[Bug 2012028] Re: [FFe] secure boot: TPM version '2.0' is not supported

Launchpad Bug Tracker 2012028 at bugs.launchpad.net
Thu Mar 30 06:54:37 UTC 2023 

This bug was fixed in the package swtpm - 0.7.3-0ubuntu1

---------------
swtpm (0.7.3-0ubuntu1) lunar; urgency=medium

  * New upstream release 0.7.3:
    - Bug fixes include:
      + Fix secure boot failure - TPM 2.0 not supported (LP: #2012028)
  * Add new debian/ files from upstream
    - d/clean: Clean man and gch files from source tree during build
    - d/not-installed: Do not install .la lib files with package
    - d/swtpm-libs.install: Install swtpm .so files with swtpm-libs package
  * d/rules: Add dh_clean and dh_makeshlibs overrides from upstream
  * d/swtpm-tools.install: Update installation of swtpm-tools files for 0.7
  * d/control: Remove unneeded dependencies for 0.7
  * Remove d/p/0001-Install-swtpm-localca-to-the-correct-path.patch as it is
    no longer needed to change swtpm-localca's path
  * d/p/no-autoconf-in-debian.patch: Refresh to clean fuzz
  * d/p/openssl-not-certtool.patch: Update and refresh to apply with 0.7

 -- Lena Voytek <lena.voytek at canonical.com>  Wed, 22 Mar 2023 14:03:19
-0700

** Changed in: swtpm (Ubuntu Lunar)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/2012028

Title:
  [FFe] secure boot: TPM version '2.0' is not supported

Status in libvirt package in Ubuntu:
  Invalid
Status in swtpm package in Ubuntu:
  Fix Released
Status in libvirt source package in Lunar:
  Invalid
Status in swtpm source package in Lunar:
  Fix Released

Bug description:
  Dear Release Team,

  Please accept this update to swtpm to version 0.7.3 as a Lunar FFe.

  PPA: https://launchpad.net/~lvoytek/+archive/ubuntu/swtpm-update-lunar

  [Rationale]

  Virtual machines with secure boot capabilities currently can not be
  created in Lunar. This includes Windows 11 and other vms secured with
  TPM. This is caused by the current version of swtpm not reporting that
  it has TPM 1.0 and TPM 2.0 capabilities. The best way to fix this
  alongside lunar's version of Libvirt is to update swtpm to the
  supported upstream version 0.7.3 from 0.6.3.

  [Regression Potential]

  Since this is a version update, issues can be caused by upstream
  changes. These would most likely be related to changes in swtpm_setup
  and swtpm_localca, which have seen a decent amount of updates and
  fixes between versions. swtpm itself has also had various bug fixes
  between versions that may change behavior.

  [Proposed upload]

  Code:
  https://code.launchpad.net/~lvoytek/ubuntu/+source/swtpm/+git/swtpm/+merge/439532

  Build: https://launchpad.net/~lvoytek/+archive/ubuntu/swtpm-update-
  lunar/+packages

  [Tests]

  autopkgtest output:

  ============================================================================
  Testsuite summary for swtpm 0.7.3
  ============================================================================
  # TOTAL: 68
  # PASS:  57
  # SKIP:  11
  # XFAIL: 0
  # FAIL:  0
  # XPASS: 0
  # ERROR: 0
  ============================================================================
  make[3]: Leaving directory '/tmp/autopkgtest.cw6xcl/build.KoO/src/tests'
  make[2]: Leaving directory '/tmp/autopkgtest.cw6xcl/build.KoO/src/tests'
  make[1]: Leaving directory '/tmp/autopkgtest.cw6xcl/build.KoO/src/tests'
  make[1]: Entering directory '/tmp/autopkgtest.cw6xcl/build.KoO/src'
  make[1]: Leaving directory '/tmp/autopkgtest.cw6xcl/build.KoO/src'
  autopkgtest [10:05:55]: test run-tests: -----------------------]
  run-tests            PASS
  autopkgtest [10:05:56]: test run-tests:  - - - - - - - - - - results - - - - - - - - - -
  autopkgtest [10:05:57]: @@@@@@@@@@@@@@@@@@@@ summary
  run-tests            PASS

  [Original Description]

  [Impact]

  Trying to create a VM with secure boot enabled in lunar always returns
  the following error:

    ERROR unsupported configuration: TPM version '2.0' is not supported

  This is quite critical, because it makes impossible to test secure
  boot inside VMs, using lunar as host.

  [Test case]

  $ virt-install --name lunar_secure --arch x86_64 --feature smm=on
  --boot
  loader=/usr/share/OVMF/OVMF_CODE_4M.ms.fd,loader_ro=yes,loader_type=pflash
  --import --disk path=lunar_secure.img --disk path=lunar_secure-
  seed.img --memory 2048 --vcpus 2 --osinfo ubuntu22.10 --graphics none
  --console pty,target_type=serial --network network:default

  Starting install...
  ERROR unsupported configuration: TPM version '2.0' is not supported
  Domain installation does not appear to have been successful.
  If it was, you can restart your domain by running:
    virsh --connect qemu:///system start lunar_secure
  otherwise, please restart your installation.

  ProblemType: Bug
  DistroRelease: Ubuntu 23.04
  Package: libvirt-daemon 9.0.0-2ubuntu1
  ProcVersionSignature: Ubuntu 6.2.0-17.17-generic 6.2.6
  Uname: Linux 6.2.0-17-generic x86_64
  ApportVersion: 2.26.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: pass
  Date: Fri Mar 17 07:31:37 2023
  InstallationDate: Installed on 2022-07-25 (234 days ago)
  InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Alpha amd64 (20220724)
  SourcePackage: libvirt
  UpgradeStatus: Upgraded to lunar on 2023-02-11 (33 days ago)
  modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf']

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2012028/+subscriptions

More information about the foundations-bugs mailing list