Bug 2016599
| Summary: | libvirt should setup swtpm with sha1 disabled | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Gerd Hoffmann <kraxel> |
| Component: | libvirt | Assignee: | Michal Privoznik <mprivozn> |
| libvirt sub component: | General | QA Contact: | Yanqiu Zhang <yanqzhan> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | high | ||
| Priority: | high | CC: | aadam, berrange, bstinson, jdenemar, jsuchane, jwboyer, kkiwi, marcandre.lureau, mprivozn, smitterl, stefanb, virt-maint, xuwei, xuzhang, yanqzhan |
| Version: | 9.0 | Keywords: | Triaged, Upstream |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-7.10.0-1.el9 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-17 12:45:49 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | 7.10.0 |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1935497 | ||
|
Description
Gerd Hoffmann
2021-10-22 08:03:13 UTC
Should we just modify the swtpm build to not enable the deprecated algorithms by default ? I think it better should be configurable. Not fully clear what implication this has on guests. James Bottomley thinks the linux kernel doesn't cope well because it assumes the SHA1 bank will be available. Upstream discussion @ edk2 devel (on a patch removing sha1 support from ovmf tpm code) https://edk2.groups.io/g/devel/message/82518?p=%2C%2C%2C100%2C0%2C0%2C0%3A%3Arecentpostdate%2Fsticky%2C%2CSHA1%2C100%2C2%2C0%2C86487987 Cc'ed Stefan. Seems James has no RH bugzilla account. (In reply to Gerd Hoffmann from comment #2) > I think it better should be configurable. > > Not fully clear what implication this has on guests. James Bottomley thinks > the > linux kernel doesn't cope well because it assumes the SHA1 bank will be > available. If that's correct, then I don't see it being viable to disable sha1 by default in libvirt/swtpm/edk2. It'll have a negative impact on all existing Linux distro releases. To disable sha1 by default, we need to be confident that the majority of supported OS distros will work correctly with that configuration. So this feels like we need choice of algs to be configurable in libvirt, and likely have a manual opt-out of sha1 initially. > > Upstream discussion @ edk2 devel (on a patch removing sha1 support from ovmf > tpm code) > https://edk2.groups.io/g/devel/message/ > 82518?p=%2C%2C%2C100%2C0%2C0%2C0%3A%3Arecentpostdate%2Fsticky%2C%2CSHA1%2C100 > %2C2%2C0%2C86487987 > > Cc'ed Stefan. Seems James has no RH bugzilla account. This thread doesn't give me confidence in disabling SHA1 by default. I had swtpm configured, via swtpm_setup, to have the SHA1 and SHA256 banks active. This was for a transition time until we move completely to SHA256. I changed swtpm_setup last week to now configure swtpm to come up with the SHA256 bank active by default and all other ones (SHA1, SHA384, SHA512) are deactivated. However, if this default device configuration isn't good one can always go into the UEFI menu and activate the other PCR banks as well. From what I am hearing these days hardware TPMs are also coming up with SHA256 banks activated and the SHA1 bank deactivated. IF two banks are active then it's typically SHA256 and SHA384. This is how the manufacturer configures the devices. Source : Kenneth Goldman (long-term TCG member). Mimi Zohar, maintainer of IMA, tells me that sha256 should be fine. If we want to do this via libvirt we can pass --pcr-banks to the swtpm_setup command line parameters which overrides the defaults then. This program gets launched the **first** time a VM is started and it simulates the manufacturing of a TPM. There are a couple of choices regarding this command line parameter: - hard code --pcr-banks sha256 or whatever is good for 'these days' - have this in /etc/libvirt/qemu.conf maybe under 'swtpm_active_pcr_banks = sha256' with a fallback to 'sha256' - have this in the domain XML for a per-VM config along with a fallback to 'sha256' (In reply to Daniel Berrangé from comment #3) > (In reply to Gerd Hoffmann from comment #2) > > I think it better should be configurable. > > > > Not fully clear what implication this has on guests. James Bottomley thinks > > the > > linux kernel doesn't cope well because it assumes the SHA1 bank will be > > available. > > If that's correct, then I don't see it being viable to disable sha1 by > default in libvirt/swtpm/edk2. edk2 should not remove SHA1 support from its TPM 2 support but use the SHA 1 bank if it is available. SeaBIOS (& SLOF) knows how to deal with various combinations of hash banks, so that