[Bug 2012028] Re: secure boot: TPM version '2.0' is not supported
Lena Voytek
2012028 at bugs.launchpad.net
Fri Mar 24 17:07:31 UTC 2023
** Description changed:
+ Dear Release Team,
+
+ Please accept this update to swtpm to version 0.7.3 as a Lunar FFe.
+
+ PPA: https://launchpad.net/~lvoytek/+archive/ubuntu/swtpm-update-lunar
+
+ [Rationale]
+
+ Virtual machines with secure boot capabilities currently can not be
+ created in Lunar. This includes Windows 11 and other vms secured with
+ TPM. This is caused by the current version of swtpm not reporting that
+ it has TPM 1.0 and TPM 2.0 capabilities. The best way to fix this
+ alongside lunar's version of Libvirt is to update swtpm to the supported
+ upstream version 0.7.3 from 0.6.3.
+
+ [Regression Potential]
+
+ Since this is a version update, issues can be caused by upstream
+ changes. These would most likely be related to changes in swtpm_setup
+ and swtpm_localca, which have seen a decent amount of updates and fixes
+ between versions. swtpm itself has also had various bug fixes between
+ versions that may change behavior.
+
+ [Proposed upload]
+
+ Code:
+ https://code.launchpad.net/~lvoytek/ubuntu/+source/swtpm/+git/swtpm/+merge/439532
+
+ Build: https://launchpad.net/~lvoytek/+archive/ubuntu/swtpm-update-
+ lunar/+packages
+
+ [Tests]
+
+ autopkgtest output:
+
+ ============================================================================
+ Testsuite summary for swtpm 0.7.3
+ ============================================================================
+ # TOTAL: 68
+ # PASS: 57
+ # SKIP: 11
+ # XFAIL: 0
+ # FAIL: 0
+ # XPASS: 0
+ # ERROR: 0
+ ============================================================================
+ make[3]: Leaving directory '/tmp/autopkgtest.cw6xcl/build.KoO/src/tests'
+ make[2]: Leaving directory '/tmp/autopkgtest.cw6xcl/build.KoO/src/tests'
+ make[1]: Leaving directory '/tmp/autopkgtest.cw6xcl/build.KoO/src/tests'
+ make[1]: Entering directory '/tmp/autopkgtest.cw6xcl/build.KoO/src'
+ make[1]: Leaving directory '/tmp/autopkgtest.cw6xcl/build.KoO/src'
+ autopkgtest [10:05:55]: test run-tests: -----------------------]
+ run-tests PASS
+ autopkgtest [10:05:56]: test run-tests: - - - - - - - - - - results - - - - - - - - - -
+ autopkgtest [10:05:57]: @@@@@@@@@@@@@@@@@@@@ summary
+ run-tests PASS
+
+ [Original Description]
+
[Impact]
Trying to create a VM with secure boot enabled in lunar always returns
the following error:
- ERROR unsupported configuration: TPM version '2.0' is not supported
+ ERROR unsupported configuration: TPM version '2.0' is not supported
This is quite critical, because it makes impossible to test secure boot
inside VMs, using lunar as host.
[Test case]
$ virt-install --name lunar_secure --arch x86_64 --feature smm=on --boot
loader=/usr/share/OVMF/OVMF_CODE_4M.ms.fd,loader_ro=yes,loader_type=pflash
--import --disk path=lunar_secure.img --disk path=lunar_secure-seed.img
--memory 2048 --vcpus 2 --osinfo ubuntu22.10 --graphics none --console
pty,target_type=serial --network network:default
Starting install...
- ERROR unsupported configuration: TPM version '2.0' is not supported
+ ERROR unsupported configuration: TPM version '2.0' is not supported
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
- virsh --connect qemu:///system start lunar_secure
+ virsh --connect qemu:///system start lunar_secure
otherwise, please restart your installation.
