Hi I think it is because persistent_state is not set. refer to https://libvirt.org/formatdomain.html#tpm-device
It may be supported if tpm is stored on shared primary storage (so that it can be used after vm migration), and attached to vm as tpm emulator. -Wei On Tue, Oct 14, 2025 at 4:48 PM Jürgen Gotteswinter <[email protected]> wrote: > Hello Wei, > > thanks for your clarification. But i am also not sure if its persisted > locally, the folder which holds the files (/var/lib/libvirt/swtpm) > disapears when the vm is shutdown. > > Cheers, > > Juergen > > Am 14.10.25, 16:33 schrieb "Wei ZHOU" <[email protected] <mailto: > [email protected]>>: > > > Hi Jürgen, > > > I think you are right. The tpm file is not persisted. It is good idea to > store it somewhere (for example on same primary storage as ROOT disk) > > > > > > > Kind regards, > Wei > > > > > > > On Tue, Oct 14, 2025 at 2:59 PM Jürgen Gotteswinter > <[email protected] <mailto: > [email protected]>lid> wrote: > > > > some more testing... > > > > instance has a tpm configured in acs, its a kvm guest on ubuntu > > > > root@VM-647bf7bc-bdca-48fa-8329-8b7a103f9ab6:~# echo "Hello, TPM!" > > > datafile > > root@VM-647bf7bc-bdca-48fa-8329-8b7a103f9ab6:~# tpm2_nvwrite -C o -i > > datafile 0x1500016 > > root@VM-647bf7bc-bdca-48fa-8329-8b7a103f9ab6:~# tpm2_nvread -C o > 0x1500016 > > WARN: Reading full size of the NV index > > Hello, TPM! > > > > > > Instance power cycle, and trying to read our value again from the tpm > > > > root@VM-647bf7bc-bdca-48fa-8329-8b7a103f9ab6:~# tpm2_nvread -C o > 0x1500016 > > WARN: Reading full size of the NV index > > > WARNING:esys:src/tss2-esys/api/Esys_NV_ReadPublic.c:309:Esys_NV_ReadPublic_Finish() > > Received TPM Error > > ERROR:esys:src/tss2-esys/esys_tr.c:243:Esys_TR_FromTPMPublic_Finish() > > Error NV_ReadPublic ErrorCode (0x0000018b) > > ERROR:esys:src/tss2-esys/esys_tr.c:398:Esys_TR_FromTPMPublic() Error TR > > FromTPMPublic ErrorCode (0x0000018b) > > ERROR: Esys_TR_FromTPMPublic(0x18B) - tpm:handle(1):the handle is not > > correct for the use > > ERROR: Unable to run tpm2_nvread > > root@VM-647bf7bc-bdca-48fa-8329-8b7a103f9ab6: > > > > its gone. > > > > Is this tpm just here to satisfy requirements? Or do i miss something? If > > its not persistant, the docs should clearly tell the limitations > > > > Cheers, > > > > Juergen > > > > > > Am 14.10.25, 13:24 schrieb "Jürgen Gotteswinter" > > <[email protected] <mailto: > [email protected]> <mailto: > > [email protected] <mailto: > [email protected]>>LID>: > > > > > > Hello Mailinglist, > > > > > > i am currently looking at the software tpm integration, and i wonder a > bit > > on how this works and especially where the tpm data is persisted. I can > see > > that a vm which has a tpm configured creates a folder in > > /var/lib/libvirt/swtpm/<UUID>/tpm2/ with 2 files tpm2-00-permall and a > > .lock file. When i migrate the vm to another compute host, this folder > gets > > created on the target. I did not yet test to store any data in the tpm, > > does anyone know how and where (or even if) this gets persisted? > > > > > > ACS 4.20.1.0 > > Ubuntu 24.04 + KVM > > > > > > Thanks! > > > > > > Juergen > > > > > > > > > > > >
