RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Emulated TPM2 support requires OVMF support, from commit d20ae95a13e851d56c6618108b18c93526505ca2 and earlier.

That commit is part of the edk2 tag "edk2-stable201903", which RHEL-8.1 targets (https://bugzilla.redhat.com/show_bug.cgi?id=1687731)

however, we'd need to modify the build flags in the SPEC file (and the
ad-hoc testing instructions in the README), to specify TPM2_ENABLE. (And
maybe TPM2_CONFIG_ENABLE too, but I'd strongly prefer if we left out
TPM2_CONFIG_ENABLE -- I think we can promise supporting TPM2_ENABLE, but
TPM2_CONFIG_ENABLE is totally immature for that.)

Once an official Brew build is available for prerequisite bug 1687731, I'll prepare a scratch build (with the build flag changes that are necessary), for Marc-André to check. I'll set devel_ack+ when he confirms the build is OK.

FuXiangChun, this BZ should be sanity checked both with and without an
swtpm configured. Regarding the former case, I defer to Marc-André. In
the latter case (no swtpm), the following two changes in behavior are
expected:

- the boot might take slightly longer

- in the OVMF debug log, you should see messages like:

> Tcg2ConfigPeimEntryPoint: no TPM2 detected
> ...
> No TPM2 instance required!
> ...
> DxeTpm2MeasureBootHandler - Tcg2 - Not Found
> ...
> WARNING: Tpm2RegisterTpm2DeviceLib - does not support
> 286BF25A-C2C3-408C-B3B4-25E6758B7317 registration

Thanks.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3338