RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2016599 - libvirt should setup swtpm with sha1 disabled
Summary: libvirt should setup swtpm with sha1 disabled
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: libvirt
Version: 9.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Michal Privoznik
QA Contact: Yanqiu Zhang
URL:
Whiteboard:
Depends On:
Blocks: 1935497
TreeView+ depends on / blocked
 
Reported: 2021-10-22 08:03 UTC by Gerd Hoffmann
Modified: 2022-05-17 13:05 UTC (History)
15 users (show)

Fixed In Version: libvirt-7.10.0-1.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-05-17 12:45:49 UTC
Type: Bug
Target Upstream Version: 7.10.0
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github autotest tp-libvirt pull 4046 0 None Merged tpm_device: add active_pcr_banks test 2022-05-10 06:38:54 UTC
Red Hat Issue Tracker RHELPLAN-100549 0 None None None 2021-10-22 08:04:54 UTC
Red Hat Product Errata RHBA-2022:2390 0 None None None 2022-05-17 12:46:14 UTC

Description Gerd Hoffmann 2021-10-22 08:03:13 UTC 
Description of problem:
swtpm_setup creates a tpm with sha1 and sha256 pcr banks enabled by default.
swtpm_setup has a --pcr-banks config switch to create a different
configuration instead.  libvirt should use that to turn off sha1 by default.

see also https://bugzilla.redhat.com/show_bug.cgi?id=1935497#c36
Comment 1 Daniel Berrangé 2021-10-25 08:07:08 UTC 
Should we just modify the swtpm build to not enable the deprecated algorithms by default ?
Comment 2 Gerd Hoffmann 2021-10-25 12:30:25 UTC 
I think it better should be configurable.

Not fully clear what implication this has on guests.  James Bottomley thinks the
linux kernel doesn't cope well because it assumes the SHA1 bank will be available.

Upstream discussion @ edk2 devel (on a patch removing sha1 support from ovmf tpm code)
https://edk2.groups.io/g/devel/message/82518?p=%2C%2C%2C100%2C0%2C0%2C0%3A%3Arecentpostdate%2Fsticky%2C%2CSHA1%2C100%2C2%2C0%2C86487987

Cc'ed Stefan.  Seems James has no RH bugzilla account.
Comment 3 Daniel Berrangé 2021-10-25 12:49:34 UTC 
(In reply to Gerd Hoffmann from comment #2)
> I think it better should be configurable.
> 
> Not fully clear what implication this has on guests.  James Bottomley thinks
> the
> linux kernel doesn't cope well because it assumes the SHA1 bank will be
> available.

If that's correct, then I don't see it being viable to disable sha1 by default in libvirt/swtpm/edk2.

It'll have a negative impact on all existing Linux distro releases.

To disable sha1 by default, we need to be confident that the majority of supported OS distros will work correctly with that configuration.

So this feels like we need choice of algs to be configurable in libvirt, and likely have a manual opt-out of sha1 initially.

> 
> Upstream discussion @ edk2 devel (on a patch removing sha1 support from ovmf
> tpm code)
> https://edk2.groups.io/g/devel/message/
> 82518?p=%2C%2C%2C100%2C0%2C0%2C0%3A%3Arecentpostdate%2Fsticky%2C%2CSHA1%2C100
> %2C2%2C0%2C86487987
> 
> Cc'ed Stefan.  Seems James has no RH bugzilla account.

This thread doesn't give me confidence in disabling SHA1 by default.
Comment 4 Stefan Berger 2021-10-25 14:37:53 UTC 
I had swtpm configured, via swtpm_setup, to have the SHA1 and SHA256 banks active. This was for a transition time until we move completely to SHA256. I changed swtpm_setup last week to now configure swtpm to come up with the SHA256 bank active by default and all other ones (SHA1, SHA384, SHA512) are deactivated. However, if this default device configuration isn't good one can always go into the UEFI menu and activate the other PCR banks as well. From what I am hearing these days hardware TPMs are also coming up with SHA256 banks activated and the SHA1 bank deactivated. IF two banks are active then it's typically SHA256 and SHA384. This is how the manufacturer configures the devices. Source : Kenneth Goldman (long-term TCG member). Mimi Zohar, maintainer of IMA, tells me that sha256 should be fine.