shouldn't be a problem, either. Now in Linux: What IMA may be configured with is a SHA1 for hashing of files. It would then 0-pad the SHA 1 for extending the PCR 10 in the available banks, among them the SHA 256 bank. https://elixir.bootlin.com/linux/v5.0.21/source/drivers/char/tpm/tpm-interface.c#L497 But also that padding behavior may have changed over time: https://elixir.bootlin.com/linux/v5.15-rc7/source/drivers/char/tpm/tpm-interface.c#L304 I don't think this comment about sha1-bank in the code is correct. It may be related to a TPM 1.2 that only had sha1 support but for TPM 2 it uses all allocated hash banks. > > It'll have a negative impact on all existing Linux distro releases. My worries would be with things like Keylime that may have to be configure with sha1 versus sha256 to work around how IMA's padding behavior may have changed (and I am not quite clear on this just by reading the code). The firmwares should be able to deal with it. Merged upstream as:
commit a5bbe1a8b6321852634817c423695e58518c4f4f
Author: Stefan Berger <stefanb.com>
AuthorDate: Wed Nov 3 13:04:23 2021 -0400
Commit: Michal Prívozník <mprivozn>
CommitDate: Fri Nov 5 09:22:50 2021 +0100
qemu: tpm: Extend TPM domain XML with PCR banks to activate
Extend the TPM backend XML with a node 'active_pcr_banks' that allows a
user to specify the PCR banks to activate before starting a VM. Valid
choices for PCR banks are sha1, sha256, sha384 and sha512. When the XML
node is provided, the set of active PCR banks is 'enforced' by running
swtpm_setup before every start of the VM. The activation requires that
swtpm_setup v0.7 or later is installed and may not have any effect
otherwise.
<tpm model='tpm-tis'>
<backend type='emulator' version='2.0'>
<active_pcr_banks>
<sha256/>
<sha384/>
</active_pcr_banks>
</backend>
</tpm>
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2016599
Signed-off-by: Stefan Berger <stefanb.com>
Signed-off-by: Michal Privoznik <mprivozn>
Reviewed-by: Michal Privoznik <mprivozn>
Pre-verified on fc35.
Pkgs:
libvirt-7.10.0-1.fc35.x86_64
qemu-kvm-6.1.0-11.fc36.x86_64
swtpm-0.7.0-1.20211109gitb79fd91.fc35.x86_64
libtpms-0.9.0-0.20211004gitdc4e3f6313.fc35.0.x86_64
edk2-ovmf-20210527gite1999b264f1f-2.fc35.noarch
kernel-5.14.18-300.fc35.x86_64
Steps:
1. sha384
# virsh edit yqz
Domain 'yqz' XML configuration edited.
# virsh start yqz
Domain 'yqz' started
# virsh dumpxml yqz|grep 'tpm m' -A8
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'>
<active_pcr_banks>
<sha384/>
</active_pcr_banks>
</backend>
<alias name='tpm0'/>
</tpm>
# ps uax|grep swtpm
tss 65095 0.4 0.0 9336 3960 ? S 06:40 0:00 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/3-yqz-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/yqz-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/3-yqz-swtpm.pid
qemu 65103 107 17.7 3771972 704212 ? Sl 06:40 0:26 /usr/bin/qemu-system-x86_64 -name guest=yqz,debug-threads=on -S … -tpmdev emulator,id=tpm-tpm0,chardev=chrtpm -chardev socket,id=chrtpm,path=/run/libvirt/qemu/swtpm/3-yqz-swtpm.sock -device tpm-crb,tpmdev=tpm-tpm0,id=tpm0
# cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2021-11-25 11:40:12.619+0000: 64041: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2 --logfile /var/log/swtpm/libvirt/qemu/yqz-swtpm.log **--pcr-banks sha384** --reconfigure
2021-11-25 11:40:12.665+0000: 64041: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/3-yqz-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/yqz-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/3-yqz-swtpm.pid
# grep sha /var/log/swtpm/libvirt/qemu/yqz-swtpm.log
Successfully activated PCR banks **sha384** among sha1,sha256,sha384,sha512.
# virsh console yqz
[root@localhost ~]# tpm2_getrandom --hex 8
2a18f8ee575308f0
2. sha512
# virsh dumpxml yqz|grep 'tpm m' -A8
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'>
<active_pcr_banks>
<sha512/>
</active_pcr_banks>
</backend>
<alias name='tpm0'/>
</tpm>
# cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2021-11-25 11:48:39.515+0000: 64042: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2 --logfile /var/log/swtpm/libvirt/qemu/yqz-swtpm.log --pcr-banks sha512 --reconfigure
2021-11-25 11:48:39.560+0000: 64042: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/4-yqz-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/yqz-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/4-yqz-swtpm.pid
# grep sha /var/log/swtpm/libvirt/qemu/yqz-swtpm.log
Successfully activated PCR banks sha512 among sha1,sha256,sha384,sha512.
