Swtpm_setup error when I create a certificate

[ferdinan4]

Hi Stefan!,

When I am trying to create certificates for a tpm2.0 I got an error. I tried to follow your wiki, but it doesn't work for me.

after launch the command : sudo swtpm_setup --tpmstate /tmp/myvtpm2 --create-ek-cert --create-platform-cert --allow-signing --tpm2

Starting vTPM manufacturing as root:root @ Thu 28 Nov 2019 09:33:39 GMT

TPM is listening on TCP port 53659. Error: TPM2_Stirrandom() failed Error: expected: 80 01 00 00 00 0a 00 00 00 00 Error: received: 80 01 00 00 00 0a 00 00 01 d5 Error: TPM2_ChangeEPS() failed Error: expected: 80 02 00 00 00 13 00 00 00 00 00 00 00 00 00 00 01 00 00 Error: received: 80 01 00 00 00 0a 00 00 09 9a Error: tpm2_create_ek failed Error: An error occurred. Authoring the TPM state failed. Ending vTPM manufacturing @ Thu 28 Nov 2019 09:33:39 GMT

any idea?

Thanks in advance

[stefanberger]

I don't know what could be wrong with your setup. The test cases for swtpm cover certificate creation, so does make check succeed, in case you have the sources installed? You should be able to run all these test case with a non-root user.

# ./tests/test_tpm2_swtpm_setup_create_cert
TPM is listening on TCP port 41437.
Test 1: OK
TPM is listening on TCP port 55315.
Test 2: OK
# ./tests/test_tpm2_swtpm_cert
Test 1: OK
Test 2: OK
Test 3: OK
Test 4: OK
# ./tests/test_tpm2_swtpm_cert_ecc
Test 1: OK
Test 2: OK
Test 3: OK
Test 4: OK

[ferdinan4]

Hi Stefan, Sorry for the delay in my answer, I was trying to figure out where it is the problem:

I am doing some modification in the libtpms, in order to add new algorithms (Do you have any example of which files we have to modify to follow as a reference).

I guess at the beguinning that due these modifications, I have this problem:

The tests: [krilin4@localhost tests]$ ./test_tpm2_swtpm_cert_ecc Test 1: OK Test 2: OK Test 3: OK Test 4: OK

[krilin4@localhost tests]$ ./test_tpm2_swtpm_cert Test 1: OK Test 2: OK Test 3: OK Test 4: OK

works well but, the problem it is in [krilin4@localhost swtpm-0.2.0]$ ./tests/test_tpm2_swtpm_setup_create_cert TPM is listening on TCP port 61439. Error: Could not run ./tests/../src/swtpm_setup/swtpm_setup. Logfile output: Starting vTPM manufacturing as krilin4:krilin4 @ Wed 11 Dec 2019 15:44:43 GMT Error: TPM2_Stirrandom() failed Error: expected: 80 01 00 00 00 0a 00 00 00 00 Error: received: 80 01 00 00 00 0a 00 00 01 d5 Error: TPM2_ChangeEPS() failed Error: expected: 80 02 00 00 00 13 00 00 00 00 00 00 00 00 00 00 01 00 00 Error: received: 80 01 00 00 00 0a 00 00 09 9a Error: tpm2_create_ek failed Error: An error occurred. Authoring the TPM state failed. Ending vTPM manufacturing @ Wed 11 Dec 2019 15:44:43 GMT

I found in another issue related with this problem, talking about the permissions of user tss, so after executing this command:

         **sudo chown tss: /tmp/myvtpm2/**

         **sudo swtpm_setup --tpm-state /tmp/myvtpm2 --create-platform-cert --create-ek-cert**

TPM is listening on TCP port 35275. Successfully created EK. TSS is listening on TCP port 46067. Successfully took ownership of the TPM. Invoking: /usr/share/swtpm/swtpm-localca --type ek --ek 9ff971fb37bc085f8dffb6c5969130d28e375fd0d6b60d65bda6cfa520fe5bf54afbb93b7566f6e1f1545b4dc1a5f3ad8408e43ccd0f0a618eb2df7da65f706e1897cd6e262bd61b44836e2c82eb3d72b1f6cb68ed84cc93a114e53144438a886d5e01142fe9eaed29b432b72ad01d24fc06aff3c5aa2b495e377c21bbba63f2f5ed7b711e2d08f2ef2ea4a9827f88d9d0956e5e28faae1c730c3537236ac04de02496c1dc822b34535ea61f580a86cea76559bdb5500408a690092124990d26a91b39d436ddb96b467caddb4104f12cc7f199105c9a6642f2b7682a2c857825d8d47a1b3610aaabb3f8ed0b98e4fd49e57fa9992afd03656d092818617490c3 --dir /tmp/myvtpm2 --tpm-spec-family 1.2 --tpm-spec-level 2 --tpm-spec-revision 116 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:00740001 --configfile "/etc/swtpm-localca.conf" --optsfile "/etc/swtpm-localca.options" swtpm-localca: Creating root CA and a local CA's signing key and issuer cert. swtpm-localca: Successfully created EK certificate locally. Invoking: /usr/share/swtpm/swtpm-localca --type platform --ek 9ff971fb37bc085f8dffb6c5969130d28e375fd0d6b60d65bda6cfa520fe5bf54afbb93b7566f6e1f1545b4dc1a5f3ad8408e43ccd0f0a618eb2df7da65f706e1897cd6e262bd61b44836e2c82eb3d72b1f6cb68ed84cc93a114e53144438a886d5e01142fe9eaed29b432b72ad01d24fc06aff3c5aa2b495e377c21bbba63f2f5ed7b711e2d08f2ef2ea4a9827f88d9d0956e5e28faae1c730c3537236ac04de02496c1dc822b34535ea61f580a86cea76559bdb5500408a690092124990d26a91b39d436ddb96b467caddb4104f12cc7f199105c9a6642f2b7682a2c857825d8d47a1b3610aaabb3f8ed0b98e4fd49e57fa9992afd03656d092818617490c3 --dir /tmp/myvtpm2 --tpm-spec-family 1.2 --tpm-spec-level 2 --tpm-spec-revision 116 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:00740001 --configfile "/etc/swtpm-localca.conf" --optsfile "/etc/swtpm-localca.options" swtpm-localca: Successfully created platform certificate locally. Successfully created NVRAM area for EK certificate. Successfully created NVRAM area for platform certificate. Successfully gave up ownership of the TPM. Successfully enabled and activated the TPM

Successfully authored TPM state.

Looks as it is working properly for TPM 1.2 but not for TPM 2.0.

Any idea about how can I debug or trace this data?

