Ubuntu
libvirt package

Bug #2012028
Comment #7

Comment 7 for bug 2012028

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2023-03-22: Re: secure boot: TPM version '2.0' is not supported

This will get some debug info on the initialization of capabilities and the definition of the domina:

$ rm /var/cache/libvirt/qemu/capabilities/*; systemctl restart libvirtd; echo "" > /var/log/libvirt/libvirtd.log; virt-admin daemon-log-outputs "1:file:/var/log/libvirt/libvirtd.log"; virt-admin daemon-log-filters "1:qemu 1:libvirt 4:object 4:json 4:event 1:util"; virsh domcapabilities >/dev/null; virsh define minimal.xml; virt-admin daemon-log-filters ""; virt-admin daemon-log-outputs ""; virsh undefine minimal

In Kinetic that just shows a single probe command directly from libvirt and later the definition using tpm

root@k:~# grep -n -i tpm /var/log/libvirt/libvirtd.log
86:2023-03-22 09:06:49.172+0000: 9645: debug : virCommandRunAsync:2579 : About to run /usr/bin/swtpm_setup --print-capabilities
88:2023-03-22 09:06:49.179+0000: 9645: debug : virCommandRun:2425 : Result exit status 0, stdout: '{ "type": "swtpm_setup", "features": [ "cmdarg-keyfile-fd", "cmdarg-pwdfile-fd", "tpm12-not-need-root", "tpm2-rsa-keysize-2048", "tpm2-rsa-keysize-3072" ] }
301: <tpm supported='yes'>
303: <value>tpm-tis</value>
304: <value>tpm-crb</value>
310: </tpm>
415: <tpm model="tpm-crb">
417: </tpm>

In Lunar OTOH there is a lot more in the early initialization, the followed by the same to finally be sorted out in qemuValidateDomainDeviceDefTPM

root@l:~# grep -n -i tpm /var/log/libvirt/libvirtd.log

...
1153:2023-03-22 09:05:06.224+0000: 31712: debug : virCommandRunAsync:2607 : About to run /usr/bin/swtpm_setup --print-capabilities
1155:2023-03-22 09:05:06.230+0000: 31712: debug : virCommandRun:2453 : Result exit status 0, stdout: '{ "type": "swtpm_setup", "features": [ "cmdarg-keyfile-fd", "cmdarg-pwdfile-fd", "tpm12-not-need-root", "tpm2-rsa-keysize-2048", "tpm2-rsa-keysize-3072" ] }
1366: <tpm supported='yes'>
1368: <value>tpm-tis</value>
1369: <value>tpm-crb</value>
1376: </tpm>
1513: <tpm model="tpm-crb">
1515: </tpm>
1550:2023-03-22 09:05:06.298+0000: 31712: error : qemuValidateDomainDeviceDefTPM:4616 : unsupported configuration: TPM version '2.0' is not supported

This will get some debug info on the initialization of capabilities and the definition of the domina:

In Kinetic that just shows a single probe command directly from libvirt and later the definition using tpm

root@k:~# grep -n -i tpm /var/log/libvirt/libvirtd.log
86:2023-03-22 09:06:49.172+0000: 9645: debug : virCommandRunAsync:2579 : About to run /usr/bin/swtpm_setup --print-capabilities
88:2023-03-22 09:06:49.179+0000: 9645: debug : virCommandRun:2425 : Result exit status 0, stdout: '{ "type": "swtpm_setup", "features": [ "cmdarg-keyfile-fd", "cmdarg-pwdfile-fd", "tpm12-not-need-root", "tpm2-rsa-keysize-2048", "tpm2-rsa-keysize-3072" ] }
301:    <tpm supported='yes'>
303:        <value>tpm-tis</value>
304:        <value>tpm-crb</value>
310:    </tpm>
415:    <tpm model="tpm-crb">
417:    </tpm>

In Lunar OTOH there is a lot more in the early initialization, the followed by the same to finally be sorted out in qemuValidateDomainDeviceDefTPM

root@l:~# grep -n -i tpm /var/log/libvirt/libvirtd.log

...
1153:2023-03-22 09:05:06.224+0000: 31712: debug : virCommandRunAsync:2607 : About to run /usr/bin/swtpm_setup --print-capabilities
1155:2023-03-22 09:05:06.230+0000: 31712: debug : virCommandRun:2453 : Result exit status 0, stdout: '{ "type": "swtpm_setup", "features": [ "cmdarg-keyfile-fd", "cmdarg-pwdfile-fd", "tpm12-not-need-root", "tpm2-rsa-keysize-2048", "tpm2-rsa-keysize-3072" ] }
1366:    <tpm supported='yes'>
1368:        <value>tpm-tis</value>
1369:        <value>tpm-crb</value>
1376:    </tpm>
1513:    <tpm model="tpm-crb">
1515:    </tpm>
1550:2023-03-22 09:05:06.298+0000: 31712: error : qemuValidateDomainDeviceDefTPM:4616 : unsupported configuration: TPM version '2.0' is not supported

Ubuntulibvirt package

Comment 7 for bug 2012028

Ubuntu
libvirt package