If we want to do this via libvirt we can pass --pcr-banks to the swtpm_setup command line parameters which overrides the defaults then. This program gets launched the **first** time a VM is started and it simulates the manufacturing of a TPM.

There are a couple of choices regarding this command line parameter:

- hard code  --pcr-banks sha256    or whatever is good for 'these days'
- have this in /etc/libvirt/qemu.conf   maybe under 'swtpm_active_pcr_banks = sha256' with a fallback to 'sha256'
- have this in the domain XML for a per-VM config along with a fallback to 'sha256'
Comment 5 Stefan Berger 2021-10-26 01:29:31 UTC 
(In reply to Daniel Berrangé from comment #3)
> (In reply to Gerd Hoffmann from comment #2)
> > I think it better should be configurable.
> > 
> > Not fully clear what implication this has on guests.  James Bottomley thinks
> > the
> > linux kernel doesn't cope well because it assumes the SHA1 bank will be
> > available.
> 
> If that's correct, then I don't see it being viable to disable sha1 by
> default in libvirt/swtpm/edk2.

edk2 should not remove SHA1 support from its TPM 2 support but use the SHA 1 bank if it is available. SeaBIOS (& SLOF) knows how to deal with various combinations of hash banks, so that shouldn't be a problem, either.

Now in Linux: What IMA may be configured with is a SHA1 for hashing of files. It would then 0-pad the SHA 1 for extending the PCR 10 in the available banks, among them the SHA 256 bank.

https://elixir.bootlin.com/linux/v5.0.21/source/drivers/char/tpm/tpm-interface.c#L497

But also that padding behavior may have changed over time:

https://elixir.bootlin.com/linux/v5.15-rc7/source/drivers/char/tpm/tpm-interface.c#L304

I don't think this comment about sha1-bank in the code is correct. It may be related to a TPM 1.2 that only had sha1 support but for TPM 2 it uses all allocated hash banks.

> 
> It'll have a negative impact on all existing Linux distro releases.

My worries would be with things like Keylime that may have to be configure with sha1 versus sha256 to work around how IMA's padding behavior may have changed (and I am not quite clear on this just by reading the code). The firmwares should be able to deal with it.
Comment 11 Michal Privoznik 2021-11-05 08:39:46 UTC 
Merged upstream as:

commit a5bbe1a8b6321852634817c423695e58518c4f4f
Author:     Stefan Berger <stefanb.com>
AuthorDate: Wed Nov 3 13:04:23 2021 -0400
Commit:     Michal Prívozník <mprivozn>
CommitDate: Fri Nov 5 09:22:50 2021 +0100

    qemu: tpm: Extend TPM domain XML with PCR banks to activate
    
    Extend the TPM backend XML with a node 'active_pcr_banks' that allows a
    user to specify the PCR banks to activate before starting a VM. Valid
    choices for PCR banks are sha1, sha256, sha384 and sha512. When the XML
    node is provided, the set of active PCR banks is 'enforced' by running
    swtpm_setup before every start of the VM. The activation requires that
    swtpm_setup v0.7 or later is installed and may not have any effect
    otherwise.
    
    <tpm model='tpm-tis'>
      <backend type='emulator' version='2.0'>
        <active_pcr_banks>
          <sha256/>
          <sha384/>
        </active_pcr_banks>
      </backend>
    </tpm>
    
    Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2016599
    
    Signed-off-by: Stefan Berger <stefanb.com>
    Signed-off-by: Michal Privoznik <mprivozn>
    Reviewed-by: Michal Privoznik <mprivozn>
Comment 12 Yanqiu Zhang 2021-11-25 13:44:38 UTC 
Pre-verified on fc35.

Pkgs:
libvirt-7.10.0-1.fc35.x86_64
qemu-kvm-6.1.0-11.fc36.x86_64
swtpm-0.7.0-1.20211109gitb79fd91.fc35.x86_64
libtpms-0.9.0-0.20211004gitdc4e3f6313.fc35.0.x86_64
edk2-ovmf-20210527gite1999b264f1f-2.fc35.noarch
kernel-5.14.18-300.fc35.x86_64

Steps:
1. sha384
# virsh edit yqz
Domain 'yqz' XML configuration edited.