Error: TPM2_Stirrandom() failed Error: expected: 80 01 00 00 00 0a 00 00 00 00 Error: received: 80 01 00 00 00 0a 00 00 01 d5

Error: TPM2_ChangeEPS() failed Error: expected: 80 02 00 00 00 13 00 00 00 00 00 00 00 00 00 00 01 00 00 Error: received: 80 01 00 00 00 0a 00 00 09 9a Error: tpm2_create_ek failed

Many Thanks in advance..

Fernando

[stefanberger]

What algorithm are you trying to add?

[stefanberger]

As for this error here:

Error: TPM2_Stirrandom() failed Error: expected: 80 01 00 00 00 0a 00 00 00 00 Error: received: 80 01 00 00 00 0a 00 00 01 d5

The error code 0x1d5 means 'structure is the wrong size Parameter number 1'. Did you change something on the swtpm_setup side?

[ferdinan4]

No, Just some modification in libtpms. :S

Do you know how can I trace the error?

Thanks

[ferdinan4]

I am trying to add Kyber

[stefanberger]

You could either look for a simpler client tool to cause the issue or you would have to go into swtpm_setup.sh{.in} and add a 'sleep 20' or something like that into the script to give you time to determine the process id of swtpm and then hook gdb via gdb pid <pid> onto swtpm and then set a breakpoint at TPM2_Process or at _rpc__Send_Command to then single step through the code. Another strategy would be to disable some of the code you added to libtpms to see which changes are breaking the client tool.

[stefanberger]

As for Kyper I would suggest to go through the TPM working group to get this [spec'ed and] accepted. Prototyping with libtpms is fine, of course, but TCG needs to accept it and possibly extend specs and add it to the algorithm registry.

[stefanberger]

I don't think I can help with this issue and since this error occurs only after you made modifications to libtpms, can you close it?

[OliverLeitner]

hello there, i am having a possibly related issue...

"Days must be a positive number."

i can confirm this problem with: ubuntu 21.10 ubuntu 21.04

problem does not happen with: debian 11 bullseye ubuntu 20.04 lts windows 11 current windows 10 current

"situation": running libvirt / qemu on a ubuntu 20.04 lts host machine

hardware on host: cpu: intel core i3, passed through to the guest. host is rocking the current generic kernel (also tried with 5.8 "lts kernel" on host, same result)

swtpm version: current from git, built like this: "sudo make clean install"

Starting vTPM manufacturing as tss:tss @ Thu 14 Oct 2021 07:10:31 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek af522c8509e78ab4506a6b6975371d47710406965b1c4b5f6d433ddaa129e16ccf677d0ba620863410372c9874ec64a69e383d255d0923a86bbc050f7ab6f2351ee46e749923b3eeaa00b4f16599fbf050c5d174b0aa803505089f699b503d5f309844850b494e0c564c4a08f680eba3b1b92b81e590ea43e417224c2cf2ba0c597530907aa724b80cefd28e8b620d7a754c34698922e3786674433678e2263847eb7e22f70d943dad86ca92025450ec8753bdd21eb601454fde6c5b32358c79a7176b0026b2366d00f0b566c19c77dbe59e869b10858e730567e5258ac8b1d7be8715babc1133bdf393b7fa7c401ad6813634426c55c8a26204c1f3e572d9a5 --dir /tmp/swtpm_setup.certs.21WIB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.

swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Thu 14 Oct 2021 07:10:31 PM CEST Starting vTPM manufacturing as tss:tss @ Thu 14 Oct 2021 10:23:58 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek c61089aa20e57c23552e60995cd1448508318b6ce197279caefc94755fc37e8dcee08368ff2d4b0b37645c686fd2fa8d07598dbadb2473059f46e3248bc39aebdf55971c8fb9b6120770dfedbbeb3722d9a6c8f653165e73d259959882106706ef28077ddf5809a07380684fb9291dc463baf4c13fb60c61ab3ee35e98ff54b213a0132e2d7706fc09ca2d1f62525555217e974209cfbe49fcb122f1e2bea848f8bbb1e0963ce34b5cf3d8ae1afa4c6ef0a16359b4258cf121bf226a6d23df04efd56c32b5cc61d18fabd898b1ecc7227f36f89218ac5d9ce11d03ef2d7c4100d0bb958182378668b57c41b46b03e3f5b90901fe3836ec7343bbb0a95d3e1097 --dir /tmp/swtpm_setup.certs.TDNHB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.

swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Thu 14 Oct 2021 10:23:58 PM CEST Starting vTPM manufacturing as tss:tss @ Thu 14 Oct 2021 10:24:19 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek 87dec0f3eef318e9bec5ab9c18439aea421b5b85df81a9d621c62ae77726534f443164d1e47fa0730495e009199d96653273f694acc7e443f8ec5c20a105b3b8c33850d88daa0f52fc16ebf1322da276246aa4e0f31de93d23c9d59f34551585d75144b626f6a3980f1d415eb41755786858219148d587b7401745880143cecf25f7602cf3d327e680191c4b1896624ce1e2cab0093d630fd820cf9a75bb24c1299d8e16296182f4dd68137d95f138b2f78ff02c081434b477f1ed9cd91d94deb6d9be78784e174c02dc5c8929416040ba06bc500d4f2b71439ab79f872adae4f2ab369d0760e0a1ef3e5ceabc0787da9f9fc19be804353e7772d8abc0952e93 --dir /tmp/swtpm_setup.certs.3YJBB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.

swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Thu 14 Oct 2021 10:24:19 PM CEST Starting vTPM manufacturing as tss:tss @ Fri 15 Oct 2021 11:09:55 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek a1efbadef5d04d5a8dc73882484326b5674f33e98bf48825f05f48e75a1393ded2ce6d705bfe0a0ea26e02aad7b0f90d7a5ba73886ff19fd6f0d8af34d79029f220d523b491a1f079f7526565e7c58af25364f35bfeeadf8a88c1b864937ca165c6ac3768b7882df3616a886f3b97c848061ca2cc794d9daebd9d0b9e2fb83268d0ee2ccd9e2034129d8550d933378f6be605c152dbcf62ee7ff3ee138400c0469a4136c5c731e558f38addbd44086374719ca142a63edc6b6409d9b368b70d28e17c2d1fb63157c872c2a12be6af85fe3fbf6dad8dc94df17a6e0cc179b12303fe625e0c06196035cd65b6267121e82af934d4c2e2684aff445b5fb98ef569b --dir /tmp/swtpm_setup.certs.0T4XA1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.

swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Fri 15 Oct 2021 11:09:55 PM CEST Starting vTPM manufacturing as tss:tss @ Fri 15 Oct 2021 11:10:05 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek fc14c65366b1732bb101622c9116cb98d8ba2b89026a5aabd892395c758a6dc16f92c103204784083de0dca8c5e542eeb7a344bb44044f7c9da8dff80794d45549d3519b392703c45e66a6d8484b8c77c181dd7d5cf9c3afead6197a1e98724fa914a541b32ed217b827d2699a62804e1a850ff87ea3aa22e1079263be680fae883b06cca3f5022b396ba495b420401daf8b57402d13e3e610cbbc074b934b2f181de0976e0c71aa21ffdf104ef78b4d53a7b111349e2747d6b1d49026a77fd4767ea4ba24a386279a0d01ed75722b2863ea079b3981235fba753da77a28b5d28d6ff520fd6f0885281bc6034abf032095fa1ae4d55232c7f32d28043bcd2fdd --dir /tmp/swtpm_setup.certs.4F1AB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.

swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Fri 15 Oct 2021 11:10:05 PM CEST

[stefanberger]

Did you re-compile swtpm_cert yourself and install it? It sounds like it's an older version of swtpm_cert on your system.

[stefanberger]

This is what the output of the compiled version should be when you are in the swtpm git checkout directory:

./src/swtpm_cert/swtpm_cert --help | grep days -A1
--days <number>           : Number of days the cert is valid;
                            -1 for no expiration

The installed version should have the same:

swtpm_cert --help | grep days -A1
--days <number>           : Number of days the cert is valid;
                            -1 for no expiration

Maybe you don't have gnutls-devel / gnutls-dev package installed on your system and swtpm_cert didn't get built and installed. You need this package and then ./autogen --prefix=/usr again, build, and then install.

[OliverLeitner]

swtpm_cert --help | grep days -A1 --days : Number of days the cert is valid --pem : Write certificate in PEM format; default is DER

8def57f HEAD@{0}: pull: Fast-forward (git reflog top hash)

i havent had "gnutls-dev" installed, however... theres no gutls-dev with ubuntu 20.04 lts, the package i have installed: libgnutls28-dev, which is described as gnutls development headers.

after an ./autogen.sh --prefix=/usr && sudo make clean install, nothing really changed, hes still missing the parameter...

Starting vTPM manufacturing as tss:tss @ Thu 14 Oct 2021 07:10:31 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek af522c8509e78ab4506a6b6975371d47710406965b1c4b5f6d433ddaa129e16ccf677d0ba620863410372c9874ec64a69e383d255d0923a86bbc050f7ab6f2351ee46e749923b3eeaa00b4f16599fbf050c5d174b0aa803505089f699b503d5f309844850b494e0c564c4a08f680eba3b1b92b81e590ea43e417224c2cf2ba0c597530907aa724b80cefd28e8b620d7a754c34698922e3786674433678e2263847eb7e22f70d943dad86ca92025450ec8753bdd21eb601454fde6c5b32358c79a7176b0026b2366d00f0b566c19c77dbe59e869b10858e730567e5258ac8b1d7be8715babc1133bdf393b7fa7c401ad6813634426c55c8a26204c1f3e572d9a5 --dir /tmp/swtpm_setup.certs.21WIB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.

swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Thu 14 Oct 2021 07:10:31 PM CEST Starting vTPM manufacturing as tss:tss @ Thu 14 Oct 2021 10:23:58 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek c61089aa20e57c23552e60995cd1448508318b6ce197279caefc94755fc37e8dcee08368ff2d4b0b37645c686fd2fa8d07598dbadb2473059f46e3248bc39aebdf55971c8fb9b6120770dfedbbeb3722d9a6c8f653165e73d259959882106706ef28077ddf5809a07380684fb9291dc463baf4c13fb60c61ab3ee35e98ff54b213a0132e2d7706fc09ca2d1f62525555217e974209cfbe49fcb122f1e2bea848f8bbb1e0963ce34b5cf3d8ae1afa4c6ef0a16359b4258cf121bf226a6d23df04efd56c32b5cc61d18fabd898b1ecc7227f36f89218ac5d9ce11d03ef2d7c4100d0bb958182378668b57c41b46b03e3f5b90901fe3836ec7343bbb0a95d3e1097 --dir /tmp/swtpm_setup.certs.TDNHB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.

swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Thu 14 Oct 2021 10:23:58 PM CEST Starting vTPM manufacturing as tss:tss @ Thu 14 Oct 2021 10:24:19 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek 87dec0f3eef318e9bec5ab9c18439aea421b5b85df81a9d621c62ae77726534f443164d1e47fa0730495e009199d96653273f694acc7e443f8ec5c20a105b3b8c33850d88daa0f52fc16ebf1322da276246aa4e0f31de93d23c9d59f34551585d75144b626f6a3980f1d415eb41755786858219148d587b7401745880143cecf25f7602cf3d327e680191c4b1896624ce1e2cab0093d630fd820cf9a75bb24c1299d8e16296182f4dd68137d95f138b2f78ff02c081434b477f1ed9cd91d94deb6d9be78784e174c02dc5c8929416040ba06bc500d4f2b71439ab79f872adae4f2ab369d0760e0a1ef3e5ceabc0787da9f9fc19be804353e7772d8abc0952e93 --dir /tmp/swtpm_setup.certs.3YJBB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.

swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Thu 14 Oct 2021 10:24:19 PM CEST Starting vTPM manufacturing as tss:tss @ Fri 15 Oct 2021 11:09:55 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek a1efbadef5d04d5a8dc73882484326b5674f33e98bf48825f05f48e75a1393ded2ce6d705bfe0a0ea26e02aad7b0f90d7a5ba73886ff19fd6f0d8af34d79029f220d523b491a1f079f7526565e7c58af25364f35bfeeadf8a88c1b864937ca165c6ac3768b7882df3616a886f3b97c848061ca2cc794d9daebd9d0b9e2fb83268d0ee2ccd9e2034129d8550d933378f6be605c152dbcf62ee7ff3ee138400c0469a4136c5c731e558f38addbd44086374719ca142a63edc6b6409d9b368b70d28e17c2d1fb63157c872c2a12be6af85fe3fbf6dad8dc94df17a6e0cc179b12303fe625e0c06196035cd65b6267121e82af934d4c2e2684aff445b5fb98ef569b --dir /tmp/swtpm_setup.certs.0T4XA1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.

swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Fri 15 Oct 2021 11:09:55 PM CEST Starting vTPM manufacturing as tss:tss @ Fri 15 Oct 2021 11:10:05 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek fc14c65366b1732bb101622c9116cb98d8ba2b89026a5aabd892395c758a6dc16f92c103204784083de0dca8c5e542eeb7a344bb44044f7c9da8dff80794d45549d3519b392703c45e66a6d8484b8c77c181dd7d5cf9c3afead6197a1e98724fa914a541b32ed217b827d2699a62804e1a850ff87ea3aa22e1079263be680fae883b06cca3f5022b396ba495b420401daf8b57402d13e3e610cbbc074b934b2f181de0976e0c71aa21ffdf104ef78b4d53a7b111349e2747d6b1d49026a77fd4767ea4ba24a386279a0d01ed75722b2863ea079b3981235fba753da77a28b5d28d6ff520fd6f0885281bc6034abf032095fa1ae4d55232c7f32d28043bcd2fdd --dir /tmp/swtpm_setup.certs.4F1AB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.

swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Fri 15 Oct 2021 11:10:05 PM CEST Starting vTPM manufacturing as tss:tss @ Sun 17 Oct 2021 07:03:34 PM CEST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/local/share/swtpm/swtpm-localca --type ek --ek d331cd54f65e1898d63fce65a1eef002d24278e76a7de8069f91e224a8042f5dc09985e21ca376cfb848504e58da4122906f4230203571de42f3a206aaf1d1076d8ad7ba27ff19f78d4254d1d59a20b0792d7f526e243123f4c6d7e463d26c88d68bc8dbb99a059c0cae2a36bd7f4412812a403edd95bb27bd100495e6b507d9ac8da413f8aaa6684bda6966ae14009b1a9577c5b238fe44b7a731e029e0867e651b56122c0b6ae9e02e56ebe9f3e1866d8d3ac1d1cf569b13c9c91314589b98db4ccd1d237e1e98a02ba9f8b9d94597d6e109cb79a929078b5eae3a0d699f9db8e0e7043588df61c2b8c88182c3966ecd2e8f725a9e1d4ce00d9ddd4f69bb2d --dir /tmp/swtpm_setup.certs.X2TCB1 --logfile /var/log/swtpm/libvirt/qemu/ubuntu2110-swtpm.log --vmid ubuntu2110:c685c55f-fdee-4d85-af20-cac9ee28ca28 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /usr/local/etc/swtpm-localca.conf --optsfile /usr/local/etc/swtpm-localca.options Could not create EK certificate locally Days must be a positive number.

swtpm-localca exit with status 256: An error occurred. Authoring the TPM state failed. Error getting next filename: No child processes Ending vTPM manufacturing @ Sun 17 Oct 2021 07:03:34 PM CEST

[stefanberger]

The name of the package on Ubuntu is gnutls-dev. You have to see this configure/autogen.sh output to have swtpm_cert built:

[...]
with_gnutls     :   yes  (no = swtpm_cert will NOT be built)
[...]

[OliverLeitner]

[...] with_gnutls : yes (no = swtpm_cert will NOT be built) [...]

seems to be ready...

about the package name... that is weird, because:

---

apt-cache search gnutls gnutls-doc - GNU-TLS-Bibliothek - Dokumentation und Beispiele libcurl3-gnutls - Einfach nutzbare Client-Bibliothek für URL-Übertragungen (GnuTLS-Variante) libcurl4-gnutls-dev - Entwicklungsdateien und Dokumentation für libcurl (GnuTLS-Variante) libgnutls-dane0 - GNU-TLS-Bibliothek - Unterstützung für DNS-based Authentication of Named Entities libgnutls-openssl27 - Die GNU TLS Bibliothek – OpenSSL-Wrapper libgnutls28-dev - GNU-TLS-Bibliothek - Entwicklungsdateien libgnutls30 - GNU TLS library - main runtime library libgnutlsxx28 - Die GNU TLS Bibliothek – C++-Laufzeit-Bibliothek libneon27-gnutls - HTTP- und WebDAV-Clientbibliothek (GnuTLS aktiviert) libsoup-gnome2.4-1 - C-Implementierung einer HTTP-Bibliothek -- GNOME-Unterstützungs-Bibliothek libsoup-gnome2.4-dev - HTTP library implementation in C -- GNOME support development files libsoup2.4-1 - Implementierung der HTTP-Bibliothek in C – Gemeinsame Bibliothek libsoup2.4-dev - HTTP library implementation in C -- Development files libsoup2.4-doc - HTTP library implementation in C -- API Reference libxmlsec1-gnutls - Gnutls Maschine für die XML-Sicherheitsbibliothek python-pycurl-doc - Python bindings to libcurl (documentation) python3-pycurl - Python-Anbindungen für Libcurl (Python 3) python3-pycurl-dbg - Python bindings to libcurl (debug extension, Python 3) libneon27-gnutls-dbg - Detached symbols for libneon27 (GnuTLS enabled) libneon27-gnutls-dev - Header and static library files for libneon27 (GnuTLS enabled) cadaver - Kommandozeilenclient für WebDAV gnutls-bin - GNU-TLS-Bibliothek - Befehlszeilen-Hilfsprogramme guile-gnutls - GNU TLS library - GNU Guile bindings libapr-memcache-dev - memcache client - development libraries libapr-memcache0 - memcache-Client - Laufzeitbibliothek libghc-cipher-aes-dev - Fast AES cipher implementation libghc-cipher-aes-doc - Fast AES cipher implementation; documentation libghc-cipher-aes-prof - Fast AES cipher implementation; profiling libraries libghc-gnutls-doc - bindings for GNU TLS; documentation libghc-gnutls-prof - bindings for GNU TLS; profiling libraries libjwt-gnutls-dev - Development files for libjwt - GnuTLS flavour libopendht-dev - Development files for the libopendht library mailutils-imap4d - Mailutils-basierter IMAP4-Dämon mailutils-pop3d - Mailutils-basierter POP3-Dämon mcrypt - Ersatz für das alte Unix-Programm crypt(1) python-pycurl - Python-Anbindungen für Libcurl python-pycurl-dbg - Python bindings to libcurl (debug extension) tclcurl - Tcl bindings to libcurl crypto-policies - unify the crypto policies used by different applications and libraries dhtnode - OpenDHT node binary libapache2-mod-gnutls - Apache module for TLS encryption with GnuTLS libghc-gnutls-dev - bindings for GNU TLS libjs-strophe - Library for writing XMPP clients libjwt-gnutls0 - C library to handle JWT (JSON Web Token) - GnuTLS flavour rsyslog-gnutls - TLS protocol support for rsyslog (GnuTLS) uacme - Lightweight client for the RFC8555 ACMEv2 protocol

lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.3 LTS Release: 20.04 Codename: focal

[OliverLeitner]

also... which swtpm_cert /usr/local/bin/swtpm_cert

i might add, that the swtpm_cert bin is from september, so theres that... so youre on the right route, however...

