Starting VM with UEFI firmware fails with swtpm
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Invalid
|
Critical
|
Unassigned | ||
Jammy |
Invalid
|
Critical
|
Unassigned | ||
swtpm (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
Jammy |
Fix Released
|
Critical
|
Unassigned | ||
virt-manager (Ubuntu) |
Invalid
|
Critical
|
Unassigned | ||
Jammy |
Invalid
|
Critical
|
Unassigned |
Bug Description
https:/
touch /var/lib/
virt-install --name t1 --os-variant fedora28 --memory 128 --wait -1 --noautoconsole --disk 'size=0.
This fails:
WARNING Requested memory 128 MiB is less than the recommended 1024 MiB for OS fedora28
Starting install...
Allocating 't1.qcow2' | 0 B 00:00:00 ...
Removing disk 't1.qcow2' | 0 B 00:00:00
ERROR internal error: Could not run '/usr/bin/
Domain installation does not appear to have been successful.
# cat /var/log/
Starting vTPM manufacturing as swtpm:swtpm @ Thu 07 Apr 2022 07:11:55 AM UTC
Successfully created RSA 2048 EK with handle 0x81010001.
Invoking /usr/lib/
Creating root CA and a local CA's signing key and issuer cert.
Could not create root-CA:Can't load ./.rnd into RNG
40D7AD231A7F000
Cannot write random bytes:
40D7AD231A7F000
Error creating local CA's signing key and cert.
swtpm-localca exit with status 1:
An error occurred. Authoring the TPM state failed.
Ending vTPM manufacturing @ Thu 07 Apr 2022 07:11:56 AM UTC
When I uninstall swtpm, the domain creation/starting works (of course it does not actually do anything due to the fake empty iso, but it does get past that bug).
Thanks Martin,
IIRC the new virt-manager tries to provide swtpm if present and due tot he dependency change it now it present. Since we do not yet know where the root-cause or fix will land I've added a few more affected packages for now.
But I must admit I'm super busy and this makes me feel even more torn.
If I fail to find time for this I'll need to ask in the team if someone else can ...