Project

General

Profile

Actions

action #107155

closed

[tools][tw][sle][QEMUTPM][tpm2.0] swtpm devices need to be clear once test done

Added by rfan1 over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
Feature requests
Target version:
Start date:
2022-02-21
Due date:
% Done:

0%

Estimated time:

Description

Description

Hello tool team expterts:

https://progress.opensuse.org/issues/107107
https://progress.opensuse.org/issues/107044

May I ask for your kindly help to fix this issue? the issue can be seen on both x86_64 and aarch64 platforms.

If I re-run the tests [e.g. http://openqa.suse.de/tests/8202488]

It can't pass any more. so I am wondering there might be some issue with backend swtpm socket.

I tried to debug it a bit, and found that in our workers, after tests completed, there still be some files there. it may impact later tests.

Error message from openqa:
WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2)
Error: Generating key failed
Key could not be generated.

From the error messages, we can see the tpm devices are not in clean status.

tpm2_rc_decode -V 0x000009a2

tpm:session(1):authorization failure without DA implications


I tried to login to the worker, and found some stale files there. can you please do some enhancements here if possible?
Remove the file once test done
#/tmp/mytpm1> ll
total 8
-rw-r----- 1 _openqa-worker nogroup 1185 Dec 27 15:04 tpm-00.permall
-rw-r----- 1 _openqa-worker nogroup 1214 Feb 21 08:51 tpm2-00.permall

Workaround

IMO, remove the tpm2-00.permall should be fine


Related issues 4 (0 open4 closed)

Related to openQA Tests - action #107107: [Tumbleweed][security] test fails in tpm2_engine_rsa_operationResolvedrfan12022-02-18

Actions
Related to openQA Tests - action #107044: [sle][security][sle15sp4][swtpm] test fails in tpm2_engine_rsa_operationResolvedrfan12022-02-18

Actions
Related to openQA Project - action #106957: [tools][tw][aarch64][QEMUTPM][tpm2.0] on some O3 arm workers, swtpm 2.0 device can't be created [or created failed] Resolvedggardet_arm2022-02-17

Actions
Related to openQA Tests - action #107488: [sle][security][sle15sp4]][automation]Unlocking LUKS volumes with TPM2 or FIDO2 keyResolvedrfan12022-02-18

Actions
Actions #1

Updated by rfan1 over 2 years ago

  • Related to action #107107: [Tumbleweed][security] test fails in tpm2_engine_rsa_operation added
Actions #2

Updated by rfan1 over 2 years ago

  • Related to action #107044: [sle][security][sle15sp4][swtpm] test fails in tpm2_engine_rsa_operation added
Actions #3

Updated by okurz over 2 years ago

  • Related to action #106957: [tools][tw][aarch64][QEMUTPM][tpm2.0] on some O3 arm workers, swtpm 2.0 device can't be created [or created failed] added
Actions #4

Updated by okurz over 2 years ago

  • Category set to Feature requests
  • Priority changed from Normal to Low
  • Target version set to future

certainly a valid issue. There is also #106957

Unfortunately we currently don't have the capacity to look deeper into the ticket.

Actions #5

Updated by rfan1 over 2 years ago

  • Related to action #107488: [sle][security][sle15sp4]][automation]Unlocking LUKS volumes with TPM2 or FIDO2 key added
Actions #6

Updated by rfan1 over 2 years ago

As xiaojing_liu's kindly help, I can set:

QEMUTPM = 'instance'

I will update my job configuration.

Actions #7

Updated by Xiaojing_liu over 2 years ago

  • Status changed from New to Feedback
  • Assignee set to Xiaojing_liu
Actions #8

Updated by rfan1 over 2 years ago

Thanks Xiaojing,

Let me try to re-run the tests to see.

Actions #10

Updated by Xiaojing_liu over 2 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF