Re: TPM Feature in 4.20.1.0

Sat, 18 Oct 2025 15:23:29 -0700 

Hi Jürgen,

I think you are right. The tpm file is not persisted. It is good idea to
store it somewhere (for example on same primary storage as ROOT disk)



Kind regards,
Wei



On Tue, Oct 14, 2025 at 2:59 PM Jürgen Gotteswinter
<[email protected]> wrote:

> some more testing...
>
> instance has a tpm configured in acs, its a kvm guest on ubuntu
>
> root@VM-647bf7bc-bdca-48fa-8329-8b7a103f9ab6:~# echo "Hello, TPM!" >
> datafile
> root@VM-647bf7bc-bdca-48fa-8329-8b7a103f9ab6:~# tpm2_nvwrite -C o -i
> datafile 0x1500016
> root@VM-647bf7bc-bdca-48fa-8329-8b7a103f9ab6:~# tpm2_nvread -C o 0x1500016
> WARN: Reading full size of the NV index
> Hello, TPM!
>
>
> Instance power cycle, and trying to read our value again from the tpm
>
> root@VM-647bf7bc-bdca-48fa-8329-8b7a103f9ab6:~# tpm2_nvread -C o 0x1500016
> WARN: Reading full size of the NV index
> WARNING:esys:src/tss2-esys/api/Esys_NV_ReadPublic.c:309:Esys_NV_ReadPublic_Finish()
> Received TPM Error
> ERROR:esys:src/tss2-esys/esys_tr.c:243:Esys_TR_FromTPMPublic_Finish()
> Error NV_ReadPublic ErrorCode (0x0000018b)
> ERROR:esys:src/tss2-esys/esys_tr.c:398:Esys_TR_FromTPMPublic() Error TR
> FromTPMPublic ErrorCode (0x0000018b)
> ERROR: Esys_TR_FromTPMPublic(0x18B) - tpm:handle(1):the handle is not
> correct for the use
> ERROR: Unable to run tpm2_nvread
> root@VM-647bf7bc-bdca-48fa-8329-8b7a103f9ab6:
>
> its gone.
>
> Is this tpm just here to satisfy requirements? Or do i miss something? If
> its not persistant, the docs should clearly tell the limitations
>
> Cheers,
>
> Juergen
>
>
> Am 14.10.25, 13:24 schrieb "Jürgen Gotteswinter"
> <[email protected] <mailto:
> [email protected]>LID>:
>
>
> Hello Mailinglist,
>
>
> i am currently looking at the software tpm integration, and i wonder a bit
> on how this works and especially where the tpm data is persisted. I can see
> that a vm which has a tpm configured creates a folder in
> /var/lib/libvirt/swtpm/<UUID>/tpm2/ with 2 files tpm2-00-permall and a
> .lock file. When i migrate the vm to another compute host, this folder gets
> created on the target. I did not yet test to store any data in the tpm,
> does anyone know how and where (or even if) this gets persisted?
>
>
> ACS 4.20.1.0
> Ubuntu 24.04 + KVM
>
>
> Thanks!
>
>
> Juergen
>
>
>
>

Reply via email to