2622044 132K -rwxr-xr-x 1 root root 129K Sep 19 01:15 /usr/local/bin/swtpm_cert

[OliverLeitner]

build log:

Making clean in include make[1]: Verzeichnis „/storage4/git/swtpm/include“ wird betreten Making clean in swtpm make[2]: Verzeichnis „/storage4/git/swtpm/include/swtpm“ wird betreten rm -rf .libs _libs rm -f .lo make[2]: Verzeichnis „/storage4/git/swtpm/include/swtpm“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/include“ wird betreten rm -rf .libs _libs rm -f .lo make[2]: Verzeichnis „/storage4/git/swtpm/include“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm/include“ wird verlassen Making clean in man make[1]: Verzeichnis „/storage4/git/swtpm/man“ wird betreten Making clean in man3 make[2]: Verzeichnis „/storage4/git/swtpm/man/man3“ wird betreten rm -rf .libs _libs rm -f .lo make[2]: Verzeichnis „/storage4/git/swtpm/man/man3“ wird verlassen Making clean in man8 make[2]: Verzeichnis „/storage4/git/swtpm/man/man8“ wird betreten test -z "swtpm.8 swtpm_bios.8 swtpm_cert.8 swtpm_ioctl.8 swtpm_localca.8 swtpm_setup.8 swtpm_setup.conf.8 swtpm-create-tpmca.8 swtpm-localca.options.8 swtpm-localca.conf.8 " || rm -f swtpm.8 swtpm_bios.8 swtpm_cert.8 swtpm_ioctl.8 swtpm_localca.8 swtpm_setup.8 swtpm_setup.conf.8 swtpm-create-tpmca.8 swtpm-localca.options.8 swtpm-localca.conf.8 rm -rf .libs _libs rm -f .lo make[2]: Verzeichnis „/storage4/git/swtpm/man/man8“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/man“ wird betreten rm -rf .libs _libs rm -f .lo make[2]: Verzeichnis „/storage4/git/swtpm/man“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm/man“ wird verlassen Making clean in samples make[1]: Verzeichnis „/storage4/git/swtpm/samples“ wird betreten rm -rf .libs _libs rm -f .lo make[1]: Verzeichnis „/storage4/git/swtpm/samples“ wird verlassen Making clean in src make[1]: Verzeichnis „/storage4/git/swtpm/src“ wird betreten Making clean in utils make[2]: Verzeichnis „/storage4/git/swtpm/src/utils“ wird betreten rm -rf .libs _libs test -z "libswtpm_utils.la" || rm -f libswtpm_utils.la rm -f ./so_locations rm -f .o rm -f .lo make[2]: Verzeichnis „/storage4/git/swtpm/src/utils“ wird verlassen Making clean in swtpm make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm“ wird betreten rm -f swtpm test -z ".gcno .gcda .gcov" || rm -f .gcno .gcda .gcov rm -rf .libs _libs test -z "libswtpm_libtpms.la" || rm -f libswtpm_libtpms.la rm -f ./so_locations rm -f .o rm -f .lo make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm“ wird verlassen Making clean in swtpm_bios make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_bios“ wird betreten rm -f swtpm_bios test -z ".gcno .gcda .gcov" || rm -f .gcno .gcda .gcov rm -rf .libs _libs rm -f .o rm -f .lo make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_bios“ wird verlassen Making clean in swtpm_cert make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_cert“ wird betreten rm -f swtpm_cert test -z ".gcno .gcda .gcov" || rm -f .gcno .gcda .gcov rm -rf .libs _libs rm -f .o rm -f .lo make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_cert“ wird verlassen Making clean in swtpm_ioctl make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_ioctl“ wird betreten rm -f swtpm_ioctl test -z ".gcno .gcda .gcov" || rm -f .gcno .gcda .gcov rm -rf .libs _libs rm -f .o rm -f .lo make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_ioctl“ wird verlassen Making clean in swtpm_localca make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_localca“ wird betreten rm -f swtpm_localca rm -rf .libs _libs rm -f .o rm -f .lo make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_localca“ wird verlassen Making clean in swtpm_setup make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_setup“ wird betreten rm -f swtpm_setup test -z ".gcno .gcda .gcov" || rm -f .gcno .gcda .gcov rm -rf .libs _libs rm -f .o rm -f .lo make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_setup“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src“ wird betreten rm -rf .libs _libs rm -f .lo make[2]: Verzeichnis „/storage4/git/swtpm/src“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm/src“ wird verlassen Making clean in tests make[1]: Verzeichnis „/storage4/git/swtpm/tests“ wird betreten rm -rf .libs _libs test -z "test_vtpm_proxy.log test_tpm2_vtpm_proxy.log test_commandline.log test_ctrlchannel.log test_ctrlchannel2.log test_ctrlchannel3.log test_ctrlchannel4.log test_encrypted_state.log test_getcap.log test_hashing.log test_hashing2.log test_init.log test_locality.log test_migration_key.log test_parameters.log test_resume_volatile.log test_save_load_encrypted_state.log test_save_load_state.log test_setbuffersize.log test_volatilestate.log test_swtpm_bios.log test_tpm_probe.log test_tpm12.log test_wrongorder.log test_print_capabilities.log test_print_states.log test_swtpm_setup_overwrite.log test_swtpm_setup_file_backend.log test_swtpm_setup_misc.log test_tpm2_ctrlchannel2.log test_tpm2_derived_keys.log test_tpm2_encrypted_state.log test_tpm2_init.log test_tpm2_file_permissions.log test_tpm2_getcap.log test_tpm2_locality.log test_tpm2_hashing.log test_tpm2_hashing2.log test_tpm2_hashing3.log test_tpm2_migration_key.log test_tpm2_partial_reads.log test_tpm2_print_capabilities.log test_tpm2_print_states.log test_tpm2_resume_volatile.log test_tpm2_savestate.log test_tpm2_save_load_encrypted_state.log test_tpm2_save_load_state.log test_tpm2_save_load_state_2.log test_tpm2_save_load_state_2_linear.log test_tpm2_save_load_state_2_block.log test_tpm2_save_load_state_3.log test_tpm2_save_load_state_da_timeout.log test_tpm2_setbuffersize.log test_tpm2_volatilestate.log test_tpm2_wrongorder.log test_tpm2_probe.log test_tpm2_swtpm_bios.log test_tpm2_ibmtss2.log test_tpm2_swtpm_setup_overwrite.log test_samples_create_tpmca.log test_swtpm_cert.log test_swtpm_setup_create_cert.log test_tpm2_parameters.log