3. sha1
# virsh dumpxml yqz|grep 'tpm m' -A8
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'>
<active_pcr_banks>
<sha1/>
</active_pcr_banks>
</backend>
<alias name='tpm0'/>
</tpm>
# cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2021-11-25 11:53:50.088+0000: 64041: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2 --logfile /var/log/swtpm/libvirt/qemu/yqz-swtpm.log --pcr-banks sha1 --reconfigure
2021-11-25 11:53:50.159+0000: 64041: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/5-yqz-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/yqz-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/5-yqz-swtpm.pid
# grep sha /var/log/swtpm/libvirt/qemu/yqz-swtpm.log
Successfully activated PCR banks sha1 among sha1,sha256,sha384,sha512.
4. Sha256
# virsh dumpxml yqz|grep 'tpm m' -A8
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'>
<active_pcr_banks>
<sha256/>
</active_pcr_banks>
</backend>
<alias name='tpm0'/>
</tpm>
# cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2021-11-25 11:59:37.735+0000: 64044: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2 --logfile /var/log/swtpm/libvirt/qemu/yqz-swtpm.log --pcr-banks sha256 --reconfigure
2021-11-25 11:59:37.783+0000: 64044: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/6-yqz-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/yqz-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/6-yqz-swtpm.pid
# grep sha /var/log/swtpm/libvirt/qemu/yqz-swtpm.log
Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512.
5.default
# virsh dumpxml yqz|grep 'tpm m' -A8
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'/>
<alias name='tpm0'/>
</tpm>
# cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm' (No "--pcr-banks" specified in swtpm_setup cmd)
2021-11-25 12:14:56.660+0000: 64041: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/6f4b62ce-0971-4e1b-865d-9bb4c577c095/tpm2 --vmid vm2:6f4b62ce-0971-4e1b-865d-9bb4c577c095 --logfile /var/log/swtpm/libvirt/qemu/vm2-swtpm.log --createek --create-ek-cert --create-platform-cert --lock-nvram --not-overwrite
2021-11-25 12:14:57.071+0000: 64041: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/10-vm2-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/6f4b62ce-0971-4e1b-865d-9bb4c577c095/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/vm2-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/10-vm2-swtpm.pid
# grep sha /var/log/swtpm/libvirt/qemu/vm2-swtpm.log
Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512.
# cat /etc/swtpm_setup.conf
# Program invoked for creating certificates
create_certs_tool= /usr/bin/swtpm_localca
create_certs_tool_config = /etc/swtpm-localca.conf
create_certs_tool_options = /etc/swtpm-localca.options
# Comma-separated list (no spaces) of PCR banks to activate by default
active_pcr_banks = sha256 <---(default setting, not sha1 anymore from swtpm-0.7)
6. multiple configured
# virsh dumpxml vm2|grep 'tpm m' -A10
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'>
<active_pcr_banks>
<sha1/>
<sha256/>
<sha384/>
<sha512/>
</active_pcr_banks>
</backend>
<alias name='tpm0'/>
</tpm>
# cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2021-11-25 12:47:12.264+0000: 64045: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/6f4b62ce-0971-4e1b-865d-9bb4c577c095/tpm2 --logfile /var/log/swtpm/libvirt/qemu/vm2-swtpm.log **--pcr-banks sha1,sha256,sha384,sha512** --reconfigure
2021-11-25 12:47:12.348+0000: 64045: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/14-vm2-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/6f4b62ce-0971-4e1b-865d-9bb4c577c095/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/vm2-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/14-vm2-swtpm.pid
# grep sha /var/log/swtpm/libvirt/qemu/vm2-swtpm.log
Successfully activated PCR banks **sha1,sha256,sha384,sha512** among sha1,sha256,sha384,sha512.