# virsh start yqz
Domain 'yqz' started

# virsh dumpxml yqz|grep 'tpm m' -A8
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <active_pcr_banks>
          <sha384/>
        </active_pcr_banks>
      </backend>
      <alias name='tpm0'/>
    </tpm>
# ps uax|grep swtpm
tss        65095  0.4  0.0   9336  3960 ?        S    06:40   0:00 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/3-yqz-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/yqz-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/3-yqz-swtpm.pid
qemu       65103  107 17.7 3771972 704212 ?      Sl   06:40   0:26 /usr/bin/qemu-system-x86_64 -name guest=yqz,debug-threads=on -S … -tpmdev emulator,id=tpm-tpm0,chardev=chrtpm -chardev socket,id=chrtpm,path=/run/libvirt/qemu/swtpm/3-yqz-swtpm.sock -device tpm-crb,tpmdev=tpm-tpm0,id=tpm0 

# cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2021-11-25 11:40:12.619+0000: 64041: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2 --logfile /var/log/swtpm/libvirt/qemu/yqz-swtpm.log **--pcr-banks sha384** --reconfigure
2021-11-25 11:40:12.665+0000: 64041: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/3-yqz-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/yqz-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/3-yqz-swtpm.pid

# grep sha /var/log/swtpm/libvirt/qemu/yqz-swtpm.log 
Successfully activated PCR banks **sha384** among sha1,sha256,sha384,sha512.

# virsh console yqz
  [root@localhost ~]# tpm2_getrandom --hex 8
  2a18f8ee575308f0

2. sha512
# virsh dumpxml yqz|grep 'tpm m' -A8
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <active_pcr_banks>
          <sha512/>
        </active_pcr_banks>
      </backend>
      <alias name='tpm0'/>
    </tpm>
# cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2021-11-25 11:48:39.515+0000: 64042: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2 --logfile /var/log/swtpm/libvirt/qemu/yqz-swtpm.log --pcr-banks sha512 --reconfigure
2021-11-25 11:48:39.560+0000: 64042: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/4-yqz-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/yqz-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/4-yqz-swtpm.pid

# grep sha /var/log/swtpm/libvirt/qemu/yqz-swtpm.log 
Successfully activated PCR banks sha512 among sha1,sha256,sha384,sha512.

3. sha1
#  virsh dumpxml yqz|grep 'tpm m' -A8
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <active_pcr_banks>
          <sha1/>
        </active_pcr_banks>
      </backend>
      <alias name='tpm0'/>
    </tpm>
#  cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2021-11-25 11:53:50.088+0000: 64041: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2 --logfile /var/log/swtpm/libvirt/qemu/yqz-swtpm.log --pcr-banks sha1 --reconfigure
2021-11-25 11:53:50.159+0000: 64041: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/5-yqz-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/yqz-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/5-yqz-swtpm.pid

#  grep sha /var/log/swtpm/libvirt/qemu/yqz-swtpm.log
Successfully activated PCR banks sha1 among sha1,sha256,sha384,sha512.

4. Sha256
# virsh dumpxml yqz|grep 'tpm m' -A8
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <active_pcr_banks>
          <sha256/>
        </active_pcr_banks>
      </backend>
      <alias name='tpm0'/>
    </tpm>
# cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2021-11-25 11:59:37.735+0000: 64044: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2 --logfile /var/log/swtpm/libvirt/qemu/yqz-swtpm.log --pcr-banks sha256 --reconfigure
2021-11-25 11:59:37.783+0000: 64044: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/6-yqz-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/f1842afe-15fd-4e12-a1a7-0283194e52c7/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/yqz-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/6-yqz-swtpm.pid

#  grep sha /var/log/swtpm/libvirt/qemu/yqz-swtpm.log
Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512.

5.default
# virsh dumpxml yqz|grep 'tpm m' -A8
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'/>
      <alias name='tpm0'/>
    </tpm>
# cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'     (No "--pcr-banks" specified in swtpm_setup cmd)
2021-11-25 12:14:56.660+0000: 64041: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/6f4b62ce-0971-4e1b-865d-9bb4c577c095/tpm2 --vmid vm2:6f4b62ce-0971-4e1b-865d-9bb4c577c095 --logfile /var/log/swtpm/libvirt/qemu/vm2-swtpm.log --createek --create-ek-cert --create-platform-cert --lock-nvram --not-overwrite
2021-11-25 12:14:57.071+0000: 64041: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/10-vm2-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/6f4b62ce-0971-4e1b-865d-9bb4c577c095/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/vm2-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/10-vm2-swtpm.pid