test_tpm2_swtpm_cert.log test_tpm2_swtpm_cert_ecc.log test_tpm2_swtpm_localca.log test_tpm2_swtpm_localca_pkcs11.log test_tpm2_swtpm_setup_create_cert.log" || rm -f test_vtpm_proxy.log test_tpm2_vtpm_proxy.log test_commandline.log test_ctrlchannel.log test_ctrlchannel2.log test_ctrlchannel3.log test_ctrlchannel4.log test_encrypted_state.log test_getcap.log test_hashing.log test_hashing2.log test_init.log test_locality.log test_migration_key.log test_parameters.log test_resume_volatile.log test_save_load_encrypted_state.log test_save_load_state.log test_setbuffersize.log test_volatilestate.log test_swtpm_bios.log test_tpm_probe.log test_tpm12.log test_wrongorder.log test_print_capabilities.log test_print_states.log test_swtpm_setup_overwrite.log test_swtpm_setup_file_backend.log test_swtpm_setup_misc.log test_tpm2_ctrlchannel2.log test_tpm2_derived_keys.log test_tpm2_encrypted_state.log test_tpm2_init.log test_tpm2_file_permissions.log test_tpm2_getcap.log test_tpm2_locality.log test_tpm2_hashing.log test_tpm2_hashing2.log test_tpm2_hashing3.log test_tpm2_migration_key.log test_tpm2_partial_reads.log test_tpm2_print_capabilities.log test_tpm2_print_states.log test_tpm2_resume_volatile.log test_tpm2_savestate.log test_tpm2_save_load_encrypted_state.log test_tpm2_save_load_state.log test_tpm2_save_load_state_2.log test_tpm2_save_load_state_2_linear.log test_tpm2_save_load_state_2_block.log test_tpm2_save_load_state_3.log test_tpm2_save_load_state_da_timeout.log test_tpm2_setbuffersize.log test_tpm2_volatilestate.log test_tpm2_wrongorder.log test_tpm2_probe.log test_tpm2_swtpm_bios.log test_tpm2_ibmtss2.log test_tpm2_swtpm_setup_overwrite.log test_samples_create_tpmca.log test_swtpm_cert.log test_swtpm_setup_create_cert.log test_tpm2_parameters.log test_tpm2_swtpm_cert.log test_tpm2_swtpm_cert_ecc.log test_tpm2_swtpm_localca.log test_tpm2_swtpm_localca_pkcs11.log test_tpm2_swtpm_setup_create_cert.log test -z "test_vtpm_proxy.trs test_tpm2_vtpm_proxy.trs test_commandline.trs test_ctrlchannel.trs test_ctrlchannel2.trs test_ctrlchannel3.trs test_ctrlchannel4.trs test_encrypted_state.trs test_getcap.trs test_hashing.trs test_hashing2.trs test_init.trs test_locality.trs test_migration_key.trs test_parameters.trs test_resume_volatile.trs test_save_load_encrypted_state.trs test_save_load_state.trs test_setbuffersize.trs test_volatilestate.trs test_swtpm_bios.trs test_tpm_probe.trs test_tpm12.trs test_wrongorder.trs test_print_capabilities.trs test_print_states.trs test_swtpm_setup_overwrite.trs test_swtpm_setup_file_backend.trs test_swtpm_setup_misc.trs test_tpm2_ctrlchannel2.trs test_tpm2_derived_keys.trs test_tpm2_encrypted_state.trs test_tpm2_init.trs test_tpm2_file_permissions.trs test_tpm2_getcap.trs test_tpm2_locality.trs test_tpm2_hashing.trs test_tpm2_hashing2.trs test_tpm2_hashing3.trs test_tpm2_migration_key.trs test_tpm2_partial_reads.trs test_tpm2_print_capabilities.trs test_tpm2_print_states.trs test_tpm2_resume_volatile.trs test_tpm2_savestate.trs test_tpm2_save_load_encrypted_state.trs test_tpm2_save_load_state.trs test_tpm2_save_load_state_2.trs test_tpm2_save_load_state_2_linear.trs test_tpm2_save_load_state_2_block.trs test_tpm2_save_load_state_3.trs test_tpm2_save_load_state_da_timeout.trs test_tpm2_setbuffersize.trs test_tpm2_volatilestate.trs test_tpm2_wrongorder.trs test_tpm2_probe.trs test_tpm2_swtpm_bios.trs test_tpm2_ibmtss2.trs test_tpm2_swtpm_setup_overwrite.trs test_samples_create_tpmca.trs test_swtpm_cert.trs test_swtpm_setup_create_cert.trs test_tpm2_parameters.trs test_tpm2_swtpm_cert.trs test_tpm2_swtpm_cert_ecc.trs test_tpm2_swtpm_localca.trs test_tpm2_swtpm_localca_pkcs11.trs test_tpm2_swtpm_setup_create_cert.trs" || rm -f test_vtpm_proxy.trs test_tpm2_vtpm_proxy.trs test_commandline.trs test_ctrlchannel.trs test_ctrlchannel2.trs test_ctrlchannel3.trs test_ctrlchannel4.trs test_encrypted_state.trs test_getcap.trs test_hashing.trs test_hashing2.trs test_init.trs test_locality.trs test_migration_key.trs test_parameters.trs test_resume_volatile.trs test_save_load_encrypted_state.trs test_save_load_state.trs test_setbuffersize.trs test_volatilestate.trs test_swtpm_bios.trs test_tpm_probe.trs test_tpm12.trs test_wrongorder.trs test_print_capabilities.trs test_print_states.trs test_swtpm_setup_overwrite.trs test_swtpm_setup_file_backend.trs test_swtpm_setup_misc.trs test_tpm2_ctrlchannel2.trs test_tpm2_derived_keys.trs test_tpm2_encrypted_state.trs test_tpm2_init.trs test_tpm2_file_permissions.trs test_tpm2_getcap.trs test_tpm2_locality.trs test_tpm2_hashing.trs test_tpm2_hashing2.trs test_tpm2_hashing3.trs test_tpm2_migration_key.trs test_tpm2_partial_reads.trs test_tpm2_print_capabilities.trs test_tpm2_print_states.trs test_tpm2_resume_volatile.trs test_tpm2_savestate.trs test_tpm2_save_load_encrypted_state.trs test_tpm2_save_load_state.trs test_tpm2_save_load_state_2.trs test_tpm2_save_load_state_2_linear.trs test_tpm2_save_load_state_2_block.trs test_tpm2_save_load_state_3.trs test_tpm2_save_load_state_da_timeout.trs test_tpm2_setbuffersize.trs test_tpm2_volatilestate.trs test_tpm2_wrongorder.trs test_tpm2_probe.trs test_tpm2_swtpm_bios.trs test_tpm2_ibmtss2.trs test_tpm2_swtpm_setup_overwrite.trs test_samples_create_tpmca.trs test_swtpm_cert.trs test_swtpm_setup_create_cert.trs test_tpm2_parameters.trs test_tpm2_swtpm_cert.trs test_tpm2_swtpm_cert_ecc.trs test_tpm2_swtpm_localca.trs test_tpm2_swtpm_localca_pkcs11.trs test_tpm2_swtpm_setup_create_cert.trs test -z "test-suite.log" || rm -f test-suite.log rm -f .lo make[1]: Verzeichnis „/storage4/git/swtpm/tests“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm“ wird betreten rm -rf .libs _libs rm -f *.lo make[1]: Verzeichnis „/storage4/git/swtpm“ wird verlassen Making install in include make[1]: Verzeichnis „/storage4/git/swtpm/include“ wird betreten Making install in swtpm make[2]: Verzeichnis „/storage4/git/swtpm/include/swtpm“ wird betreten make[3]: Verzeichnis „/storage4/git/swtpm/include/swtpm“ wird betreten make[3]: Für das Ziel „install-exec-am“ ist nichts zu tun. /usr/bin/mkdir -p '/usr/include/swtpm' /usr/bin/install -c -m 644 tpm_ioctl.h '/usr/include/swtpm' make[3]: Verzeichnis „/storage4/git/swtpm/include/swtpm“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/include/swtpm“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/include“ wird betreten make[3]: Verzeichnis „/storage4/git/swtpm/include“ wird betreten make[3]: Für das Ziel „install-exec-am“ ist nichts zu tun. make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/include“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/include“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm/include“ wird verlassen Making install in man make[1]: Verzeichnis „/storage4/git/swtpm/man“ wird betreten Making install in man3 make[2]: Verzeichnis „/storage4/git/swtpm/man/man3“ wird betreten make[3]: Verzeichnis „/storage4/git/swtpm/man/man3“ wird betreten make[3]: Für das Ziel „install-exec-am“ ist nichts zu tun. /usr/bin/mkdir -p '/usr/share/man/man3' /usr/bin/install -c -m 644 swtpm_ioctls.3 '/usr/share/man/man3' make[3]: Verzeichnis „/storage4/git/swtpm/man/man3“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/man/man3“ wird verlassen Making install in man8 make[2]: Verzeichnis „/storage4/git/swtpm/man/man8“ wird betreten make[3]: Verzeichnis „/storage4/git/swtpm/man/man8“ wird betreten make[3]: Für das Ziel „install-exec-am“ ist nichts zu tun. /usr/bin/mkdir -p '/usr/share/man/man8' /usr/bin/install -c -m 644 swtpm.8 swtpm_bios.8 swtpm_cert.8 swtpm_ioctl.8 swtpm_localca.8 swtpm_setup.8 swtpm_setup.conf.8 swtpm-create-tpmca.8 swtpm-localca.options.8 swtpm-localca.conf.8 swtpm-localca.8 '/usr/share/man/man8' make[3]: Verzeichnis „/storage4/git/swtpm/man/man8“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/man/man8“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/man“ wird betreten make[3]: Verzeichnis „/storage4/git/swtpm/man“ wird betreten make[3]: Für das Ziel „install-exec-am“ ist nichts zu tun. make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/man“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/man“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm/man“ wird verlassen Making install in samples make[1]: Verzeichnis „/storage4/git/swtpm/samples“ wird betreten make[2]: Verzeichnis „/storage4/git/swtpm/samples“ wird betreten make[2]: Für das Ziel „install-exec-am“ ist nichts zu tun. /usr/bin/mkdir -p /var/lib/swtpm-localca if test -z ; then \ chown -R tss:root /var/lib/swtpm-localca || true; \ chmod 0750 /var/lib/swtpm-localca || true; \ fi /usr/bin/mkdir -p '/usr/share/swtpm' /usr/bin/install -c swtpm-create-tpmca swtpm-create-user-config-files swtpm-localca '/usr/share/swtpm' /usr/bin/mkdir -p '/etc' /usr/bin/install -c -m 644 swtpm-localca.conf swtpm-localca.options swtpm_setup.conf '/etc' make[2]: Verzeichnis „/storage4/git/swtpm/samples“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm/samples“ wird verlassen Making install in src make[1]: Verzeichnis „/storage4/git/swtpm/src“ wird betreten Making install in utils make[2]: Verzeichnis „/storage4/git/swtpm/src/utils“ wird betreten CC libswtpm_utils_la-swtpm_utils.lo CCLD libswtpm_utils.la make[3]: Verzeichnis „/storage4/git/swtpm/src/utils“ wird betreten make[3]: Für das Ziel „install-exec-am“ ist nichts zu tun. make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/src/utils“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src/utils“ wird verlassen Making install in swtpm make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm“ wird betreten CC swtpm-main.o CC swtpm-osx.o CC swtpm-swtpm.o CC swtpm-swtpm_chardev.o CC libswtpm_libtpms_la-capabilities.lo CC libswtpm_libtpms_la-common.lo CC libswtpm_libtpms_la-ctrlchannel.lo CC libswtpm_libtpms_la-key.lo CC libswtpm_libtpms_la-logging.lo CC libswtpm_libtpms_la-mainloop.lo CC libswtpm_libtpms_la-options.lo CC libswtpm_libtpms_la-pidfile.lo CC libswtpm_libtpms_la-seccomp_profile.lo CC libswtpm_libtpms_la-server.lo CC libswtpm_libtpms_la-swtpm_aes.lo CC libswtpm_libtpms_la-swtpm_debug.lo CC libswtpm_libtpms_la-swtpm_io.lo CC libswtpm_libtpms_la-swtpm_nvstore.lo CC libswtpm_libtpms_la-swtpm_nvstore_dir.lo CC libswtpm_libtpms_la-swtpm_nvstore_linear.lo CC libswtpm_libtpms_la-swtpm_nvstore_linear_file.lo CC libswtpm_libtpms_la-tlv.lo CC libswtpm_libtpms_la-tpmlib.lo CC libswtpm_libtpms_la-tpmstate.lo CC libswtpm_libtpms_la-utils.lo CCLD libswtpm_libtpms.la CCLD swtpm make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm“ wird betreten /usr/bin/mkdir -p '/usr/bin' /bin/bash ../../libtool --mode=install /usr/bin/install -c swtpm '/usr/bin' libtool: install: /usr/bin/install -c .libs/swtpm /usr/bin/swtpm /usr/bin/mkdir -p '/usr/lib/swtpm' /bin/bash ../../libtool --mode=install /usr/bin/install -c libswtpm_libtpms.la '/usr/lib/swtpm' libtool: install: /usr/bin/install -c .libs/libswtpm_libtpms.so.0.0.0 /usr/lib/swtpm/libswtpm_libtpms.so.0.0.0 libtool: install: (cd /usr/lib/swtpm && { ln -s -f libswtpm_libtpms.so.0.0.0 libswtpm_libtpms.so.0 || { rm -f libswtpm_libtpms.so.0 && ln -s libswtpm_libtpms.so.0.0.0 libswtpm_libtpms.so.0; }; }) libtool: install: (cd /usr/lib/swtpm && { ln -s -f libswtpm_libtpms.so.0.0.0 libswtpm_libtpms.so || { rm -f libswtpm_libtpms.so && ln -s libswtpm_libtpms.so.0.0.0 libswtpm_libtpms.so; }; }) libtool: install: /usr/bin/install -c .libs/libswtpm_libtpms.lai /usr/lib/swtpm/libswtpm_libtpms.la libtool: install: /usr/bin/install -c .libs/libswtpm_libtpms.a /usr/lib/swtpm/libswtpm_libtpms.a libtool: install: chmod 644 /usr/lib/swtpm/libswtpm_libtpms.a libtool: install: ranlib /usr/lib/swtpm/libswtpm_libtpms.a libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/sbin" ldconfig -n /usr/lib/swtpm

