Bug 2039246

Summary: Vtpm pcrbank does not changed if swtiching guest xml from active_pcr_banks to default
Product: Red Hat Enterprise Linux 9 Reporter: Yanqiu Zhang <yanqzhan>
Component: libvirtAssignee: Virtualization Maintenance <virt-maint>
libvirt sub component: General QA Contact: Yanqiu Zhang <yanqzhan>
Status: CLOSED ERRATA Docs Contact:
Severity: unspecified    
Priority: unspecified CC: dyuan, jdenemar, mprivozn, stefanb, virt-maint, xuzhang, yanqzhan
Version: 9.0   
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-8.0.0-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-17 12:46:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version: 8.0.0
Embargoed:

Description Yanqiu Zhang 2022-01-11 10:48:26 UTC 
Description of problem:
After using a <active_pcr_banks>(e.g. sha384) for once guest start, if next time deleting this element and start, guest will still use last configured pcrbank, not default sha256:


Version-Release number of selected component (if applicable):
libvirt-8.0.0-0rc1.1.el9.x86_64
qemu-kvm-6.2.0-3.el9.x86_64

How reproducible:
100%

Steps to Reproduce:
1. start guest with sha384
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <encryption secret='e7442270-f813-4e48-a57b-5a5ff9d67ace'/>
        <active_pcr_banks>
          <sha384/>
        </active_pcr_banks>
      </backend>
    </tpm>

#  cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2022-01-11 09:18:09.943+0000: 273880: debug : virCommandRunAsync:2630 : About to run /usr/bin/swtpm_setup --tpm2 --pwdfile-fd 27 --cipher aes-256-cbc --tpm-state /var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2 --logfile /var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log --pcr-banks sha384 --reconfigure
2022-01-11 09:18:09.967+0000: 273880: debug : virCommandRunAsync:2630 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/9-avocado-vt-vm1-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/9-avocado-vt-vm1-swtpm.pid --key pwdfd=27,mode=aes-256-cbc --migration-key pwdfd=29,mode=aes-256-cbc

# grep sha /var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log
Successfully activated PCR banks sha384 among sha1,sha256,sha384,sha512.

Login to guest os and check #tpm2_pcrread, only sha384 pcrbank has pcr values.

2. shutdown guest and start again with no pcrbank specified:
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <encryption secret='e7442270-f813-4e48-a57b-5a5ff9d67ace'/>
      </backend>
      <alias name='tpm0'/>
    </tpm>

# cat  /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2022-01-11 09:19:21.335+0000: 273883: debug : virCommandRunAsync:2630 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/10-avocado-vt-vm1-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/10-avocado-vt-vm1-swtpm.pid --key pwdfd=27,mode=aes-256-cbc --migration-key pwdfd=29,mode=aes-256-cbc

# grep sha /var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log
(no new output)

Login to guest os:
# virsh console avocado-vt-vm1 
[root@localhost ~]# tpm2_pcrread
sha1:
sha256:
sha384:
  0 : 0x7E3ED52A368A6F622196F2676578005D4DBF957A305190DC6ED9BDCE123A4C259163A247A64DC8F96F01608BE7958DB9
  1 : 0x6C340682CE451190A62A323D3AFA396289725C1BA094A91A32CFBC800486CAD0DC50D88C33C05A15BDAC92F274CB258F
  ...
  23: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
sha512:

Actual results:


Expected results:
Maybe libvirt can detect difference between last configuration(<sha384/>) and current default setting(no <active_pcr_banks>), then call swtpm_setup to reconfigure pcrbank for once.

Additional info:
# swtpm_setup --help|grep pcr -A3
--pcr-banks <banks>
                 : Set of PCR banks to activate. Provide a comma separated list
                   like 'sha1,sha256'. '-' to skip and leave all banks active.
                   Default: sha256

# tail -2 /etc/swtpm_setup.conf 
# Comma-separated list (no spaces) of PCR banks to activate by default
active_pcr_banks = sha256
Comment 1 Stefan Berger 2022-01-11 13:45:02 UTC 
The behavior of libvirt is so that it activates the PCR banks given in the XML every time the VM is cold-started. It leaves the PCR bank configuration alone if no XML is given. This way the user can change the active PCR banks using the firmware menu (UEFI or SeaBIOS or SLOF) and libvirt will leave it at that.

> Expected results:
> Maybe libvirt can detect difference between last configuration(<sha384/>) and current default setting(no <active_pcr_banks>), then call swtpm_setup to reconfigure pcrbank for once.

No, leave the user the possibility to reconfigure the PCR banks with the firmware and don't touch it from the libvirt level anymore. 