# grep sha /var/log/swtpm/libvirt/qemu/vm2-swtpm.log
Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512.

# cat /etc/swtpm_setup.conf
# Program invoked for creating certificates
create_certs_tool= /usr/bin/swtpm_localca
create_certs_tool_config = /etc/swtpm-localca.conf
create_certs_tool_options = /etc/swtpm-localca.options
# Comma-separated list (no spaces) of PCR banks to activate by default
active_pcr_banks = sha256    <---(default setting, not sha1 anymore from swtpm-0.7)

6. multiple configured
# virsh dumpxml vm2|grep 'tpm m' -A10
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <active_pcr_banks>
          <sha1/>
          <sha256/>
          <sha384/>
          <sha512/>
        </active_pcr_banks>
      </backend>
      <alias name='tpm0'/>
    </tpm>
#  cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2021-11-25 12:47:12.264+0000: 64045: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/6f4b62ce-0971-4e1b-865d-9bb4c577c095/tpm2 --logfile /var/log/swtpm/libvirt/qemu/vm2-swtpm.log **--pcr-banks sha1,sha256,sha384,sha512** --reconfigure
2021-11-25 12:47:12.348+0000: 64045: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/14-vm2-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/6f4b62ce-0971-4e1b-865d-9bb4c577c095/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/vm2-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/14-vm2-swtpm.pid

#  grep sha /var/log/swtpm/libvirt/qemu/vm2-swtpm.log
Successfully activated PCR banks **sha1,sha256,sha384,sha512** among sha1,sha256,sha384,sha512.

7. define , create
# virsh define dom.xml 
Domain 'dom' defined from dom.xml

# virsh dumpxml dom
    <input type='keyboard' bus='ps2'/>
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <active_pcr_banks>
          <sha1/>
          <sha256/>
          <sha384/>
          <sha512/>
        </active_pcr_banks>
      </backend>
    </tpm>

# virsh create dom.xml 
Domain 'dom' created from dom.xml

# virsh dumpxml dom
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <active_pcr_banks>
          <sha1/>
          <sha256/>
          <sha384/>
          <sha512/>
        </active_pcr_banks>
      </backend>
      <alias name='tpm0'/>
    </tpm>

# cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'  (Use default sha256 at first init, then use xml setting)
2021-11-25 13:12:43.213+0000: 70450: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/9b5cd257-c53f-444b-b9c2-f2e5987ec9cb/tpm2 --vmid dom:9b5cd257-c53f-444b-b9c2-f2e5987ec9cb --logfile /var/log/swtpm/libvirt/qemu/dom-swtpm.log --createek --create-ek-cert --create-platform-cert --lock-nvram --not-overwrite
2021-11-25 13:12:43.468+0000: 70450: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --tpm-state /var/lib/libvirt/swtpm/9b5cd257-c53f-444b-b9c2-f2e5987ec9cb/tpm2 --logfile /var/log/swtpm/libvirt/qemu/dom-swtpm.log **--pcr-banks sha1,sha256,sha384,sha512** --reconfigure
2021-11-25 13:12:43.510+0000: 70450: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/3-dom-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/9b5cd257-c53f-444b-b9c2-f2e5987ec9cb/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/dom-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/3-dom-swtpm.pid

#  grep sha /var/log/swtpm/libvirt/qemu/dom-swtpm.log 
Successfully activated PCR banks **sha256** among sha1,sha256,sha384,sha512.
Successfully activated PCR banks **sha1,sha256,sha384,sha512** among sha1,sha256,sha384,sha512.

