Bug 1990152

Summary: Remove libtpms 1.2 support from RHEL9
Product: Red Hat Enterprise Linux 9 Reporter: John Ferlan <jferlan>
Component: libtpmsAssignee: Marc-Andre Lureau <marcandre.lureau>
Status: CLOSED ERRATA QA Contact: Qinghua Cheng <qcheng>
Severity: high Docs Contact:
Priority: high    
Version: 9.0CC: coli, jinzhao, juzhang, marcandre.lureau, qcheng, xuwei, yanghliu, yanqzhan
Target Milestone: betaKeywords: Triaged
Target Release: ---   
Hardware: All   
OS: Unspecified   
Whiteboard:
Fixed In Version: libtpms-0.9.0-0.20211004gitdc4e3f6313.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1991494 (view as bug list) Environment:
Last Closed: 2022-05-17 13:00:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1990153, 1991494, 2021628    
Bug Blocks:    

Description John Ferlan 2021-08-04 21:24:09 UTC 
Let's "officially" drop 1.2 support, for some more details/context see:

https://bugzilla.redhat.com/show_bug.cgi?id=1967919#c11 

should just require adding --without-tpm12
Comment 1 Marc-Andre Lureau 2021-08-09 09:39:45 UTC 
Upstream PR is merged, we can work on the backport for libtpms:
https://github.com/stefanberger/libtpms/pull/244

However, we should first fix swtpm to build with such changes.
Comment 12 Qinghua Cheng 2021-11-18 06:18:47 UTC 
Verified on rhel 9

swtpm-0.7.0-1.20211109gitb79fd91.el9.x86_64
libtpms-0.9.0-0.20211004gitdc4e3f6313.el9.x86_64
edk2-ovmf-20210527gite1999b264f1f-7.el9.noarch
kernel: 5.14.0-15.el9.x86_64
qemu-kvm: qemu-kvm-6.1.0-6.el9.x86_64

# swtpm socket --print-capabilities
{ "type": "swtpm", "features": [ "tpm-2.0", "tpm-send-command-header", "flags-opt-startup", "cmdarg-seccomp", "cmdarg-key-fd", "cmdarg-pwd-fd", "cmdarg-print-states", "nvram-backend-dir", "nvram-backend-file" ], "version": "0.7.0" }

Start a guest with tpm1.2

 <tpm model='tpm-tis'>
      <backend type='emulator' version='1.2'/>
 </tpm>

Get error:
error: internal error: Could not run '/usr/bin/swtpm_setup'. exitstatus: 1; Check error log '/var/log/swtpm/libvirt/qemu/win11-swtpm.log' for details.

# cat /var/log/swtpm/libvirt/qemu/win11-swtpm.log
swtpm at /usr/bin/swtpm does not support TPM 1.2

Bug verified.
Comment 14 errata-xmlrpc 2022-05-17 13:00:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: libtpms), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:2435