Created attachment 1319382 [details] [PATCH] tpm: Use /dev/null for cancel path if none was found Description of problem: Trusted Platform Module 2.0 (TPM2) device passthrough is not working on Fedora 26. Version-Release number of selected component (if applicable): libvirt-3.2.1-5 How reproducible: Easy to reproduce Steps to Reproduce: 1. Create a new VM on a host with a TPM2 device 2. Add a new TPM hardware to the VM using the passthrough device backend <tpm model='tpm-tis'> <backend type='passthrough'> <device path='/dev/tpm0'/> </backend> </tpm> 3. Try to power on the VM Actual results: Starting the VM fails with: Error starting domain: internal error: No usable sysfs TPM cancel file could be found Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 89, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 125, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 82, in newfn ret = fn(self, *args, **kwargs) File "/usr/share/virt-manager/virtManager/domain.py", line 1489, in startup self._backend.create() File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1039, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: internal error: No usable sysfs TPM cancel file could be found Expected results: The VM should start and the host TPM2 be accessible from the VM guest. Additional info: TPM passthrough works correctly with TPM1.2, it only fails with TPM2. The bug it's also present in upstream libvirt. Stefan Berger posted a patch to the libvirt list some time ago but it hasn't been merged yet: https://www.spinics.net/linux/fedora/libvir/msg150107.html I'm attaching the patch here.
I've created a pull request to update the f26 package adding the mentioned patch: https://src.fedoraproject.org/rpms/libvirt/pull-request/1 If the changes are accepted, I can also propose pull request for f27 and master branches.
The patch is upstream in libvirt now: commit dfbb15b75433e520fb1b905c1c3e28753e53e4a5 Author: Stefan Berger <stefanb.ibm.com> Date: Thu Jun 29 14:01:11 2017 -0400 tpm: Use /dev/null for cancel path if none was found (In reply to Javier Martinez Canillas from comment #1) > I've created a pull request to update the f26 package adding the mentioned > patch: > > https://src.fedoraproject.org/rpms/libvirt/pull-request/1 Thanks! But i'll be pushing a build with a few more patches so I won't be using that change directly, but I appreciate the the effort :)
libvirt-3.2.1-6.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff7b30a42d
libvirt-3.2.1-6.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff7b30a42d
libvirt-3.2.1-6.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.