Public bug reported:
Description: Ubuntu 24.04.1 LTS
Release: 24.04
I've upgraded from 22.04 a couple of weeks ago.
swtpm:
Installed: 0.7.3-0ubuntu5.24.04.1
Candidate: 0.7.3-0ubuntu5.24.04.1
Version table:
*** 0.7.3-0ubuntu5.24.04.1 500
500 http://openbsd-httpd:56002/ubuntu/ubuntu noble-updates/main amd64
Packages
100 /var/lib/dpkg/status
0.7.3-0ubuntu5 500
500 http://openbsd-httpd:56002/ubuntu/ubuntu noble/main amd64 Packages
swtpm-tools:
Installed: 0.7.3-0ubuntu5.24.04.1
Candidate: 0.7.3-0ubuntu5.24.04.1
Version table:
*** 0.7.3-0ubuntu5.24.04.1 500
500 http://openbsd-httpd:56002/ubuntu/ubuntu noble-updates/main amd64
Packages
100 /var/lib/dpkg/status
0.7.3-0ubuntu5 500
500 http://openbsd-httpd:56002/ubuntu/ubuntu noble/main amd64 Packages
I have a working Windows 11 guest VM in qemu/libvirt that has a TPM device
(added ages ago, still on 22.04). Even though this existing VM is still
working, I'm not sure since when but it seems it's not possible anymore for me
to start/create a libvirt/qemu VM with a TPM device.
If I add a TPM device to a VM - the model (TIS/CRB) or version (1.2/2.0)
doesn't matter -, or create a new VM in libvirt (virt-manager), it simply won't
start, saying:
===================8<===================
Unable to complete install: 'internal error: Could not run
'/usr/bin/swtpm_setup'. exitstatus: 1; Check error log
'/var/log/swtpm/libvirt/qemu/ubuntu24.04-swtpm.log' for details.'
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 72, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/createvm.py", line 2008, in
_do_async_install
installer.start_install(guest, meter=meter)
File "/usr/share/virt-manager/virtinst/install/installer.py", line 695, in
start_install
domain = self._create_guest(
^^^^^^^^^^^^^^^^^^^
File "/usr/share/virt-manager/virtinst/install/installer.py", line 637, in
_create_guest
domain = self.conn.createXML(initial_xml or final_xml, 0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/site-packages/libvirt.py", line 4545, in createXML
raise libvirtError('virDomainCreateXML() failed')
libvirt.libvirtError: internal error: Could not run '/usr/bin/swtpm_setup'.
exitstatus: 1; Check error log
'/var/log/swtpm/libvirt/qemu/ubuntu24.04-swtpm.log' for details.
===================8<===================
Checking the log file mentioned:
===================8<===================
Starting vTPM manufacturing as swtpm:swtpm @ Wed 25 Sep 2024 05:30:50 PM CEST
Successfully created RSA 2048 EK with handle 0x81010001.
Could not find @DATAROOTDIR@/swtpm/swtpm-localca in PATH.
An error occurred. Authoring the TPM state failed.
Error getting next filename: No child processes
Ending vTPM manufacturing @ Wed 25 Sep 2024 05:30:50 PM CEST
===================8<===================
@DATAROOTDIR@ is suspicious to me, like something failed to replace a
placeholder somewhere (maybe during compile time) but it could just be how it
logs, I don't know.
I presume @DATAROOTDIR@ should've been /usr/share, and there's a wrapper script
at /usr/share/swtpm/swtpm-localca, containing:
===================8<===================
#!/usr/bin/env sh
/usr/bin/swtpm_localca "$@"
exit $?
===================8<===================
Way back, after OS installation I had to modify my
/etc/apparmor.d/usr.bin.swtpm file to add my custom path to my disk that stores
VM-stuff:
owner /mnt/virt/libvirt/swtpm/** rwk,
/mnt/virt/libvirt/swtpm/** wk,
/var/lib/libvirt is a symlink to /mnt/virt/libvirt:
# ls -la /var/lib/libvirt
lrwxrwxrwx 1 root root 18 2022-04-05 13:04:27 /var/lib/libvirt ->
/mnt/virt/libvirt//
But this doesn't seem like an apparmor issue.
What's interesting is that /var/lib/libvirt/swtpm/ has a directory named after
the qemu VM UID of the (still working) Windows 11 guest VM:
/var/lib/libvirt/swtpm/cdf3de04-31c9-459d-8bb2-39214d737c68
... and this has a tpm2 directory that holds a .lock and a tpm2-00.permall file.
I though I "prepare" the same directory for my other guest VM that I'm
trying to add the TPM device to, by creating the same directory
hierarchy there, using its VM UID and a tpm2 directory underneath that:
# find /var/lib/libvirt/swtpm/
/var/lib/libvirt/swtpm/
/var/lib/libvirt/swtpm/cdf3de04-31c9-459d-8bb2-39214d737c68
/var/lib/libvirt/swtpm/cdf3de04-31c9-459d-8bb2-39214d737c68/tpm2
/var/lib/libvirt/swtpm/cdf3de04-31c9-459d-8bb2-39214d737c68/tpm2/.lock
/var/lib/libvirt/swtpm/cdf3de04-31c9-459d-8bb2-39214d737c68/tpm2/tpm2-00.permall
/var/lib/libvirt/swtpm/a6d59ec7-bf07-4836-b897-5c3d8757079b
/var/lib/libvirt/swtpm/a6d59ec7-bf07-4836-b897-5c3d8757079b/tpm2
Interestingly enough, the latter directory (a6d59... which I created)
gets deleted completely every time I try to start the VM (and it fails).
I tried reinstalling the swtpm and swtpm-tools packages to no avail.
Any hint would be appreciated.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: swtpm 0.7.3-0ubuntu5.24.04.1
ProcVersionSignature: Ubuntu 6.8.0-45.45-generic 6.8.12
Uname: Linux 6.8.0-45-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.1
Architecture: amd64
CasperMD5CheckResult: pass
Date: Wed Sep 25 17:20:28 2024
InstallationDate: Installed on 2022-03-10 (930 days ago)
InstallationMedia: Ubuntu-Server 22.04 LTS "Jammy Jellyfish" - Alpha amd64
(20220307)
SourcePackage: swtpm
UpgradeStatus: Upgraded to noble on 2024-09-05 (20 days ago)
mtime.conffile..etc.apparmor.d.usr.bin.swtpm: 2024-09-25T17:22:43.567834
mtime.conffile..etc.init.d.apport: 2024-07-22T16:59:07
** Affects: swtpm (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2081995
Title:
Cannot start libvirt/qemu VM with TPM device added
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/2081995/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