8. invalid xml:
# virsh define dom.xml 
error: Failed to define domain from dom.xml
error: unsupported configuration: Unsupported PCR banks 'sha111'

# virsh create dom.xml 
error: Failed to create domain from dom.xml
error: unsupported configuration: Unsupported PCR banks 'sha111'

# virsh edit dom
error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng
Extra element devices in interleave
Element domain failed to validate content

Failed. Try again? [y,n,i,f,?]:
Comment 15 Yanqiu Zhang 2021-12-28 04:52:12 UTC 
There is a minor issue found:
libvirt-7.10.0-1.el9.x86_64
qemu-kvm-6.2.0-1.el9.x86_64

After edit both encryption and pcrbanks to guest xml:
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <encryption secret='b4a117f1-8af2-44a4-91b8-7f0d2d4d68a3'/>
        <active_pcr_banks>
          <sha384/>
        </active_pcr_banks>
      </backend>
      <alias name='tpm0'/>
    </tpm>

An extra '>' is auto-added:

# virsh dumpxml vm-ovmf |grep /tpm -B10
    <input type='mouse' bus='ps2'/>
    <input type='keyboard' bus='ps2'/>
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <encryption secret='b4a117f1-8af2-44a4-91b8-7f0d2d4d68a3'/>
      >
        <active_pcr_banks>
          <sha384/>
        </active_pcr_banks>
      </backend>
    </tpm>

Guest can be started, but it's still also in live xml
# virsh start vm-ovmf 
Domain 'vm-ovmf' started

# virsh dumpxml vm-ovmf |grep /tpm -B9
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <encryption secret='b4a117f1-8af2-44a4-91b8-7f0d2d4d68a3'/>
      >
        <active_pcr_banks>
          <sha384/>
        </active_pcr_banks>
      </backend>
      <alias name='tpm0'/>
    </tpm>


# virsh dumpxml vm-ovmf --inactive > vm-ovmf.xml
# virt-xml-validate vm-ovmf.xml 
Relax-NG validity error : Extra element devices in interleave
vm-ovmf.xml:38: element devices: Relax-NG validity error : Element domain failed to validate content
vm-ovmf.xml fails to validate
Comment 16 Yanqiu Zhang 2021-12-28 11:04:14 UTC 
Another issue filed to: Bug 2035888 - Managedsave-edit should forbid modify some tpm configs such as pcrbank
Comment 17 Yanqiu Zhang 2021-12-28 11:51:48 UTC 
Verify on:
libvirt-7.10.0-1.el9.x86_64
qemu-kvm-6.2.0-1.el9.x86_64
swtpm-0.7.0-1.20211109gitb79fd91.el9.x86_64
libtpms-0.9.1-0.20211126git1ff6fe1f43.el9.x86_64
edk2-ovmf-20210527gite1999b264f1f-7.el9.noarch

Steps:
1. Set sha384:
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <encryption secret='b4a117f1-8af2-44a4-91b8-7f0d2d4d68a3'/>
        <active_pcr_banks>
          <sha384/>
        </active_pcr_banks>
      </backend>
      <alias name='tpm0'/>
    </tpm>

# virsh define vm-ovmf.xml 
Domain 'vm-ovmf' defined from vm-ovmf.xml

# virsh start vm-ovmf 
Domain 'vm-ovmf' started

# cat /var/log/libvirt/virtqemud.log|grep 'to run /usr/bin/swtpm'
2021-12-28 06:32:42.199+0000: 161052: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --pwdfile-fd 25 --cipher aes-256-cbc --tpm-state /var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2 --vmid vm-ovmf:bbd16783-8077-43f3-bf37-3f0c486cc586 --logfile /var/log/swtpm/libvirt/qemu/vm-ovmf-swtpm.log --createek --create-ek-cert --create-platform-cert --lock-nvram --not-overwrite
2021-12-28 06:32:42.286+0000: 161052: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --pwdfile-fd 25 --cipher aes-256-cbc --tpm-state /var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2 --logfile /var/log/swtpm/libvirt/qemu/vm-ovmf-swtpm.log --pcr-banks sha384 --reconfigure
2021-12-28 06:32:42.307+0000: 161052: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/4-vm-ovmf-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/vm-ovmf-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/4-vm-ovmf-swtpm.pid --key pwdfd=25,mode=aes-256-cbc --migration-key pwdfd=27,mode=aes-256-cbc

# grep sha /var/log/swtpm/libvirt/qemu/vm-ovmf-swtpm.log 
Successfully activated PCR banks sha384 among sha1,sha256,sha384,sha512.