Libraries have been installed in: /usr/lib/swtpm

If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the '-LLIBDIR' flag during linking and do at least one of the following:

• add LIBDIR to the 'LD_LIBRARY_PATH' environment variable during execution
• add LIBDIR to the 'LD_RUN_PATH' environment variable during linking
• use the '-Wl,-rpath -Wl,LIBDIR' linker flag
• have your system administrator add LIBDIR to '/etc/ld.so.conf'

See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages.

make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm“ wird verlassen Making install in swtpm_bios make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_bios“ wird betreten CC swtpm_bios-tpm_bios.o CCLD swtpm_bios make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_bios“ wird betreten /usr/bin/mkdir -p '/usr/bin' /bin/bash ../../libtool --mode=install /usr/bin/install -c swtpm_bios '/usr/bin' libtool: install: /usr/bin/install -c swtpm_bios /usr/bin/swtpm_bios make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_bios“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_bios“ wird verlassen Making install in swtpm_cert make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_cert“ wird betreten CC swtpm_cert-ek-cert.o CCLD swtpm_cert make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_cert“ wird betreten /usr/bin/mkdir -p '/usr/bin' /bin/bash ../../libtool --mode=install /usr/bin/install -c swtpm_cert '/usr/bin' libtool: install: /usr/bin/install -c swtpm_cert /usr/bin/swtpm_cert make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_cert“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_cert“ wird verlassen Making install in swtpm_ioctl make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_ioctl“ wird betreten CC swtpm_ioctl-tpm_ioctl.o CCLD swtpm_ioctl make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_ioctl“ wird betreten /usr/bin/mkdir -p '/usr/bin' /bin/bash ../../libtool --mode=install /usr/bin/install -c swtpm_ioctl '/usr/bin' libtool: install: /usr/bin/install -c swtpm_ioctl /usr/bin/swtpm_ioctl make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_ioctl“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_ioctl“ wird verlassen Making install in swtpm_localca make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_localca“ wird betreten CC swtpm_localca-swtpm_localca.o CC swtpm_localca-swtpm_localca_utils.o CCLD swtpm_localca make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_localca“ wird betreten /usr/bin/mkdir -p '/usr/bin' /bin/bash ../../libtool --mode=install /usr/bin/install -c swtpm_localca '/usr/bin' libtool: install: /usr/bin/install -c swtpm_localca /usr/bin/swtpm_localca make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_localca“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_localca“ wird verlassen Making install in swtpm_setup make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_setup“ wird betreten CC swtpm_setup-swtpm.o CC swtpm_setup-swtpm_setup.o CC swtpm_setup-swtpm_setup_utils.o CC swtpm_setup-swtpm_backend_dir.o CC swtpm_setup-swtpm_backend_file.o CCLD swtpm_setup make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_setup“ wird betreten /usr/bin/mkdir -p '/usr/bin' /bin/bash ../../libtool --mode=install /usr/bin/install -c swtpm_setup '/usr/bin' libtool: install: /usr/bin/install -c swtpm_setup /usr/bin/swtpm_setup make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/src/swtpm_setup“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src/swtpm_setup“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src“ wird betreten make[3]: Verzeichnis „/storage4/git/swtpm/src“ wird betreten make[3]: Für das Ziel „install-exec-am“ ist nichts zu tun. make[3]: Für das Ziel „install-data-am“ ist nichts zu tun. make[3]: Verzeichnis „/storage4/git/swtpm/src“ wird verlassen make[2]: Verzeichnis „/storage4/git/swtpm/src“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm/src“ wird verlassen Making install in tests make[1]: Verzeichnis „/storage4/git/swtpm/tests“ wird betreten make[2]: Verzeichnis „/storage4/git/swtpm/tests“ wird betreten make[2]: Für das Ziel „install-exec-am“ ist nichts zu tun. make[2]: Für das Ziel „install-data-am“ ist nichts zu tun. make[2]: Verzeichnis „/storage4/git/swtpm/tests“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm/tests“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm“ wird betreten cd . && /bin/bash ./config.status config.h config.status: creating config.h config.status: config.h is unchanged make[2]: Verzeichnis „/storage4/git/swtpm“ wird betreten make[2]: Für das Ziel „install-exec-am“ ist nichts zu tun. make[2]: Für das Ziel „install-data-am“ ist nichts zu tun. make[2]: Verzeichnis „/storage4/git/swtpm“ wird verlassen make[1]: Verzeichnis „/storage4/git/swtpm“ wird verlassen

[stefanberger]

If you have an older version on your system you will have to install the newer version on top of the older one or remove the older one first like this unless you can remove it as a package:

./configure --prefix=/usr/local
sudo make uninstall
./configure --prefix=/usr
make -j32
sudo make install

[OliverLeitner]

hello stefan

thanks for the tip

moving the installation directory to /usr rather than /usr/local somehow helped. swtpm_cert got build there.

[stefanberger]

All set now?

[OliverLeitner]

a simple uninstall and reinstall in /usr/local didnt set it though, i had to first change directories...