Bug 1486240 - libvirt: tpm2 device passthrough fails
Summary: libvirt: tpm2 device passthrough fails
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: libvirt
Version: 26
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Libvirt Maintainers
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-08-29 09:53 UTC by Javier Martinez Canillas
Modified: 2017-12-04 15:10 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-12-04 15:10:18 UTC
Type: Bug


Attachments (Terms of Use)
[PATCH] tpm: Use /dev/null for cancel path if none was found (1.15 KB, application/mbox)
2017-08-29 09:53 UTC, Javier Martinez Canillas
no flags Details

Description Javier Martinez Canillas 2017-08-29 09:53:39 UTC
Created attachment 1319382 [details]
[PATCH] tpm: Use /dev/null for cancel path if none was found

Description of problem:

Trusted Platform Module 2.0 (TPM2) device passthrough is not working on Fedora 26.

Version-Release number of selected component (if applicable):

libvirt-3.2.1-5

How reproducible:

Easy to reproduce

Steps to Reproduce:
1. Create a new VM on a host with a TPM2 device
2. Add a new TPM hardware to the VM using the passthrough device backend

    <tpm model='tpm-tis'>
      <backend type='passthrough'>
        <device path='/dev/tpm0'/>
      </backend>
    </tpm>

3. Try to power on the VM

Actual results:

Starting the VM fails with:

Error starting domain: internal error: No usable sysfs TPM cancel file could be found

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 89, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 125, in tmpcb
    callback(*args, **kwargs)
  File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 82, in newfn
    ret = fn(self, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/domain.py", line 1489, in startup
    self._backend.create()
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1039, in create
    if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: internal error: No usable sysfs TPM cancel file could be found

Expected results:

The VM should start and the host TPM2 be accessible from the VM guest.

Additional info:

TPM passthrough works correctly with TPM1.2, it only fails with TPM2.

The bug it's also present in upstream libvirt. Stefan Berger posted a patch to the libvirt list some time ago but it hasn't been merged yet:

https://www.spinics.net/linux/fedora/libvir/msg150107.html

I'm attaching the patch here.

Comment 1 Javier Martinez Canillas 2017-08-29 10:23:49 UTC
I've created a pull request to update the f26 package adding the mentioned patch:

https://src.fedoraproject.org/rpms/libvirt/pull-request/1

If the changes are accepted, I can also propose pull request for f27 and master branches.

Comment 2 Cole Robinson 2017-09-14 20:32:07 UTC
The patch is upstream in libvirt now:

commit dfbb15b75433e520fb1b905c1c3e28753e53e4a5
Author: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date:   Thu Jun 29 14:01:11 2017 -0400

    tpm: Use /dev/null for cancel path if none was found


(In reply to Javier Martinez Canillas from comment #1)
> I've created a pull request to update the f26 package adding the mentioned
> patch:
> 
> https://src.fedoraproject.org/rpms/libvirt/pull-request/1

Thanks! But i'll be pushing a build with a few more patches so I won't be using that change directly, but I appreciate the the effort :)

Comment 3 Fedora Update System 2017-09-16 19:13:22 UTC
libvirt-3.2.1-6.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff7b30a42d

Comment 4 Fedora Update System 2017-09-17 10:51:15 UTC
libvirt-3.2.1-6.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff7b30a42d

Comment 5 Fedora Update System 2017-10-12 02:51:30 UTC
libvirt-3.2.1-6.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.