In a set of cross checks I ran it as #1 root, but this time in /home/ubuntu instead of in /root.
I got: lrwxrwxrwx 1 root root 0 Apr 7 13:40 /proc/11805/cwd -> /home/ubuntu/ And afterwards -rw------- 1 root root 1024 Apr 7 13:40 /home/ubuntu/.rnd So it fully ignores $HOME So root cause of the problem is that it wants to access some "$CWD/.rnd", but not where it is supposed to do so. #2 user swtpm being in /var/lib/swtpm This showed that this user is good if it would use the right paths. ubuntu@swtpm-jammy:/var/lib/swtpm$ sudo -u swtpm -E HOME=/var/lib/swtpm /usr/lib/x86_64-linux-gnu/swtpm/swtpm-localca --type ek --ek b2e69cdcfc19832f9d174ef4c3af14cf9843efed4e986f35d011a4ac0af4a84adf93a24937bf00da5519272a1f722ae3aa33b8efbe44b3bcde8ac2cf781302801643791f379eab400482f0c4b8a9aba1676eb7b0ae45792d39746a82164c247d4d348aecba70025d74f7025d2e1896743617396337f6221bd81429c3498069056635f9ddf288fe32d9759fa6a825665e56d819b5657f5ce828e72db17e6073cf4e4c7f9dfd8ea18eebae28e9cffa6ff406d03a8a15e48a3f5acd7a3cca7d64b9aef250cc40a301132d466f346843f9a3e084bf9e19fe48b31d2512f39ddd6bc324d22db77dad619158efa5680ff4816c7fc645014e6fa03fb11ede6bc720bbd7 --dir /tmp/test --vmid testguest:202a34a9-2ee2-4826-b206-c249f535be90 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options Successfully created EK certificate locally. ubuntu@swtpm-jammy:/var/lib/swtpm$ ll /tmp/test total 20 drwxrwxr-x 2 swtpm swtpm 4096 Apr 7 13:44 ./ drwxrwxrwt 14 root root 4096 Apr 7 13:44 ../ -rw------- 1 swtpm swtpm 1053 Apr 7 13:44 ek.cert ubuntu@swtpm-jammy:/var/lib/swtpm$ sudo ls -laF /var/lib/swtpm-localca/ total 56 drwxr-x--- 2 swtpm root 4096 Apr 7 13:44 ./ drwxr-xr-x 44 root root 4096 Apr 7 13:17 ../ -rwxr-xr-x 1 swtpm swtpm 0 Apr 7 10:50 .lock.swtpm-localca* -rw-rw-r-- 1 swtpm swtpm 5519 Apr 7 13:44 01.pem -rw-rw-r-- 1 swtpm swtpm 1 Apr 7 13:44 certserial -rw-rw-r-- 1 swtpm swtpm 48 Apr 7 13:44 index.txt -rw-rw-r-- 1 swtpm swtpm 21 Apr 7 13:44 index.txt.attr -rw-rw-r-- 1 swtpm swtpm 0 Apr 7 13:44 index.txt.old -rw-rw-r-- 1 swtpm swtpm 5519 Apr 7 13:44 issuercert.pem -rw-rw-r-- 1 swtpm swtpm 3 Apr 7 13:44 serial -rw-rw-r-- 1 swtpm swtpm 3 Apr 7 13:44 serial.old -rw-r----- 1 swtpm swtpm 2459 Apr 7 13:44 signkey.pem -rw-rw-r-- 1 swtpm swtpm 1468 Apr 7 13:44 swtpm-localca-rootca-cert.pem -rw-r----- 1 swtpm swtpm 2455 Apr 7 13:44 swtpm-localca-rootca-privkey.pem -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968131 Title: Starting VM with UEFI firmware fails with swtpm To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1968131/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
