search

stefanberger / swtpm

Libtpms-based TPM emulator with socket, character device, and Linux CUSE interface.
Other
577 stars 143 forks source link

tpm-tis cause qemu vm paused #758

Closed ncist2011 closed 2 years ago

ncist2011 commented 2 years ago

env

os: centos7 qemu: qemu-kvm-4.2.0-29.54.el7.5.x86_64 libvirt: libvirt-5.5.0-6.50.x86_64 libtpms: libtpms-0.9.5-1.el7.x86_64 swtpm: swtpm-0.7.4-1.el7.x86_64

problem

when i boot qemu vm with secboot uefi firmware, vm paused.

log

qemu vm log:

KVM internal error. Suberror: 1 emulation failure EAX=00000000 EBX=0081ffd8 ECX=000000ff EDX=00000008 ESI=0081ffd7 EDI=0081fec8 EBP=0081fff0 ESP=0081fe68 EIP=000a0000 EFL=00010046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0008 00000000 ffffffff 00c09300 DPL=0 DS [-WA] CS =0010 00000000 ffffffff 00c09b00 DPL=0 CS32 [-RA] SS =0008 00000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0008 00000000 ffffffff 00c09300 DPL=0 DS [-WA] FS =0008 00000000 ffffffff 00c09300 DPL=0 DS [-WA] GS =0008 00000000 ffffffff 00c09300 DPL=0 DS [-WA] LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy GDT= ffffff30 0000001f IDT= 00000000 00000000 CR0=40000033 CR2=00000000 CR3=00000000 CR4=00000640 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000000 Code=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

swtpm log:

Starting vTPM manufacturing as tss:tss @ Tue 27 Sep 2022 01:50:17 PM CST Successfully created RSA 2048 EK with handle 0x81010001. Invoking /usr/bin/swtpm_localca --type ek --ek c9ee4419392779100a0995525c63518aea6c1f4f0e0f277644eec95e719a14b050340dbdc145e8838cd2cc630ed74275e9346f4145b2468ed1efc2fb7cf49a8b6a801d8547c636aed621355f7d9deeae26a848797abd77a0f779ab99274c80868edfbd75af0e9345f35d84b664cec4594e6ed4fd64ff0b0922f3fa6f57ec9564fde2cf507b32216c59d876cae983ad49b09feb13fb345ef0f52858e6759c638dd3aa233a2b0c2f4b784e05c5a827c237d3bb6cf001259b29b87a3e7b3d541d316df805361d167f7d4ba1fec98f6cfab93874accb8e44a33fcc156a786471c5217a36bfa4e788aa101a7ea338a4482b11b9b71caf397eede96e65d2d706eb6e1f --dir /tmp/swtpm_setup.certs.P9B5S1 --logfile /var/log/swtpm/libvirt/qemu/instance-0001495b-swtpm.log --vmid instance-0001495b:568a3ae5-b902-4c12-8c20-dbe85c2b4622 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options Successfully created EK certificate locally. Invoking /usr/bin/swtpm_localca --type platform --ek c9ee4419392779100a0995525c63518aea6c1f4f0e0f277644eec95e719a14b050340dbdc145e8838cd2cc630ed74275e9346f4145b2468ed1efc2fb7cf49a8b6a801d8547c636aed621355f7d9deeae26a848797abd77a0f779ab99274c80868edfbd75af0e9345f35d84b664cec4594e6ed4fd64ff0b0922f3fa6f57ec9564fde2cf507b32216c59d876cae983ad49b09feb13fb345ef0f52858e6759c638dd3aa233a2b0c2f4b784e05c5a827c237d3bb6cf001259b29b87a3e7b3d541d316df805361d167f7d4ba1fec98f6cfab93874accb8e44a33fcc156a786471c5217a36bfa4e788aa101a7ea338a4482b11b9b71caf397eede96e65d2d706eb6e1f --dir /tmp/swtpm_setup.certs.P9B5S1 --logfile /var/log/swtpm/libvirt/qemu/instance-0001495b-swtpm.log --vmid instance-0001495b:568a3ae5-b902-4c12-8c20-dbe85c2b4622 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options Successfully created platform certificate locally. Successfully created NVRAM area 0x1c00002 for RSA 2048 EK certificate. Successfully created NVRAM area 0x1c08000 for platform certificate. Successfully created ECC EK with handle 0x81010016. Invoking /usr/bin/swtpm_localca --type ek --ek x=edccbd29e850ea6ff9bd97db78925d9a506e2fb858207c1e9f52d89325c92829aeacb591f5c7b0b65e02287723b2d528,y=c1742de4f344beeb29b1ef31076438e1c7779086c74c0cafe6b75dbaf8d63cf4d730d6a1edcbf23a1f9ed660155b8bb3,id=secp384r1 --dir /tmp/swtpm_setup.certs.P9B5S1 --logfile /var/log/swtpm/libvirt/qemu/instance-0001495b-swtpm.log --vmid instance-0001495b:568a3ae5-b902-4c12-8c20-dbe85c2b4622 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options Successfully created EK certificate locally. Successfully created NVRAM area 0x1c00016 for ECC EK certificate. Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512. Successfully authored TPM state. Ending vTPM manufacturing @ Tue 27 Sep 2022 01:50:17 PM CST

vm xml

 <os>

    <type arch='x86_64' machine='pc-q35-rhel8.2.0'>hvm</type>
    <loader readonly='yes' type='pflash'>/usr/share/edk2-fc/share/OVMF/OVMF_CODE.secboot.fd</loader>
    <nvram>/var/lib/libvirt/qemu/nvram/instance-0001495b_VARS.fd</nvram>
    <boot dev='cdrom'/>
    <boot dev='hd'/>
    <smbios mode='sysinfo'/>
  </os> 

<tpm model='tpm-tis'>
       <backend type='emulator' version='2.0'/>
       <alias name='tpm0'/>
 </tpm>

vm paused

# virsh  list
 Id   Name                State
-----------------------------------

 14   instance-0001495b   paused
 15   instance-0001495e   paused
stefanberger commented 2 years ago

I don't see what this has to do with swtpm. You are showing a KVM failure. Is the host CentOS 7? I think you should try again with at least CentOS 8.

ncist2011 commented 2 years ago

I don't see what this has to do with swtpm. You are showing a KVM failure. Is the host CentOS 7? I think you should try again with at least CentOS 8.

I found the root cause: the memory of vm was set to 2KB, vm paused.