TPM is not working in GNS3 2.3.37

[txutxifel]

Before you start First, I have installed STPM in my system:

Describe the bug I can't get working TPM. I got this error: qemu-system-x86_64: -chardev socket,id=chrtpm,path=/tmp/tmpzt9vjnd9/swtpm.sock: Failed to connect to '/tmp/tmpzt9vjnd9/swtpm.sock': No such file or directory

folder /tmp/tmpzt9vjnd9/ is created, but empty

GNS3 version and operating system (please complete the following information):

• OS: Linux
• GNS3 version 2.3.37
• Any use of the GNS3 VM or remote server _> Local server

To Reproduce -Starting any mv, with the option ticked.

[eantowne]

• Is the account that is running the GNS3 server a member of the libvirt group?
• Also which Linux distro are you using?
• I notice that your SWTPM version is 0.5.3, not sure if there may be an issue with that, @grossmj would be able to provide more information as to minimmum version required.
• Do you have swtpm-tools installed?

[eantowne]

I just tried using TPM, same result as @txutxifel .

OS: Ubuntu 22.10 Kernel: 5.19.0-31-generic GNS3: 2.2.37 (installed via PPA) SWTPM: 0.6.3

qemu-system-x86_64: -chardev socket,id=chrtpm,path=/tmp/tmpzzxi_84r/swtpm.sock: Failed to connect to '/tmp/tmpzzxi_84r/swtpm.sock': No such file or directory

[txutxifel]

My answers

Is the account that is running the GNS3 server a member of the libvirt group?

Yes, It is. I use GNS3 for a long time. I dont have problems with QEMU

which Linux distro are you using? Opensuse 15.4

Do you have swtpm-tools installed? I dont' have this package, I tried to install all packages related to stpm.

[eantowne]

Just tried it with gns3server running as root, still failed. Debug output attached.

gns3-tpm-fail-debug-as-root.txt

[spikefishjohn]

I noticed this in the debug output. Maybe related to a version issue with swtmp?

2023-02-20 09:52:19 INFO qemu_vm.py:2048 Starting swtpm (TPM emulator) with: /usr/bin/swtpm socket --tpm2 --tpmstate dir=/root/GNS3/projects/08c075bc-a451-4e13-9434-8aff59d56359/project-files/qemu/45d130f4-55cd-4fd1-bedd-d3c87e75be72/tpm --ctrl type=unixio,path=/tmp/tmpe4e2jbhd/swtpm.sock,terminate 2023-02-20 09:52:19 INFO qemu_vm.py:2050 swtpm (TPM emulator) has started 2023-02-20 09:52:19 INFO base_node.py:684 Starting new uBridge hypervisor 0.0.0.0:43629 swtpm: Error parsing ctrl options: Unknown option 'terminate' 2023-02-20 09:52:19 DEBUG base_manager.py:529 Searching for image '/root/GNS3/images/QEMU/Client-2-tpm-hda.qcow2' in '/root/GNS3/images/QEMU' 2023-02-20 09:52:19 DEBUG base_manager.py:529 Searching for image '/root/GNS3/images/QEMU/linuxmint-21.1-xfce-64bit.iso' in '/root/GNS3/images/QEMU'

https://www.mankier.com/8/swtpm

`--ctrl type=[unixio|tcp][,path=] [,port=[,bindaddr=

[,ifname=]]] [,fd=|clientfd=] [,mode=<0...>][,uid=][,gid=][,terminate] This option adds a control channel to the TPM. The control channel can either use a UnixIO socket with a given path or filedescriptor or it can use a TCP socket on the given port or filedescriptor. If a port is provided the bind address on which to listen for TCP connections can be provided as well; the default bind address is 127.0.0.1. If a link local IPv6 address is provided, the name of the interface to bind to must be provided with ifname.

The mode parameter allows a user to set the file mode bits of the UnixIO path. The mode bits value must be given as an octal number starting with a '0'. The default value is 0770. uid and gid set the ownership of the UnixIO socket's path. This operation requires root privileges.

The terminate parameter enables the automatic termination of swtpm when the control channel connection has been lost. This is useful in scenarios where the control channel connection is held permanently, such as by QEMU, and swtpm should terminate upon abnormal termination of the client that could not send a CMD_SHUTDOWN via the control channel anymore.

The control channel enables out-of-band control of the TPM, such as resetting the TPM.`

[spikefishjohn]

https://github.com/stefanberger/swtpm/releases

Looks like 0.8.0 was the first version to support "Implement terminate parameter for ctrl channel loss".

Can you upgrade unless @grossmj has a better idea?

[txutxifel]

Hi, Thanks for the help. I upgraded to 0.8.0. Now, TPM is working in GNS3

[spikefishjohn]

I get all the internet points!

[grossmj]

@spikefishjohn thanks! :)

I confirm I used 0.8.0 when a implemented the feature:

swtpm --version
TPM emulator version 0.8.0, Copyright (c) 2014-2022 IBM Corp. and others

I think the code should check the version and require >= 0.8.0 and/or check if swtpm.sock exists before starting Qemu.

[eantowne]

@spikefishjohn Yes, you now have all of the internet points, do not spend them all in one place.

@grossmj This needs to be clearly documented, additionally it should be listed next to the "Enable TPM" check box or in a mousehover notification. Without this documented, this will cause all kinds of issues with people trying to run Windows 11 appliances that require TPM.

Now that I think about it, even if it was a neon sign, it will still cause issues.