[Bug 2016744] [NEW] swtpm_setup cannot be run as user (AppArmor profile)
Stefan Berger
2016744 at bugs.launchpad.net
Mon Apr 17 21:49:07 UTC 2023
Public bug reported:
It looks like the AppArmor profile that Ubuntu added to swtpm 0.6.3
(before it was contributed to the upstream project;
https://github.com/stefanberger/swtpm/commits/master/debian/usr.bin.swtpm)
is insufficient for running swtpm_setup as user. Can you sync the
AppArmor profile in the package with what is in this repo and/or upgrade
to a more recent version of swtpm (v0.8 is available)?
In particular, the following doesn't work for me:
$ swtpm_setup --tpm2 --tpmstate . --overwrite --create-ek-cert
Starting vTPM manufacturing as stefanb:stefanb @ Mon 17 Apr 2023 05:12:05 PM EDT
swtpm process terminated unexpectedly.
Could not start the TPM 2.
An error occurred. Authoring the TPM state failed.
Ending vTPM manufacturing @ Mon 17 Apr 2023 05:12:05 PM EDT
Also, once I copied the AppArmor profile from this project over onto the
22.04 machine I ran into this issue here:
$ swtpm_setup --tpm2 --tpmstate . --overwrite --create-ek-cert
Starting vTPM manufacturing as stefanb:stefanb @ Mon 17 Apr 2023 05:14:04 PM EDT
TPM is listening on Unix socket.
Successfully created RSA 2048 EK with handle 0x81010001.
Could not find @DATAROOTDIR@/swtpm/swtpm-localca in PATH.
An error occurred. Authoring the TPM state failed.
Ending vTPM manufacturing @ Mon 17 Apr 2023 05:14:04 PM EDT
[ The script requiring @DATAROOTDIR@ has been rewritten in more recent
version of swtpm. ]
This has been previously reported here
https://github.com/stefanberger/swtpm/issues/749 but then also per the
user from issue 749 on Launchpad here (getting a timeout on this page):
https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/1989598
** Affects: swtpm (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/2016744
Title:
swtpm_setup cannot be run as user (AppArmor profile)
Status in swtpm package in Ubuntu:
New
Bug description:
It looks like the AppArmor profile that Ubuntu added to swtpm 0.6.3
(before it was contributed to the upstream project;
https://github.com/stefanberger/swtpm/commits/master/debian/usr.bin.swtpm)
is insufficient for running swtpm_setup as user. Can you sync the
AppArmor profile in the package with what is in this repo and/or
upgrade to a more recent version of swtpm (v0.8 is available)?
In particular, the following doesn't work for me:
$ swtpm_setup --tpm2 --tpmstate . --overwrite --create-ek-cert
Starting vTPM manufacturing as stefanb:stefanb @ Mon 17 Apr 2023 05:12:05 PM EDT
swtpm process terminated unexpectedly.
Could not start the TPM 2.
An error occurred. Authoring the TPM state failed.
Ending vTPM manufacturing @ Mon 17 Apr 2023 05:12:05 PM EDT
Also, once I copied the AppArmor profile from this project over onto
the 22.04 machine I ran into this issue here:
$ swtpm_setup --tpm2 --tpmstate . --overwrite --create-ek-cert
Starting vTPM manufacturing as stefanb:stefanb @ Mon 17 Apr 2023 05:14:04 PM EDT
TPM is listening on Unix socket.
Successfully created RSA 2048 EK with handle 0x81010001.
Could not find @DATAROOTDIR@/swtpm/swtpm-localca in PATH.
An error occurred. Authoring the TPM state failed.
Ending vTPM manufacturing @ Mon 17 Apr 2023 05:14:04 PM EDT
[ The script requiring @DATAROOTDIR@ has been rewritten in more recent
version of swtpm. ]
This has been previously reported here
https://github.com/stefanberger/swtpm/issues/749 but then also per the
user from issue 749 on Launchpad here (getting a timeout on this
page): https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/1989598
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/2016744/+subscriptions
More information about the foundations-bugs
mailing list