7. define , create
# virsh define dom.xml
Domain 'dom' defined from dom.xml
# virsh dumpxml dom
<input type='keyboard' bus='ps2'/>
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'>
<active_pcr_banks>
<sha1/>
<sha256/>
<sha384/>
<sha512/>
</active_pcr_banks>
</backend>
</tpm>
# virsh create dom.xml
Domain 'dom' created from dom.xml
# virsh dumpxml dom
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'>
<active_pcr_banks>
<sha1/>
<sha256/>
<sha384/>
<sha512/>
</active_pcr_banks>
</backend>
<alias name='tpm0'/>
</tpm>
# cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm' (Use default sha256 at first init, then use xml setting)
2021-11-25 13:12:43.213+0000: 70450: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/9b5cd257-c53f-444b-b9c2-f2e5987ec9cb/tpm2 --vmid dom:9b5cd257-c53f-444b-b9c2-f2e5987ec9cb --logfile /var/log/swtpm/libvirt/qemu/dom-swtpm.log --createek --create-ek-cert --create-platform-cert --lock-nvram --not-overwrite
2021-11-25 13:12:43.468+0000: 70450: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/9b5cd257-c53f-444b-b9c2-f2e5987ec9cb/tpm2 --logfile /var/log/swtpm/libvirt/qemu/dom-swtpm.log **--pcr-banks sha1,sha256,sha384,sha512** --reconfigure
2021-11-25 13:12:43.510+0000: 70450: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/3-dom-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/9b5cd257-c53f-444b-b9c2-f2e5987ec9cb/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/dom-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/3-dom-swtpm.pid
# grep sha /var/log/swtpm/libvirt/qemu/dom-swtpm.log
Successfully activated PCR banks **sha256** among sha1,sha256,sha384,sha512.
Successfully activated PCR banks **sha1,sha256,sha384,sha512** among sha1,sha256,sha384,sha512.
8. invalid xml:
# virsh define dom.xml
error: Failed to define domain from dom.xml
error: unsupported configuration: Unsupported PCR banks 'sha111'
# virsh create dom.xml
error: Failed to create domain from dom.xml
error: unsupported configuration: Unsupported PCR banks 'sha111'
# virsh edit dom
error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng
Extra element devices in interleave
Element domain failed to validate content
Failed. Try again? [y,n,i,f,?]:
There is a minor issue found:
libvirt-7.10.0-1.el9.x86_64
qemu-kvm-6.2.0-1.el9.x86_64
After edit both encryption and pcrbanks to guest xml:
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'>
<encryption secret='b4a117f1-8af2-44a4-91b8-7f0d2d4d68a3'/>
<active_pcr_banks>
<sha384/>
</active_pcr_banks>
</backend>
<alias name='tpm0'/>
</tpm>
An extra '>' is auto-added:
# virsh dumpxml vm-ovmf |grep /tpm -B10
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'>
<encryption secret='b4a117f1-8af2-44a4-91b8-7f0d2d4d68a3'/>
>
<active_pcr_banks>
<sha384/>
</active_pcr_banks>
</backend>
</tpm>
Guest can be started, but it's still also in live xml
# virsh start vm-ovmf
Domain 'vm-ovmf' started
# virsh dumpxml vm-ovmf |grep /tpm -B9
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'>
<encryption secret='b4a117f1-8af2-44a4-91b8-7f0d2d4d68a3'/>
>
<active_pcr_banks>
<sha384/>
</active_pcr_banks>
</backend>
<alias name='tpm0'/>
</tpm>
# virsh dumpxml vm-ovmf --inactive > vm-ovmf.xml
# virt-xml-validate vm-ovmf.xml
Relax-NG validity error : Extra element devices in interleave
vm-ovmf.xml:38: element devices: Relax-NG validity error : Element domain failed to validate content
vm-ovmf.xml fails to validate
Another issue filed to: Bug 2035888 - Managedsave-edit should forbid modify some tpm configs such as pcrbank Verify on:
libvirt-7.10.0-1.el9.x86_64
qemu-kvm-6.2.0-1.el9.x86_64
swtpm-0.7.0-1.20211109gitb79fd91.el9.x86_64
libtpms-0.9.1-0.20211126git1ff6fe1f43.el9.x86_64
edk2-ovmf-20210527gite1999b264f1f-7.el9.noarch
Steps:
1. Set sha384:
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'>
<encryption secret='b4a117f1-8af2-44a4-91b8-7f0d2d4d68a3'/>
<active_pcr_banks>
<sha384/>
</active_pcr_banks>
</backend>
<alias name='tpm0'/>
</tpm>
# virsh define vm-ovmf.xml
Domain 'vm-ovmf' defined from vm-ovmf.xml
# virsh start vm-ovmf
Domain 'vm-ovmf' started
# cat /var/log/libvirt/virtqemud.log|grep 'to run /usr/bin/swtpm'
2021-12-28 06:32:42.199+0000: 161052: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --pwdfile-fd 25 --cipher aes-256-cbc --tpm-state /var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2 --vmid vm-ovmf:bbd16783-8077-43f3-bf37-3f0c486cc586 --logfile /var/log/swtpm/libvirt/qemu/vm-ovmf-swtpm.log --createek --create-ek-cert --create-platform-cert --lock-nvram --not-overwrite
2021-12-28 06:32:42.286+0000: 161052: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --pwdfile-fd 25 --cipher aes-256-cbc --tpm-state /var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2 --logfile /var/log/swtpm/libvirt/qemu/vm-ovmf-swtpm.log --pcr-banks sha384 --reconfigure
2021-12-28 06:32:42.307+0000: 161052: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/4-vm-ovmf-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/vm-ovmf-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/4-vm-ovmf-swtpm.pid --key pwdfd=25,mode=aes-256-cbc --migration-key pwdfd=27,mode=aes-256-cbc
# grep sha /var/log/swtpm/libvirt/qemu/vm-ovmf-swtpm.log
Successfully activated PCR banks sha384 among sha1,sha256,sha384,sha512.
