Created attachment 1319382 [details]
[PATCH] tpm: Use /dev/null for cancel path if none was found
Description of problem:
Trusted Platform Module 2.0 (TPM2) device passthrough is not working on Fedora 26.
Version-Release number of selected component (if applicable):
Easy to reproduce
Steps to Reproduce:
1. Create a new VM on a host with a TPM2 device
2. Add a new TPM hardware to the VM using the passthrough device backend
3. Try to power on the VM
Starting the VM fails with:
Error starting domain: internal error: No usable sysfs TPM cancel file could be found
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 89, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 125, in tmpcb
File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 82, in newfn
ret = fn(self, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/domain.py", line 1489, in startup
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1039, in create
if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: internal error: No usable sysfs TPM cancel file could be found
The VM should start and the host TPM2 be accessible from the VM guest.
TPM passthrough works correctly with TPM1.2, it only fails with TPM2.
The bug it's also present in upstream libvirt. Stefan Berger posted a patch to the libvirt list some time ago but it hasn't been merged yet:
I'm attaching the patch here.
I've created a pull request to update the f26 package adding the mentioned patch:
If the changes are accepted, I can also propose pull request for f27 and master branches.
The patch is upstream in libvirt now:
Author: Stefan Berger <email@example.com>
Date: Thu Jun 29 14:01:11 2017 -0400
tpm: Use /dev/null for cancel path if none was found
(In reply to Javier Martinez Canillas from comment #1)
> I've created a pull request to update the f26 package adding the mentioned
Thanks! But i'll be pushing a build with a few more patches so I won't be using that change directly, but I appreciate the the effort :)
libvirt-3.2.1-6.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff7b30a42d
libvirt-3.2.1-6.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff7b30a42d
libvirt-3.2.1-6.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.