Verified for linux guest with: libvirt-8.0.0-8.module+el8.7.0+15648+3854f89a.x86_64 qemu-kvm-6.2.0-16.module+el8.7.0+15743+c774064d.x86_64 swtpm-0.7.0-3.20211109gitb79fd91.module+el8.7.0+15743+c774064d.x86_64 libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13725+61ae1949.x86_64 edk2-ovmf-20220126gitbb1bba3d77-2.el8.noarch # fips-mode-setup --check FIPS mode is enabled. # virsh start avocado-vt-vm1 Domain 'avocado-vt-vm1' started # cat /var/log/swtpm/libvirt/qemu/avocado-vt-vm1-swtpm.log ... Successfully created EK certificate locally. Successfully created NVRAM area 0x1c00016 for ECC EK certificate. Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512. Successfully authored TPM state. Ending vTPM manufacturing @ Thu 30 Jun 2022 09:12:43 AM EDT Warning: Disabled OpenSSL FIPS mode And regression test of vtpm auto cases passed on this host.
Verified with Windows guest: kernel: 4.18.0-402.el8.x86_64 qemu-kvm: qemu-kvm-6.2.0-16.module+el8.7.0+15743+c774064d.x86_64 libtpms: libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13725+61ae1949.x86_64 swtpm: swtpm-0.7.0-3.20211109gitb79fd91.module+el8.7.0+15743+c774064d.x86_64 edk2: edk2-ovmf-20220126gitbb1bba3d77-2.el8.noarch # fips-mode-setup --check FIPS mode is enabled. Win11 guest installed successfully and vtpm regression test pass.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Low: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7472