --oknodo --pidfile /var/run/${NAME}.pid --user ${USER} --chuid ${USER} --exec ${DAEMON} -- ${DAEMON_OPTS}

The --chuid ${USER} is redundant to what the daemon does by itself, and the problem is that it removes its ability to open /dev/tpm0 as root and change uid afterwards.

After removing just the --chuid, it starts and works:

# /etc/init.d/trousers start
* Starting Trusted Computing daemon tcsd [ OK ]

# tpm_version
  TPM 1.2 Version Info:
  Chip Version: 1.2.8.28
  Spec Level: 2
  Errata Revision: 3
  TPM Vendor ID: STM
  TPM Version: 01010000
  Manufacturer Info: 53544d20

That fix seems trivial and implies no change of permission, just letting upstream's code handle things as it should. Thoughts?