Bug 1877721
| Summary: | Bitlocker has encryption issue with fresh installed Win10 guest | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | Qinghua Cheng <qcheng> | ||||
| Component: | libtpms | Assignee: | Marc-Andre Lureau <marcandre.lureau> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Qinghua Cheng <qcheng> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 8.3 | CC: | coli, jinzhao, juzhang, marcandre.lureau, virt-maint | ||||
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
||||
| Target Release: | 8.3 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2020-12-23 08:59:38 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Windows 10 guest version 2004. the attachment is missing. Have you checked the same steps on bare-metal? Created attachment 1714430 [details]
win10-bitlocker
No, I did not check on bare-metal host. But with tpm passthrough, we have this bz 1734505 This case doesn't seem pathological to me. How can we confirm this is not a guest OS issue if we don't do the same step on bare metal? Hi, Marc-Andre, I tried this bug on RHEL.8.4.0 kernel: 4.18.0-260.el8.x86_64 qemu-kvm: qemu-kvm-core-5.2.0-2.module+el8.4.0+9186+ec44380f.x86_64 libtpms: libtpms-0.7.4-1.20201106git2452a24dab.module+el8.4.0+8855+a9e237a9.x86_64 swtpm: swtpm-libs-0.4.0-3.20200828git0c238a2.module+el8.4.0+8855+a9e237a9.x86_64 edk2: edk2-ovmf-20200602gitca407c7246bf-4.el8.noarch RHEL.8.3.0: kernel: 4.18.0-240.7.1.el8_3.x86_64 qemu-kvm: qemu-kvm-core-5.1.0-16.module+el8.3.1+8958+410ab178.x86_64 libtpms: libtpms-0.7.4-1.20201106git2452a24dab.module+el8.3.1+8772+a3fdeccd.x86_64 swtpm: swtpm-0.4.2-1.20201201git2df14e3.module+el8.3.1+9074+e34e3b04.x86_64 edk2: edk2-ovmf-20200602gitca407c7246bf-3.el8.noarch This bug is not reproduced. Bitlocker can encrypt win10 disk in guest. I close it for now. Thanks, Qinghua |
Description of problem: Bitlocker doesn't start to do encryption with fresh installed Win10 guest. But a reboot of the guest, bitlocker can start encryption. Version-Release number of selected component (if applicable): RHEL 8.3 Kernel: 4.18.0-234.el8.x86_64 qemu-kvm: qemu-kvm-5.1.0-2.module+el8.3.0+7652+b30e6901.x86_64 edk2: edk2-ovmf-20200602gitca407c7246bf-3.el8.noarch libptms: libtpms-0.7.2-1.20200527git7325acb477.module+el8.3.0+7068+4e1b8df5.x86_64 swtpm: swtpm-0.3.0-1.20200218git74ae43b.module+el8.3.0+7648+42900458.x86_64 How reproducible: Steps to Reproduce: 1. Install a win10 guest (q35 + OVMF) 2. Attach vtpm device to win10 guest 3. Inside guest vm run commands: bdehdcfg -target c: shrink -newdriveletter s: -size 606 -quiet manage-bde -on c: reboot system as required. 4. Re-login guest vm after reboot, run command: manage-bde -status Actual results: Encryption is not started Pop up dialog with Bitlocker could not be enabled. (see attachment) BitLocker Drive Encryption: Configuration Tool version 10.0.19041 Copyright (C) 2013 Microsoft Corporation. All rights reserved. manage-bde -status Disk volumes that can be protected with BitLocker Drive Encryption: Volume C: [Windows] [OS Volume] Size: 29.62 GB BitLocker Version: None Conversion Status: Fully Decrypted Percentage Encrypted: 0.0% Encryption Method: None Protection Status: Protection Off Lock Status: Unlocked Identification Field: None Key Protectors: None Found Expected results: Bitlocker can encrypt win10 guest without issue. Additional info: This issue only happens with refresh installed win10 guest. When reboot the guest vm again, and repeat the test steps, bitlocker can start disk encryption.