Comment 0 for bug 2016744

It looks like the AppArmor profile that Ubuntu added to swtpm 0.6.3 (before it was contributed to the upstream project; https://github.com/stefanberger/swtpm/commits/master/debian/usr.bin.swtpm) is insufficient for running swtpm_setup as user. Can you sync the AppArmor profile in the package with what is in this repo and/or upgrade to a more recent version of swtpm (v0.8 is available)?

In particular, the following doesn't work for me:

$ swtpm_setup --tpm2 --tpmstate . --overwrite --create-ek-cert
Starting vTPM manufacturing as stefanb:stefanb @ Mon 17 Apr 2023 05:12:05 PM EDT
swtpm process terminated unexpectedly.
Could not start the TPM 2.
An error occurred. Authoring the TPM state failed.
Ending vTPM manufacturing @ Mon 17 Apr 2023 05:12:05 PM EDT

Also, once I copied the AppArmor profile from this project over onto the 22.04 machine I ran into this issue here:

$ swtpm_setup --tpm2 --tpmstate . --overwrite --create-ek-cert
Starting vTPM manufacturing as stefanb:stefanb @ Mon 17 Apr 2023 05:14:04 PM EDT
TPM is listening on Unix socket.
Successfully created RSA 2048 EK with handle 0x81010001.
Could not find @DATAROOTDIR@/swtpm/swtpm-localca in PATH.
An error occurred. Authoring the TPM state failed.
Ending vTPM manufacturing @ Mon 17 Apr 2023 05:14:04 PM EDT

[ The script requiring @DATAROOTDIR@ has been rewritten in more recent version of swtpm. ]

This has been previously reported here https://github.com/stefanberger/swtpm/issues/749 but then also per the user from issue 749 on Launchpad here (getting a timeout on this page): https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/1989598