Just wanted to say thanks to Christian Ehrhardt. A lot of research led
me to #1, which worked perfectly.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1913552
Title:
using tpm reports "/dev/tpm0:
Hello Christian,
basically it is the same what people do here:
https://askubuntu.com/questions/1365829/qemu-failed-to-passthrough-a-tpm-device
Except that you need to write "/dev/tpm0 rm," into the file, as the
colon is missing and starting a VM will give you complaints on an
AppArmor rule.
In
Hi Thomas, in comment #3 Andre said in his case adding of the tpm path in
apparmor did not help.
Would you mind to share which rule and file exactly you used for "Adding the
service to apparmor works" ?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Adding the service to apparmor works. Looks like libvirt needs an
apparmor rule or prior start of a VM apparmor needs to receive the
instruction to allow access as long as the VM is running.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Ok - on the good side that means it is not an libvirt/apparmor issue as I first
assumed.
On the bad side, that means a permission issue in a yet to be found place.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hi Christian,
I am running this from the 20.04 USB stick again.
Unfortunately, there was nothing on dmesg as I started my guest. And as
expected, editing /etc/apparmor.d/local/abstractions/libvirt-qemu
changed nothing as well.
Another simple test, using tpm-tis also had the same outcome.
--
The following is mostly a note to myself, I'm still first of all waiting
for the logs I asked above.
The config used in the example you linked is:
Per https://libvirt.org/formatdomain.html#tpm-device about tpm-crb
"another available choice is the tpm-crb, which
@André,
Hi over here as well.
The usual suspect that comes to mind is apparmor protection as tpm use isn't
common yet.
Depening on how it is configured in your guest it might not have got an
apparmor allowance yet.
Please could you report back the following:
1. run `dmesg -w` while you start