# virsh managedsave vm-ovmf
Domain 'vm-ovmf' state saved by libvirt
# virsh start vm-ovmf
Domain 'vm-ovmf' started
# virsh migrate vm-ovmf --live qemu+ssh://host***/system --verbose --p2p
Migration: [100 %]
[root@localhost ~]# tpm2_getrandom --hex 8
m'fc62d68bff15a3
[root@localhost ~]# tpm2_pcrread
sha1:
sha256:
sha384:
0 : 0x4733994C26A92B2FA846147945864EB788C3D1A55401A0A647008B006DF2878A5609C0491FA1937E5FC56640B3835245
1 : 0x6C340682CE451190A62A323D3AFA396289725C1BA094A91A32CFBC800486CAD0DC50D88C33C05A15BDAC92F274CB258F
...
23: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
sha512:
Domain rename+start succeed.
Managedsave, restore succeed.
2. Edit to other pcrbanks: sha512, sha1, sha256, multi(all four). Test start managedsave+start, p2p migration, all succeeds.
Pcrread example for multi in guests are like:
sha1:
0 : 0x9387FA9F5235032AE5A14ADD91A23BFBBFA5209B
1 : 0x271C15B396906EBDFEE20656149398E63B9BA404
...
23: 0x0000000000000000000000000000000000000000
sha256:
0 : 0x569200EF16B06BBF5021079F7C9EC661097898528D95A85D0FA2DF6852B57502
1 : 0x213B7788B0105ABCD8C5A9895A9EFE38549733A8C594565E3B208391582460AD
...
23: 0x0000000000000000000000000000000000000000000000000000000000000000
sha384:
0 : 0x7E3ED52A368A6F622196F2676578005D4DBF957A305190DC6ED9BDCE123A4C259163A247A64DC8F96F01608BE7958DB9
1 : 0x6C340682CE451190A62A323D3AFA396289725C1BA094A91A32CFBC800486CAD0DC50D88C33C05A15BDAC92F274CB258F
...
23: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
sha512:
0 : 0xEAF75EE1076DDA0FC3B9C2FCF22602C5AEB9B56E33A912B0A4F404113F2A45020E80AAF05BAF0F5DF33345063D14FE928CA9C6C59C9FAA98AADB2A45F100EBEA
1 : 0xA4E7072554849C17A96E062FFD956452CF6F18125A976A54F2E13D8907004232BD2A26313013287208E76D0E3A450AEACB2DBD75EA2B6DA59DD7BECD2F0DE68A
...
23: 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3. # virsh define vm-ovmf.xml
error: Failed to define domain from vm-ovmf.xml
error: unsupported configuration: Unsupported PCR banks 'sha224'
# virsh create vm-ovmf.xml
error: Failed to create domain from vm-ovmf.xml
error: unsupported configuration: Unsupported PCR banks 'sha224'
# virsh edit vm-ovmf
error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng
Extra element devices in interleave
Element domain failed to validate content
Failed. Try again? [y,n,i,f,?]:
4. # virsh create vm-ovmf.xml
Domain 'vm-ovmf' created from vm-ovmf.xml
2021-12-28 08:25:07.357+0000: 166130: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --pwdfile-fd 25 --cipher aes-256-cbc --tpm-state /var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2 --logfile /var/log/swtpm/libvirt/qemu/vm-ovmf-swtpm.log --pcr-banks sha1,sha256,sha384,sha512 --reconfigure
2021-12-28 08:25:07.378+0000: 166130: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/1-vm-ovmf-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/vm-ovmf-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/1-vm-ovmf-swtpm.pid --key pwdfd=25,mode=aes-256-cbc --migration-key pwdfd=27,mode=aes-256-cbc
Migrate succeed. Tpm works well in guest os.
