[Bug 2012028] Re: secure boot: TPM version '2.0' is not supported

Christian Ehrhardt  2012028 at bugs.launchpad.net
Wed Mar 22 10:14:38 UTC 2023 

I found the following:
- jammy-lunar have 0.6.3-0ubuntu3-0.6.3-0ubuntu5 => failing
- I have once experimented with that and use 0.7.3-1 from [1] => working

I think everyone has forgotten about updating this so far and this is
now exposing an issue with older swtpm versions. There is 8.x and 9.x
upstream, but for Lunar maybe just getting the 0.7.1-1+b1 from Debian
would be most stable.

This seems to work fine:
root at d10-sid:~# /usr/bin/swtpm_setup --print-capabilities
{ "type": "swtpm_setup", "features": [ "tpm-1.2", "tpm-2.0", "cmdarg-keyfile-fd", "cmdarg-pwdfile-fd", "tpm12-not-need-root", "cmdarg-write-ek-cert-files", "cmdarg-create-config-files", "cmdarg-reconfigure-pcr-banks", "tpm2-rsa-keysize-2048", "tpm2-rsa-keysize-3072" ], "version": "0.7.1" }

Tasks from here:
- [lena] merge swtpm 0.7.1 from Debian
- [me] then make the swtpm dependency in libvirt versioned
- [bryce] ensure swtpm is in our list of packages to be merged each cycle

[1]: https://launchpad.net/~stefanberger/+archive/ubuntu/swtpm

** Also affects: swtpm (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: swtpm (Ubuntu Lunar)
       Status: New => Confirmed

** No longer affects: edk2 (Ubuntu)

** No longer affects: edk2 (Ubuntu Lunar)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/2012028

Title:
  secure boot: TPM version '2.0' is not supported

Status in libvirt package in Ubuntu:
  Confirmed
Status in swtpm package in Ubuntu:
  Confirmed
Status in libvirt source package in Lunar:
  Confirmed
Status in swtpm source package in Lunar:
  Confirmed

Bug description:
  [Impact]

  Trying to create a VM with secure boot enabled in lunar always returns
  the following error:

    ERROR    unsupported configuration: TPM version '2.0' is not
  supported

  This is quite critical, because it makes impossible to test secure
  boot inside VMs, using lunar as host.

  [Test case]

  $ virt-install --name lunar_secure --arch x86_64 --feature smm=on
  --boot
  loader=/usr/share/OVMF/OVMF_CODE_4M.ms.fd,loader_ro=yes,loader_type=pflash
  --import --disk path=lunar_secure.img --disk path=lunar_secure-
  seed.img --memory 2048 --vcpus 2 --osinfo ubuntu22.10 --graphics none
  --console pty,target_type=serial --network network:default

  Starting install...
  ERROR    unsupported configuration: TPM version '2.0' is not supported
  Domain installation does not appear to have been successful.
  If it was, you can restart your domain by running:
    virsh --connect qemu:///system start lunar_secure
  otherwise, please restart your installation.

  ProblemType: Bug
  DistroRelease: Ubuntu 23.04
  Package: libvirt-daemon 9.0.0-2ubuntu1
  ProcVersionSignature: Ubuntu 6.2.0-17.17-generic 6.2.6
  Uname: Linux 6.2.0-17-generic x86_64
  ApportVersion: 2.26.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: pass
  Date: Fri Mar 17 07:31:37 2023
  InstallationDate: Installed on 2022-07-25 (234 days ago)
  InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Alpha amd64 (20220724)
  SourcePackage: libvirt
  UpgradeStatus: Upgraded to lunar on 2023-02-11 (33 days ago)
  modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf']

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2012028/+subscriptions

More information about the foundations-bugs mailing list