# clean $ sudo apt remove --purge swtpm swtpm-tools $ sudo rm -rf /var/lib/libvirt/swtpm /var/lib/swtpm-localca /var/log/swtpm
# re-create a clean env by re-installing swtpm $ sudo apt install swtpm swtpm-tools # Status after install $ sudo ls -laF /var/lib/libvirt/swtpm /var/lib/swtpm-localca /var/log/swtpm /run/libvirt/qemu/swtpm ls: cannot access '/var/lib/libvirt/swtpm': No such file or directory ls: cannot access '/var/log/swtpm': No such file or directory /run/libvirt/qemu/swtpm: total 0 drwxrwx--- 2 libvirt-qemu swtpm 40 Apr 7 10:33 ./ drwxr-xr-x 5 root root 140 Apr 7 10:33 ../ /var/lib/swtpm-localca: total 8 drwxr-x--- 2 swtpm root 4096 Apr 7 10:48 ./ drwxr-xr-x 43 root root 4096 Apr 7 10:48 ../ # then failing a start of a VM with swtpm configured $ virsh start testguest --console # File/Dir status after this $ sudo ls -laF /var/lib/libvirt/swtpm /var/lib/swtpm-localca /var/log/swtpm /run/libvirt/qemu/swtpm /var/log/swtpm/libvirt/qemu /var/log/swtpm/libvirt /run/libvirt/qemu/swtpm: total 0 drwxrwx--- 2 libvirt-qemu swtpm 40 Apr 7 10:33 ./ drwxr-xr-x 5 root root 140 Apr 7 10:33 ../ /var/lib/libvirt/swtpm: total 8 drwx--x--x 2 root root 4096 Apr 7 10:50 ./ drwxr-xr-x 8 root root 4096 Apr 7 10:50 ../ /var/lib/swtpm-localca: total 20 drwxr-x--- 2 swtpm root 4096 Apr 7 10:50 ./ drwxr-xr-x 43 root root 4096 Apr 7 10:48 ../ -rwxr-xr-x 1 swtpm swtpm 0 Apr 7 10:50 .lock.swtpm-localca* -rw-r--r-- 1 swtpm swtpm 0 Apr 7 10:50 index.txt -rw-r--r-- 1 swtpm swtpm 3 Apr 7 10:50 serial -rw-r--r-- 1 swtpm swtpm 1468 Apr 7 10:50 swtpm-localca-rootca-cert.pem -rw-r----- 1 swtpm swtpm 2455 Apr 7 10:50 swtpm-localca-rootca-privkey.pem /var/log/swtpm: total 12 drwx--x--x 3 root root 4096 Apr 7 10:50 ./ drwxrwxr-x 10 root syslog 4096 Apr 7 10:50 ../ drwx--x--x 3 root root 4096 Apr 7 10:50 libvirt/ /var/log/swtpm/libvirt: total 12 drwx--x--x 3 root root 4096 Apr 7 10:50 ./ drwx--x--x 3 root root 4096 Apr 7 10:50 ../ drwx-wx--- 2 swtpm swtpm 4096 Apr 7 10:50 qemu/ /var/log/swtpm/libvirt/qemu: total 12 drwx-wx--- 2 swtpm swtpm 4096 Apr 7 10:50 ./ drwx--x--x 3 root root 4096 Apr 7 10:50 ../ -rw-r--r-- 1 swtpm swtpm 1730 Apr 7 10:50 testguest-swtpm.log --- After this failed try - since the guest is abandoned we have some differences for a retry - /var/lib/libvirt/swtpm/202a34a9-2ee2-4826-b206-c249f535be90/tpm2 no more exists - /var/log/swtpm/libvirt/qemu/testguest-swtpm.log can't be written $ sudo rm -rf /tmp/test2 $ mkdir /tmp/test2 $ sudo chown swtpm:swtpm /tmp/test2 $ sudo -u swtpm /usr/lib/x86_64-linux-gnu/swtpm/swtpm-localca --type ek --ek b2e69cdcfc19832f9d174ef4c3af14cf9843efed4e986f35d011a4ac0af4a84adf93a24937bf00da5519272a1f722ae3aa33b8efbe44b3bcde8ac2cf781302801643791f379eab400482f0c4b8a9aba1676eb7b0ae45792d39746a82164c247d4d348aecba70025d74f7025d2e1896743617396337f6221bd81429c3498069056635f9ddf288fe32d9759fa6a825665e56d819b5657f5ce828e72db17e6073cf4e4c7f9dfd8ea18eebae28e9cffa6ff406d03a8a15e48a3f5acd7a3cca7d64b9aef250cc40a301132d466f346843f9a3e084bf9e19fe48b31d2512f39ddd6bc324d22db77dad619158efa5680ff4816c7fc645014e6fa03fb11ede6bc720bbd7 --dir /tmp/test --logfile /tmp/test/testguest-swtpm.log --vmid testguest:202a34a9-2ee2-4826-b206-c249f535be90 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options $ echo $? 1 $ cat /tmp/test/testguest-swtpm.log Creating root CA and a local CA's signing key and issuer cert. Could not create root-CA:Can't load ./.rnd into RNG 40D7E55E677F0000:error:12000079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:106:Filename=./.rnd Cannot write random bytes: 40D7E55E677F0000:error:12000079:random number generator:RAND_write_file:Cannot open file:../crypto/rand/randfile.c:240:Filename=./.rnd Error creating local CA's signing key and cert. That is kind of the same error, so it really is the user/group and some permissions. This way we can repro it outside of libvirt, track which access exactly fails and debug/fix it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968131 Title: Starting VM with UEFI firmware fails with swtpm To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1968131/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs