action #107155
closed[tools][tw][sle][QEMUTPM][tpm2.0] swtpm devices need to be clear once test done
0%
Description
Description¶
Hello tool team expterts:
https://progress.opensuse.org/issues/107107
https://progress.opensuse.org/issues/107044
May I ask for your kindly help to fix this issue? the issue can be seen on both x86_64 and aarch64 platforms.
If I re-run the tests [e.g. http://openqa.suse.de/tests/8202488]
It can't pass any more. so I am wondering there might be some issue with backend swtpm socket.
I tried to debug it a bit, and found that in our workers, after tests completed, there still be some files there. it may impact later tests.
Error message from openqa:
WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2)
Error: Generating key failed
Key could not be generated.
From the error messages, we can see the tpm devices are not in clean status.
tpm2_rc_decode -V 0x000009a2¶
tpm:session(1):authorization failure without DA implications
I tried to login to the worker, and found some stale files there. can you please do some enhancements here if possible?
Remove the file once test done
#/tmp/mytpm1> ll
total 8
-rw-r----- 1 _openqa-worker nogroup 1185 Dec 27 15:04 tpm-00.permall
-rw-r----- 1 _openqa-worker nogroup 1214 Feb 21 08:51 tpm2-00.permall
Workaround¶
IMO, remove the tpm2-00.permall should be fine
Updated by rfan1 about 2 years ago
- Related to action #107107: [Tumbleweed][security] test fails in tpm2_engine_rsa_operation added
Updated by rfan1 about 2 years ago
- Related to action #107044: [sle][security][sle15sp4][swtpm] test fails in tpm2_engine_rsa_operation added
Updated by okurz about 2 years ago
- Related to action #106957: [tools][tw][aarch64][QEMUTPM][tpm2.0] on some O3 arm workers, swtpm 2.0 device can't be created [or created failed] added
Updated by okurz about 2 years ago
- Category set to Feature requests
- Priority changed from Normal to Low
- Target version set to future
certainly a valid issue. There is also #106957
Unfortunately we currently don't have the capacity to look deeper into the ticket.
Updated by rfan1 about 2 years ago
- Related to action #107488: [sle][security][sle15sp4]][automation]Unlocking LUKS volumes with TPM2 or FIDO2 key added
Updated by rfan1 about 2 years ago
As xiaojing_liu's kindly help, I can set:
QEMUTPM = 'instance'
I will update my job configuration.
Updated by Xiaojing_liu about 2 years ago
- Status changed from New to Feedback
- Assignee set to Xiaojing_liu
Updated by rfan1 about 2 years ago
Thanks Xiaojing,
Let me try to re-run the tests to see.
Updated by rfan1 about 2 years ago
OSD:
https://openqa.suse.de/tests/8280713
https://openqa.suse.de/tests/8280714
03:
https://openqa.opensuse.org/tests/2230368
The issue is not seen any more
Updated by Xiaojing_liu about 2 years ago
- Status changed from Feedback to Resolved