[tools][tw][sle][QEMUTPM][tpm2.0] swtpm devices need to be clear once test done
Hello tool team expterts:
May I ask for your kindly help to fix this issue? the issue can be seen on both x86_64 and aarch64 platforms.
If I re-run the tests [e.g. http://openqa.suse.de/tests/8202488]
It can't pass any more. so I am wondering there might be some issue with backend swtpm socket.
I tried to debug it a bit, and found that in our workers, after tests completed, there still be some files there. it may impact later tests.
Error message from openqa:
WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2)
Error: Generating key failed
Key could not be generated.
From the error messages, we can see the tpm devices are not in clean status.
tpm2_rc_decode -V 0x000009a2¶
tpm:session(1):authorization failure without DA implications
I tried to login to the worker, and found some stale files there. can you please do some enhancements here if possible?
Remove the file once test done
-rw-r----- 1 _openqa-worker nogroup 1185 Dec 27 15:04 tpm-00.permall
-rw-r----- 1 _openqa-worker nogroup 1214 Feb 21 08:51 tpm2-00.permall
IMO, remove the tpm2-00.permall should be fine
#1 Updated by rfan1 over 1 year ago
- Related to action #107107: [Tumbleweed][security] test fails in tpm2_engine_rsa_operation added
#2 Updated by rfan1 over 1 year ago
- Related to action #107044: [sle][security][sle15sp4][swtpm] test fails in tpm2_engine_rsa_operation added
#3 Updated by okurz over 1 year ago
- Related to action #106957: [tools][tw][aarch64][QEMUTPM][tpm2.0] on some O3 arm workers, swtpm 2.0 device can't be created [or created failed] added
#4 Updated by okurz over 1 year ago
- Category set to Feature requests
- Priority changed from Normal to Low
- Target version set to future
certainly a valid issue. There is also #106957
Unfortunately we currently don't have the capacity to look deeper into the ticket.
#5 Updated by rfan1 over 1 year ago
- Related to action #107488: [sle][security][sle15sp4]][automation]Unlocking LUKS volumes with TPM2 or FIDO2 key added
#6 Updated by rfan1 about 1 year ago
As xiaojing_liu's kindly help, I can set:
QEMUTPM = 'instance'
I will update my job configuration.
#7 Updated by Xiaojing_liu about 1 year ago
- Status changed from New to Feedback
- Assignee set to Xiaojing_liu
#8 Updated by rfan1 about 1 year ago
Let me try to re-run the tests to see.
#9 Updated by rfan1 about 1 year ago
The issue is not seen any more
#10 Updated by Xiaojing_liu about 1 year ago
- Status changed from Feedback to Resolved