-
Bug
-
Resolution: Unresolved
-
Critical
-
rhel-10.0.beta
-
selinux-policy-40.13.5-1.el10
-
Yes
-
Critical
-
Regression
-
rhel-sst-security-selinux
-
ssg_security
-
21
-
None
-
False
-
-
No
-
None
-
Unspecified Release Note Type - Unknown
-
-
All
-
None
What were you trying to do that didn't work?
found in gating test
fail to start vm with tpm-emulator
Please provide the package NVR for which bug is seen:
qemu-kvm-9.0.0-1.el10.x86_64
libvirt-10.4.0-1.el10.x86_64
swtpm-0.8.1-5.el10+5.x86_64
libtpms-0.9.6-6.el10+5.x86_64
edk2-ovmf-20240214-1.el10.noarch
kernel-6.9.0-7.el10.x86_64
How reproducible:
100%
Steps to reproduce
- prepare a tpm secret
# vim secret.xml <secret ephemeral="no" private="yes"> <description>sample vTPM secret</description> <usage type="vtpm"> <name>VTPM_example</name> </usage> </secret> # virsh secret-define secret.xml Secret 1367e80d-f426-40c3-8269-dd5419a991e8 created # MYSECRET=`printf %s "open sesame" | base64` # virsh secret-set-value --secret 1367e80d-f426-40c3-8269-dd5419a991e8 $MYSECRET error: Passing secret value as command-line argument is insecure! Secret value set # virsh secret-list UUID Usage ----------------------------------------------------------- 1367e80d-f426-40c3-8269-dd5419a991e8 vtpm VTPM_example
- define a vm with tpm device
# virsh edit avocado-vt-vm1 ... <tpm model='tpm-crb'> <backend type='emulator' version='2.0'> <encryption secret='1367e80d-f426-40c3-8269-dd5419a991e8'/> </backend> </tpm> ...
- start vm
# virsh start avocado-vt-vm1 error: Failed to start domain 'avocado-vt-vm1' error: internal error: QEMU unexpectedly closed the monitor (vm='avocado-vt-vm1'): 2024-06-06T07:27:01.321719Z qemu-kvm: tpm-emulator: TPM result for CMD_INIT: 0x101 operation failed
Expected results
Can start guest
Actual results
Start the guest failed
- is cloned by
-
RHEL-48236 fail to start vm with encrypted tpm-emulator in rhel10
- Planning
- links to
-
RHBA-2024:133202 selinux-policy bug fix and enhancement update
- mentioned in
-
Page Loading...