My suggestion: Do not fix.
Comment 2 Michal Privoznik 2022-01-11 14:27:05 UTC 
@stefanb.com should libvirt then at least report what PCR banks are configured (assuming we are able to get that info from the host)? Alternatively, we might just document this behavior.
Comment 3 Stefan Berger 2022-01-11 14:32:13 UTC 
The current documentation states:

active_pcr_banks

    The active_pcr_banks node is used to define which of the PCR banks of a TPM 2.0 to activate. Valid names are for example sha1, sha256, sha384, and sha512. If this node is provided, the set of PCR banks are activated before every start of a VM and this step is logged in the swtpm's log. This attribute requires that swtpm_setup v0.7 or later is installed and may not have any effect otherwise. The selection of PCR banks only works with the emulator backend. since:Since 7.10.0


We can maybe add the following documentation clarifying what is happening if the XML node is not provided.


[...] If this node is provided, the set of PCR banks are activated before every start of a VM and this step is logged in the swtpm's log. >If this node is missing, the configuration of the PCR banks will not be modified.< This attribute requires ...
Comment 4 Stefan Berger 2022-01-11 14:37:46 UTC 
(In reply to Michal Privoznik from comment #2)
> @stefanb.com should libvirt then at least report what PCR banks are
> configured (assuming we are able to get that info from the host)?

It's not easy for libvirt to get to the current configuration information nor does swtpm or swtpm_setup support o retrieve the info other than users sending proper TPM commands to it. 
The user can figure these things out on the UEFI/SeaBIOS/SLOF TPM menu level because it's all displayed there. Under Linux one can figure it out using TSS tools or sysfs. I am not familiar with Windows.
Comment 5 Jiri Denemark 2022-01-13 09:48:09 UTC 
Fixed upstream by

commit 7c1757279861759533e77425b4726f0a94448c37
Refs: v8.0.0-rc2-7-g7c17572798
Author:     Stefan Berger <stefanb.com>
AuthorDate: Wed Jan 12 10:49:52 2022 -0500
Commit:     Jiri Denemark <jdenemar>
CommitDate: Thu Jan 13 10:44:15 2022 +0100

    docs: tpm: Clarify omission or removal of active_pcr_banks node

    Add a sentence to the active_pcr_banks node documentation that clarifies
    that when the active_pcr_banks node is removed from the XML or when it
    is omitted that the set of active PCR banks is not changed anymore.

    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2039246
    Signed-off-by: Stefan Berger <stefanb.com>
    Reviewed-by: Jiri Denemark <jdenemar>
Comment 6 Yanqiu Zhang 2022-01-14 03:34:22 UTC 
Pre-verify on:
v8.0.0-rc2-11-g55a248d354

# grep "If this node is removed"  /usr/share/doc/libvirt-docs/html/formatdomain.html -4
<dd><p>The <span class="docutils literal">active_pcr_banks</span> node is used to define which of the PCR banks
of a TPM 2.0 to activate. Valid names are for example sha1, sha256, sha384,
and sha512. If this node is provided, the set of PCR banks are activated
before every start of a VM and this step is logged in the swtpm's log.
If this node is removed or omitted then libvirt will not modify the
active PCR banks upon VM start but leave them at their last configuration.
This attribute requires that swtpm_setup v0.7 or later is installed
and may not have any effect otherwise. The selection of PCR banks only works
with the <span class="docutils literal">emulator</span> backend. since:<cite>Since 7.10.0</cite></p>
Comment 10 Yanqiu Zhang 2022-01-17 08:10:29 UTC 
Verified with:
libvirt-docs-8.0.0-1.el9.x86_64

1.# grep "If this node is removed"  /usr/share/doc/libvirt-docs/html/formatdomain.html -4
<dd><p>The <span class="docutils literal">active_pcr_banks</span> node is used to define which of the PCR banks
of a TPM 2.0 to activate. Valid names are for example sha1, sha256, sha384,
and sha512. If this node is provided, the set of PCR banks are activated
before every start of a VM and this step is logged in the swtpm's log.
If this node is removed or omitted then libvirt will not modify the
active PCR banks upon VM start but leave them at their last configuration.
This attribute requires that swtpm_setup v0.7 or later is installed
and may not have any effect otherwise. The selection of PCR banks only works
with the <span class="docutils literal">emulator</span> backend. since:<cite>Since 7.10.0</cite></p>

2. Check last https://libvirt.org/formatdomain.html#tpm-device
active_pcr_banks
The active_pcr_banks node is used to define which of the PCR banks of a TPM 2.0 to activate. Valid names are for example sha1, sha256, sha384, and sha512. If this node is provided, the set of PCR banks are activated before every start of a VM and this step is logged in the swtpm's log. If this node is removed or omitted then libvirt will not modify the active PCR banks upon VM start but leave them at their last configuration. This attribute requires that swtpm_setup v0.7 or later is installed and may not have any effect otherwise. The selection of PCR banks only works with the emulator backend. since:Since 7.10.0
Comment 12 errata-xmlrpc 2022-05-17 12:46:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: libvirt), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2390