ProblemType: Bug
DistroRelease: Ubuntu 23.04
Package: libvirt-daemon 9.0.0-2ubuntu1
ProcVersionSignature: Ubuntu 6.2.0-17.17-generic 6.2.6
Uname: Linux 6.2.0-17-generic x86_64
ApportVersion: 2.26.0-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: pass
Date: Fri Mar 17 07:31:37 2023
InstallationDate: Installed on 2022-07-25 (234 days ago)
InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Alpha amd64 (20220724)
SourcePackage: libvirt
UpgradeStatus: Upgraded to lunar on 2023-02-11 (33 days ago)
modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf']
** Summary changed:
- secure boot: TPM version '2.0' is not supported
+ [FFe] secure boot: TPM version '2.0' is not supported
** Changed in: libvirt (Ubuntu Lunar)
Status: Confirmed => Invalid
** Changed in: swtpm (Ubuntu Lunar)
Importance: Undecided => Critical
** Changed in: swtpm (Ubuntu Lunar)
Status: In Progress => New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/2012028
Title:
[FFe] secure boot: TPM version '2.0' is not supported
Status in libvirt package in Ubuntu:
Invalid
Status in swtpm package in Ubuntu:
New
Status in libvirt source package in Lunar:
Invalid
Status in swtpm source package in Lunar:
New
Bug description:
Dear Release Team,
Please accept this update to swtpm to version 0.7.3 as a Lunar FFe.
PPA: https://launchpad.net/~lvoytek/+archive/ubuntu/swtpm-update-lunar
[Rationale]
Virtual machines with secure boot capabilities currently can not be
created in Lunar. This includes Windows 11 and other vms secured with
TPM. This is caused by the current version of swtpm not reporting that
it has TPM 1.0 and TPM 2.0 capabilities. The best way to fix this
alongside lunar's version of Libvirt is to update swtpm to the
supported upstream version 0.7.3 from 0.6.3.
[Regression Potential]
Since this is a version update, issues can be caused by upstream
changes. These would most likely be related to changes in swtpm_setup
and swtpm_localca, which have seen a decent amount of updates and
fixes between versions. swtpm itself has also had various bug fixes
between versions that may change behavior.
[Proposed upload]
Code:
https://code.launchpad.net/~lvoytek/ubuntu/+source/swtpm/+git/swtpm/+merge/439532
Build: https://launchpad.net/~lvoytek/+archive/ubuntu/swtpm-update-
lunar/+packages
[Tests]
autopkgtest output:
============================================================================
Testsuite summary for swtpm 0.7.3
============================================================================
# TOTAL: 68
# PASS: 57
# SKIP: 11
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
============================================================================
make[3]: Leaving directory '/tmp/autopkgtest.cw6xcl/build.KoO/src/tests'
make[2]: Leaving directory '/tmp/autopkgtest.cw6xcl/build.KoO/src/tests'
make[1]: Leaving directory '/tmp/autopkgtest.cw6xcl/build.KoO/src/tests'
make[1]: Entering directory '/tmp/autopkgtest.cw6xcl/build.KoO/src'
make[1]: Leaving directory '/tmp/autopkgtest.cw6xcl/build.KoO/src'
autopkgtest [10:05:55]: test run-tests: -----------------------]
run-tests PASS
autopkgtest [10:05:56]: test run-tests: - - - - - - - - - - results - - - - - - - - - -
autopkgtest [10:05:57]: @@@@@@@@@@@@@@@@@@@@ summary
run-tests PASS
[Original Description]
[Impact]
Trying to create a VM with secure boot enabled in lunar always returns
the following error:
ERROR unsupported configuration: TPM version '2.0' is not supported
This is quite critical, because it makes impossible to test secure
boot inside VMs, using lunar as host.
[Test case]
$ virt-install --name lunar_secure --arch x86_64 --feature smm=on
--boot
loader=/usr/share/OVMF/OVMF_CODE_4M.ms.fd,loader_ro=yes,loader_type=pflash
--import --disk path=lunar_secure.img --disk path=lunar_secure-
seed.img --memory 2048 --vcpus 2 --osinfo ubuntu22.10 --graphics none
--console pty,target_type=serial --network network:default
Starting install...
ERROR unsupported configuration: TPM version '2.0' is not supported
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
virsh --connect qemu:///system start lunar_secure
otherwise, please restart your installation.
ProblemType: Bug
DistroRelease: Ubuntu 23.04
Package: libvirt-daemon 9.0.0-2ubuntu1
ProcVersionSignature: Ubuntu 6.2.0-17.17-generic 6.2.6
Uname: Linux 6.2.0-17-generic x86_64
ApportVersion: 2.26.0-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: pass
Date: Fri Mar 17 07:31:37 2023
InstallationDate: Installed on 2022-07-25 (234 days ago)
InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Alpha amd64 (20220724)
SourcePackage: libvirt
UpgradeStatus: Upgraded to lunar on 2023-02-11 (33 days ago)
modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf']
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2012028/+subscriptions
More information about the foundations-bugs
mailing list