Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-46373

swtpm to run TPM 2.0 spec compliance tests

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • rhel-9.4.z
    • swtpm
    • None
    • None
    • None
    • rhel-sst-virtualization
    • ssg_virtualization
    • 5
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      RHEL-45736 was discovered by a customer.
      This was caused by RHEL 9 deprecating (disabling) SHA1 on the host (via openssl), and swtpm also blocking the guest from using the vTPM's SHA1 digest in context of cert signing.
      However, the TPM 2.0 spec requires SHA1 to be available:
      https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2p0-v1p05p_r14_pub.pdf (search for "SHA1")

      The request here is to introduce a test in swtpm CI/testing to check for TPM 2.0 spec compliance.

      Please provide the package NVR for which bug is seen:

      swtpm 0.8.0

      How reproducible:

      always on RHEL 9 default

      Steps to reproduce

      1. RHEL 9.4
      2. qemu kvm
      3. Launch Win 11 guest
      4. Rnu `Get-TPMSupportedFeature` in guest

      Expected results

      Passes

      Actual results

      Fails

              mlureau Marc-Andre Lureau
              fdeutsch@redhat.com Fabian Deutsch
              virt-maint virt-maint
              Qinghua Cheng Qinghua Cheng
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated: