Bug 2097947

Summary: Not able to install windows 11 OS with vTPM in spec (RHEL 8.7)
Product: Red Hat Enterprise Linux 8 Reporter: Qinghua Cheng <qcheng>
Component: swtpmAssignee: Marc-Andre Lureau <marcandre.lureau>
Status: CLOSED ERRATA QA Contact: Qinghua Cheng <qcheng>
Severity: high Docs Contact:
Priority: high    
Version: 8.7CC: ailan, berrange, coli, fdeutsch, jinzhao, jlejosne, juzhang, kkiwi, lmen, marcandre.lureau, mdean, mkedzier, mtessun, mzamazal, qizhu, ssorce, stefanb, yanqzhan, ycui, ymankad
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://github.com/stefanberger/libtpms/issues/51
Whiteboard:
Fixed In Version: 0.7.0-3.20211109gitb79fd91 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2090219
: 2109568 (view as bug list) Environment:
Last Closed: 2022-11-08 09:20:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2090219    
Bug Blocks: 2089301, 2089955, 2097939, 2109568    

Comment 12 Yanqiu Zhang 2022-06-30 14:36:12 UTC 
Verified for linux guest with:
libvirt-8.0.0-8.module+el8.7.0+15648+3854f89a.x86_64
qemu-kvm-6.2.0-16.module+el8.7.0+15743+c774064d.x86_64
swtpm-0.7.0-3.20211109gitb79fd91.module+el8.7.0+15743+c774064d.x86_64
libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13725+61ae1949.x86_64
edk2-ovmf-20220126gitbb1bba3d77-2.el8.noarch

# fips-mode-setup --check
FIPS mode is enabled.

# virsh start avocado-vt-vm1
Domain 'avocado-vt-vm1' started

# cat /var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log
...
Successfully created EK certificate locally.
Successfully created NVRAM area 0x1c00016 for ECC EK certificate.
Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512.
Successfully authored TPM state.
Ending vTPM manufacturing @ Thu 30 Jun 2022 09:12:43 AM EDT
Warning: Disabled OpenSSL FIPS mode

And regression test of vtpm auto cases passed on this host.
Comment 13 Qinghua Cheng 2022-07-01 01:07:30 UTC 
Verified with Windows guest:
kernel: 4.18.0-402.el8.x86_64
qemu-kvm: qemu-kvm-6.2.0-16.module+el8.7.0+15743+c774064d.x86_64
libtpms: libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13725+61ae1949.x86_64
swtpm: swtpm-0.7.0-3.20211109gitb79fd91.module+el8.7.0+15743+c774064d.x86_64
edk2: edk2-ovmf-20220126gitbb1bba3d77-2.el8.noarch

# fips-mode-setup --check
FIPS mode is enabled.

Win11 guest installed successfully and vtpm regression test pass.
Comment 16 errata-xmlrpc 2022-11-08 09:20:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7472