Project

General

Profile

action #107155

[tools][tw][sle][QEMUTPM][tpm2.0] swtpm devices need to be clear once test done

Added by rfan1 over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Low
Assignee:
Xiaojing_liu
Category:
Feature requests
Target version:
QA - future
Start date:
2022-02-21
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

Description

Hello tool team expterts:

https://progress.opensuse.org/issues/107107
https://progress.opensuse.org/issues/107044

May I ask for your kindly help to fix this issue? the issue can be seen on both x86_64 and aarch64 platforms.

If I re-run the tests [e.g. http://openqa.suse.de/tests/8202488]

It can't pass any more. so I am wondering there might be some issue with backend swtpm socket.

I tried to debug it a bit, and found that in our workers, after tests completed, there still be some files there. it may impact later tests.

Error message from openqa:
WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2)
Error: Generating key failed
Key could not be generated.

From the error messages, we can see the tpm devices are not in clean status.

tpm2_rc_decode -V 0x000009a2

tpm:session(1):authorization failure without DA implications

I tried to login to the worker, and found some stale files there. can you please do some enhancements here if possible?
Remove the file once test done
#/tmp/mytpm1> ll
total 8
-rw-r----- 1 _openqa-worker nogroup 1185 Dec 27 15:04 tpm-00.permall
-rw-r----- 1 _openqa-worker nogroup 1214 Feb 21 08:51 tpm2-00.permall

Workaround

IMO, remove the tpm2-00.permall should be fine

Related issues

Related to openQA Tests - action #107107: [Tumbleweed][security] test fails in tpm2_engine_rsa_operationResolved2022-02-18

Related to openQA Tests - action #107044: [sle][security][sle15sp4][swtpm] test fails in tpm2_engine_rsa_operationResolved2022-02-18

Related to openQA Project - action #106957: [tools][tw][aarch64][QEMUTPM][tpm2.0] on some O3 arm workers, swtpm 2.0 device can't be created [or created failed] Resolved2022-02-17

Related to openQA Tests - action #107488: [sle][security][sle15sp4]][automation]Unlocking LUKS volumes with TPM2 or FIDO2 keyResolved2022-02-18

History

#1 Updated by rfan1 over 1 year ago

  • Related to action #107107: [Tumbleweed][security] test fails in tpm2_engine_rsa_operation added

#2 Updated by rfan1 over 1 year ago

  • Related to action #107044: [sle][security][sle15sp4][swtpm] test fails in tpm2_engine_rsa_operation added

#3 Updated by okurz over 1 year ago

  • Related to action #106957: [tools][tw][aarch64][QEMUTPM][tpm2.0] on some O3 arm workers, swtpm 2.0 device can't be created [or created failed] added

#4 Updated by okurz over 1 year ago

  • Category set to Feature requests
  • Priority changed from Normal to Low
  • Target version set to future

certainly a valid issue. There is also #106957

Unfortunately we currently don't have the capacity to look deeper into the ticket.

#5 Updated by rfan1 over 1 year ago

  • Related to action #107488: [sle][security][sle15sp4]][automation]Unlocking LUKS volumes with TPM2 or FIDO2 key added

#6 Updated by rfan1 about 1 year ago

As xiaojing_liu's kindly help, I can set:

QEMUTPM = 'instance'

I will update my job configuration.

#7 Updated by Xiaojing_liu about 1 year ago

  • Status changed from New to Feedback
  • Assignee set to Xiaojing_liu

#8 Updated by rfan1 about 1 year ago

Thanks Xiaojing,

Let me try to re-run the tests to see.

#10 Updated by Xiaojing_liu about 1 year ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF