Bug 2008179
Summary: | tpm2_createprimary fails | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jonathan Lebon <jlebon> |
Component: | tpm2-tss | Assignee: | Peter Robinson <pbrobinson> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 36 | CC: | bhu, bstinson, bugzilla, dustymabe, fmartine, francois.rigault, gmarr, jlebon, jsnitsel, jwboyer, jwiedman, ksrot, miabbott, pbrobinson, pwhalen, robatino, rvr, scorreia, shoracek, travier, vmarsik, walters, yunying.sun |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | RejectedBlocker AcceptedFreezeException | ||
Fixed In Version: | tpm2-tss-3.2.0-0.3.rc0.fc36 tpm2-tss-3.2.0-0.3.rc0.fc37 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | 1989321 | Environment: | |
Last Closed: | 2022-02-09 00:13:59 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1953784, 1953785 |
Description
Jonathan Lebon
2021-09-27 13:54:46 UTC
Looks like this might be fixed upstream with commit: https://github.com/tpm2-software/tpm2-tss/commit/362fda1daa398da2944e76013c215500761d46a5 But there's other OpenSSL fixes that may be required. Is it worth pulling back that patch to our RPM and running a test? (In reply to Peter Robinson from comment #1) > Looks like this might be fixed upstream with commit: > https://github.com/tpm2-software/tpm2-tss/commit/ > 362fda1daa398da2944e76013c215500761d46a5 > > But there's other OpenSSL fixes that may be required. We ran into this issue when running somes test for the keylime project[1]. This is also the likely cause of some clevis tests failing for IoT in rawhide. Perhaps you could apply these patches [2] that went into CentOS Stream 9? [1] https://github.com/keylime/keylime/pull/811#issuecomment-996014741 [2] https://gitlab.com/redhat/centos-stream/rpms/tpm2-tss/-/merge_requests/2 There's a new 3.2 release with support for openssl due next week. support for openssl 3 this breaks functionalities like systemd-creds (https://github.com/systemd/systemd/issues/21747) or systemd-cryptenroll also the tpm2-tss-engine seems to be replaced with https://github.com/tpm2-software/tpm2-openssl for OpenSSL 3 support. Is there a way tpm support can be fixed in time for Fedora 36 release? Proposed as a Blocker for 36-beta by Fedora user dustymabe using the blocker tracking app because: Using a TPM2 should work. (In reply to Sergio Correia from comment #3) > We ran into this issue when running somes test for the keylime project[1]. > This is also the likely cause of some clevis tests failing for IoT in > rawhide. If this is confirmed, it's likely a final release blocker per https://fedoraproject.org/wiki/Fedora_35_Final_Release_Criteria#Automatic_partition_decryption_.28Clevis.29 Discussed during the 2022-02-07 blocker review meeting: [0] The decision to classify this bug as a "RejectedBlocker (Beta)" and an "AcceptedFreezeException (Beta)" was made as this does not appear to violate any Beta criteria, but it is useful functionality and would be a showstopper for anyone using it on F35 who upgrades to F36, so accepted as an FE issue. [0] https://meetbot.fedoraproject.org/fedora-blocker-review/2022-02-07/f36-blocker-review.2022-02-07-17.00.txt This bug appears to have been reported against 'rawhide' during the Fedora 36 development cycle. Changing version to 36. FEDORA-2022-5204b0e8fb has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-385d633906 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-385d633906 FEDORA-2022-385d633906 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. Fixed clevis decryption in IoT with tpm2-tss-3.2.0-0.3.rc0.fc36 |