# virsh managedsave vm-ovmf 

Domain 'vm-ovmf' state saved by libvirt

# virsh start vm-ovmf 
Domain 'vm-ovmf' started

# virsh migrate vm-ovmf --live qemu+ssh://host***/system --verbose --p2p 
Migration: [100 %]

[root@localhost ~]# tpm2_getrandom --hex 8
m'fc62d68bff15a3
[root@localhost ~]# tpm2_pcrread
sha1:
sha256:
sha384:
  0 : 0x4733994C26A92B2FA846147945864EB788C3D1A55401A0A647008B006DF2878A5609C0491FA1937E5FC56640B3835245
  1 : 0x6C340682CE451190A62A323D3AFA396289725C1BA094A91A32CFBC800486CAD0DC50D88C33C05A15BDAC92F274CB258F
  ...
  23: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
sha512:

Domain rename+start succeed.
Managedsave, restore succeed.


2. Edit to other pcrbanks: sha512, sha1, sha256, multi(all four). Test start managedsave+start, p2p migration, all succeeds.
Pcrread example for multi in guests are like:
sha1:
  0 : 0x9387FA9F5235032AE5A14ADD91A23BFBBFA5209B
  1 : 0x271C15B396906EBDFEE20656149398E63B9BA404
  ...
  23: 0x0000000000000000000000000000000000000000
sha256:
  0 : 0x569200EF16B06BBF5021079F7C9EC661097898528D95A85D0FA2DF6852B57502
  1 : 0x213B7788B0105ABCD8C5A9895A9EFE38549733A8C594565E3B208391582460AD
  ...
  23: 0x0000000000000000000000000000000000000000000000000000000000000000
sha384:
  0 : 0x7E3ED52A368A6F622196F2676578005D4DBF957A305190DC6ED9BDCE123A4C259163A247A64DC8F96F01608BE7958DB9
  1 : 0x6C340682CE451190A62A323D3AFA396289725C1BA094A91A32CFBC800486CAD0DC50D88C33C05A15BDAC92F274CB258F
  ...
  23: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
sha512:
  0 : 0xEAF75EE1076DDA0FC3B9C2FCF22602C5AEB9B56E33A912B0A4F404113F2A45020E80AAF05BAF0F5DF33345063D14FE928CA9C6C59C9FAA98AADB2A45F100EBEA
  1 : 0xA4E7072554849C17A96E062FFD956452CF6F18125A976A54F2E13D8907004232BD2A26313013287208E76D0E3A450AEACB2DBD75EA2B6DA59DD7BECD2F0DE68A
  ...
  23: 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000


3. # virsh define vm-ovmf.xml
error: Failed to define domain from vm-ovmf.xml
error: unsupported configuration: Unsupported PCR banks 'sha224'

# virsh create vm-ovmf.xml
error: Failed to create domain from vm-ovmf.xml
error: unsupported configuration: Unsupported PCR banks 'sha224'

# virsh edit vm-ovmf 
error: XML document failed to validate against schema: Unable to validate doc against /usr/share/libvirt/schemas/domain.rng
Extra element devices in interleave
Element domain failed to validate content

Failed. Try again? [y,n,i,f,?]: 

4. # virsh create vm-ovmf.xml
Domain 'vm-ovmf' created from vm-ovmf.xml

2021-12-28 08:25:07.357+0000: 166130: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm_setup --tpm2 --pwdfile-fd 25 --cipher aes-256-cbc --tpm-state /var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2 --logfile /var/log/swtpm/libvirt/qemu/vm-ovmf-swtpm.log --pcr-banks sha1,sha256,sha384,sha512 --reconfigure
2021-12-28 08:25:07.378+0000: 166130: debug : virCommandRunAsync:2629 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/1-vm-ovmf-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/vm-ovmf-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/1-vm-ovmf-swtpm.pid --key pwdfd=25,mode=aes-256-cbc --migration-key pwdfd=27,mode=aes-256-cbc

Migrate succeed. Tpm works well in guest os.
Comment 19 Michal Privoznik 2022-01-04 08:15:19 UTC 
Patches send upstream to address issue in comment 15:

https://listman.redhat.com/archives/libvir-list/2022-January/msg00047.html
Comment 21 Michal Privoznik 2022-01-04 09:06:10 UTC 
v2:

https://listman.redhat.com/archives/libvir-list/2022-January/msg00066.html
Comment 22 Michal Privoznik 2022-01-04 09:24:35 UTC 
Merged upstream as:

fbe70d9525 conf: Make virDomainTPMDefFormat() return void
dcc278d04e qemuxml2xmloutdata: Turn tpm-*.xml files into symlinks
5e2a368c61 conf: Rework <tpm/> formatting
d00e6dfe6b qemuxml2xmltest: Introduce tpm-emulator-spapr test

v7.10.0-401-gfbe70d9525
Comment 23 Yanqiu Zhang 2022-01-11 09:50:27 UTC 
Hi Michal,

