[Bug 2016744] Re: swtpm_setup cannot be run as user (AppArmor profile)

Lena Voytek 2016744 at bugs.launchpad.net
Tue Apr 18 15:37:24 UTC 2023 

** Changed in: swtpm (Ubuntu)
     Assignee: (unassigned) => Lena Voytek (lvoytek)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/2016744

Title:
  swtpm_setup cannot be run as user (AppArmor profile)

Status in swtpm package in Ubuntu:
  New

Bug description:
  It looks like the AppArmor profile that Ubuntu added to swtpm 0.6.3
  (before it was contributed to the upstream project;
  https://github.com/stefanberger/swtpm/commits/master/debian/usr.bin.swtpm)
  is insufficient for running swtpm_setup as user. Can you sync the
  AppArmor profile in the package with what is in this repo and/or
  upgrade to a more recent version of swtpm (v0.8 is available)?

  In particular, the following doesn't work for me:

  $ swtpm_setup --tpm2 --tpmstate . --overwrite --create-ek-cert
  Starting vTPM manufacturing as stefanb:stefanb @ Mon 17 Apr 2023 05:12:05 PM EDT
  swtpm process terminated unexpectedly.
  Could not start the TPM 2.
  An error occurred. Authoring the TPM state failed.
  Ending vTPM manufacturing @ Mon 17 Apr 2023 05:12:05 PM EDT

  Also, once I copied the AppArmor profile from this project over onto
  the 22.04 machine I ran into this issue here:

  $ swtpm_setup --tpm2 --tpmstate . --overwrite --create-ek-cert
  Starting vTPM manufacturing as stefanb:stefanb @ Mon 17 Apr 2023 05:14:04 PM EDT
  TPM is listening on Unix socket.
  Successfully created RSA 2048 EK with handle 0x81010001.
  Could not find @DATAROOTDIR@/swtpm/swtpm-localca in PATH.
  An error occurred. Authoring the TPM state failed.
  Ending vTPM manufacturing @ Mon 17 Apr 2023 05:14:04 PM EDT

  [ The script requiring @DATAROOTDIR@ has been rewritten in more recent
  version of swtpm. ]

  This has been previously reported here
  https://github.com/stefanberger/swtpm/issues/749 but then also per the
  user from issue 749 on Launchpad here (getting a timeout on this
  page): https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/1989598

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/2016744/+subscriptions

More information about the foundations-bugs mailing list