Patches send upstream to address issue in comment 15: https://listman.redhat.com/archives/libvir-list/2022-January/msg00047.html Merged upstream as: fbe70d9525 conf: Make virDomainTPMDefFormat() return void dcc278d04e qemuxml2xmloutdata: Turn tpm-*.xml files into symlinks 5e2a368c61 conf: Rework <tpm/> formatting d00e6dfe6b qemuxml2xmltest: Introduce tpm-emulator-spapr test v7.10.0-401-gfbe70d9525 Hi Michal,
I tested a special scenario thus have a question. Could you help check pls?
After using a <active_pcr_banks>(e.g. sha384) for once guest start, if next time deleting this element, guest will still use last configured pcrbank, not default sha256:
Steps:
1. start guest with sha384
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'>
<encryption secret='e7442270-f813-4e48-a57b-5a5ff9d67ace'/>
<active_pcr_banks>
<sha384/>
</active_pcr_banks>
</backend>
</tpm>
# cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2022-01-11 09:18:09.943+0000: 273880: debug : virCommandRunAsync:2630 : About to run /usr/bin/swtpm_setup --tpm2 --pwdfile-fd 27 --cipher aes-256-cbc --tpm-state /var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2 --logfile /var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log --pcr-banks sha384 --reconfigure
2022-01-11 09:18:09.967+0000: 273880: debug : virCommandRunAsync:2630 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/9-avocado-vt-vm1-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/9-avocado-vt-vm1-swtpm.pid --key pwdfd=27,mode=aes-256-cbc --migration-key pwdfd=29,mode=aes-256-cbc
# grep sha /var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log
Successfully activated PCR banks sha384 among sha1,sha256,sha384,sha512.
Login to guest os and check #tpm2_pcrread, only sha384 pcrbank has pcr values.
2. shutdown guest and start again with no pcrbank specified:
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'>
<encryption secret='e7442270-f813-4e48-a57b-5a5ff9d67ace'/>
</backend>
<alias name='tpm0'/>
</tpm>
# cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2022-01-11 09:19:21.335+0000: 273883: debug : virCommandRunAsync:2630 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/10-avocado-vt-vm1-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/10-avocado-vt-vm1-swtpm.pid --key pwdfd=27,mode=aes-256-cbc --migration-key pwdfd=29,mode=aes-256-cbc
# grep sha /var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log
(no new output)
Login to guest os:
# virsh console avocado-vt-vm1
[root@localhost ~]# tpm2_pcrread
sha1:
sha256:
sha384:
0 : 0x7E3ED52A368A6F622196F2676578005D4DBF957A305190DC6ED9BDCE123A4C259163A247A64DC8F96F01608BE7958DB9
1 : 0x6C340682CE451190A62A323D3AFA396289725C1BA094A91A32CFBC800486CAD0DC50D88C33C05A15BDAC92F274CB258F
...
23: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
sha512:
Is it an issue? Since it may be confusing when no <active_pcr_banks> in xml:
(1)if <active_pcr_banks> never used before, default pcrbank is sha256.
(2)if <active_pcr_banks> ever used, default pcrbank is the last configured one.
Nowhere to check in libvirt xml(or qemu cmd line), can only be checked by searching previous log or tpm2_pcrread in guest os.
Does libvirt need to call swtpm_setup again to restore to sha256?
Thanks.
(In reply to yanqzhan from comment #23) > Hi Michal, > > I tested a special scenario thus have a question. Could you help check pls? Yes, this is very similar to how per-domain NVRAM_VAR store is handled. I mean, if domain specific /var/lib/libvirt/qemu/nvram/* file exists then it is never overwritten, even if domain is switched to BIOS. I don't think this is such common scenario to block this bug. But I agree that we could do something about it. Can you please open a new bug? (In reply to Michal Privoznik from comment #24) Thank you! A new bug is bz2039246. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (new packages: libvirt), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:2390 |