I tested a special scenario thus have a question. Could you help check pls?
After using a <active_pcr_banks>(e.g. sha384) for once guest start, if next time deleting this element, guest will still use last configured pcrbank, not default sha256:

Steps:
1. start guest with sha384
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <encryption secret='e7442270-f813-4e48-a57b-5a5ff9d67ace'/>
        <active_pcr_banks>
          <sha384/>
        </active_pcr_banks>
      </backend>
    </tpm>

#  cat /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2022-01-11 09:18:09.943+0000: 273880: debug : virCommandRunAsync:2630 : About to run /usr/bin/swtpm_setup --tpm2 --pwdfile-fd 27 --cipher aes-256-cbc --tpm-state /var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2 --logfile /var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log --pcr-banks sha384 --reconfigure
2022-01-11 09:18:09.967+0000: 273880: debug : virCommandRunAsync:2630 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/9-avocado-vt-vm1-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/9-avocado-vt-vm1-swtpm.pid --key pwdfd=27,mode=aes-256-cbc --migration-key pwdfd=29,mode=aes-256-cbc

# grep sha /var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log
Successfully activated PCR banks sha384 among sha1,sha256,sha384,sha512.

Login to guest os and check #tpm2_pcrread, only sha384 pcrbank has pcr values.

2. shutdown guest and start again with no pcrbank specified:
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
        <encryption secret='e7442270-f813-4e48-a57b-5a5ff9d67ace'/>
      </backend>
      <alias name='tpm0'/>
    </tpm>

# cat  /var/log/libvirt/virtqemud.log |grep 'to run /usr/bin/swtpm'
2022-01-11 09:19:21.335+0000: 273883: debug : virCommandRunAsync:2630 : About to run /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/10-avocado-vt-vm1-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/bbd16783-8077-43f3-bf37-3f0c486cc586/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log --terminate --tpm2 --pid file=/run/libvirt/qemu/swtpm/10-avocado-vt-vm1-swtpm.pid --key pwdfd=27,mode=aes-256-cbc --migration-key pwdfd=29,mode=aes-256-cbc

# grep sha /var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log
(no new output)

Login to guest os:
# virsh console avocado-vt-vm1 
[root@localhost ~]# tpm2_pcrread
sha1:
sha256:
sha384:
  0 : 0x7E3ED52A368A6F622196F2676578005D4DBF957A305190DC6ED9BDCE123A4C259163A247A64DC8F96F01608BE7958DB9
  1 : 0x6C340682CE451190A62A323D3AFA396289725C1BA094A91A32CFBC800486CAD0DC50D88C33C05A15BDAC92F274CB258F
  ...
  23: 0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
sha512:


Is it an issue? Since it may be confusing when no <active_pcr_banks> in xml:
(1)if <active_pcr_banks> never used before, default pcrbank is sha256.
(2)if <active_pcr_banks> ever used, default pcrbank is the last configured one.
Nowhere to check in libvirt xml(or qemu cmd line), can only be checked by searching previous log or tpm2_pcrread in guest os.

Does libvirt need to call swtpm_setup again to restore to sha256?

Thanks.
Comment 24 Michal Privoznik 2022-01-11 10:23:04 UTC 
(In reply to yanqzhan from comment #23)
> Hi Michal,
> 
> I tested a special scenario thus have a question. Could you help check pls?

Yes, this is very similar to how per-domain NVRAM_VAR store is handled. I mean, if domain specific /var/lib/libvirt/qemu/nvram/* file exists then it is never overwritten, even if domain is switched to BIOS. I don't think this is such common scenario to block this bug. But I agree that we could do something about it. Can you please open a new bug?
Comment 25 Yanqiu Zhang 2022-01-11 10:49:51 UTC 
(In reply to Michal Privoznik from comment #24)
Thank you!
A new bug is bz2039246.
Comment 27 errata-xmlrpc 2022-05-17 12:45:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: libvirt), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2390
Note You need to log in before you can comment on or make changes to this bug.