[libvirt-users] Emulated TPM doesn't work on Debian Buster
Hi. I am very interested in the security properties a totally open TPM can give our users - its use as a universal smartcard to protect all types of keys. When adding the virtual 1.2 or 2.0 TPM I get the vague error below. OS is Debian stable with standard packages. Error starting domain: Unable to find 'swtpm' binary in $PATH: No such file or directory Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 75, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 111, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 66, in newfn ret = fn(self, *args, **kwargs) File "/usr/share/virt-manager/virtManager/domain.py", line 1400, in startup self._backend.create() File "/usr/lib/python3/dist-packages/libvirt.py", line 1080, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirt.libvirtError: Unable to find 'swtpm' binary in $PATH: No such file or directory
On Sat, 2019-10-05 at 14:32 +0000, procmem@riseup.net wrote:
Hi. I am very interested in the security properties a totally open TPM can give our users - its use as a universal smartcard to protect all types of keys. When adding the virtual 1.2 or 2.0 TPM I get the vague error below. OS is Debian stable with standard packages.
Error starting domain: Unable to find 'swtpm' binary in $PATH: No such file or directory
I wouldn't call this error message vague at all: it tells you exactly what the problem is, namely that libvirt needs the 'swtpm' command for your configuration but the latter is not available :) Unfortunately it looks like swtpm it's not packaged for Debian, so I'm afraid the solution is not just a simple apt-get away :( -- Andrea Bolognani / Red Hat / Virtualization
On 10/7/19 7:31 AM, Andrea Bolognani wrote:
On Sat, 2019-10-05 at 14:32 +0000, procmem@riseup.net wrote:
Hi. I am very interested in the security properties a totally open TPM can give our users - its use as a universal smartcard to protect all types of keys. When adding the virtual 1.2 or 2.0 TPM I get the vague error below. OS is Debian stable with standard packages.
Error starting domain: Unable to find 'swtpm' binary in $PATH: No such file or directory I wouldn't call this error message vague at all: it tells you exactly what the problem is, namely that libvirt needs the 'swtpm' command for your configuration but the latter is not available :)
Unfortunately it looks like swtpm it's not packaged for Debian, so I'm afraid the solution is not just a simple apt-get away :(
Thanks for letting me know. I assumed everything in libvirt was self contained and so I didn't expect it to need an extraneous package. Hopefully it'll land by Debian Bullseye.
On Mon, 2019-10-07 at 13:26 +0000, procmem@riseup.net wrote:
On 10/7/19 7:31 AM, Andrea Bolognani wrote:
On Sat, 2019-10-05 at 14:32 +0000, procmem@riseup.net wrote:
Hi. I am very interested in the security properties a totally open TPM can give our users - its use as a universal smartcard to protect all types of keys. When adding the virtual 1.2 or 2.0 TPM I get the vague error below. OS is Debian stable with standard packages.
Error starting domain: Unable to find 'swtpm' binary in $PATH: No such file or directory
I wouldn't call this error message vague at all: it tells you exactly what the problem is, namely that libvirt needs the 'swtpm' command for your configuration but the latter is not available :)
Unfortunately it looks like swtpm it's not packaged for Debian, so I'm afraid the solution is not just a simple apt-get away :(
Thanks for letting me know. I assumed everything in libvirt was self contained and so I didn't expect it to need an extraneous package. Hopefully it'll land by Debian Bullseye.
libvirt calls out to several external tools, the most high-profile example being of course QEMU ;) -- Andrea Bolognani / Red Hat / Virtualization
On Sat, Oct 05, 2019 at 02:32:19PM +0000, procmem@riseup.net wrote:
Hi. I am very interested in the security properties a totally open TPM can give our users - its use as a universal smartcard to protect all types of keys. When adding the virtual 1.2 or 2.0 TPM I get the vague error below. OS is Debian stable with standard packages.
Error starting domain: Unable to find 'swtpm' binary in $PATH: No such file or directory
Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 75, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 111, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 66, in newfn ret = fn(self, *args, **kwargs) File "/usr/share/virt-manager/virtManager/domain.py", line 1400, in startup self._backend.create() File "/usr/lib/python3/dist-packages/libvirt.py", line 1080, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirt.libvirtError: Unable to find 'swtpm' binary in $PATH: No such file or directory
What is vague about this? "Unable to find 'swtpm' binary in $PATH:" ??? Have you tried: apt install -y swtpm perhaps?
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
On 10/7/19 8:17 AM, Martin Kletzander wrote:
On Sat, Oct 05, 2019 at 02:32:19PM +0000, procmem@riseup.net wrote:
Hi. I am very interested in the security properties a totally open TPM can give our users - its use as a universal smartcard to protect all types of keys. When adding the virtual 1.2 or 2.0 TPM I get the vague error below. OS is Debian stable with standard packages.
Error starting domain: Unable to find 'swtpm' binary in $PATH: No such file or directory
Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 75, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 111, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 66, in newfn ret = fn(self, *args, **kwargs) File "/usr/share/virt-manager/virtManager/domain.py", line 1400, in startup self._backend.create() File "/usr/lib/python3/dist-packages/libvirt.py", line 1080, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirt.libvirtError: Unable to find 'swtpm' binary in $PATH: No such file or directory
What is vague about this? "Unable to find 'swtpm' binary in $PATH:" ???
Have you tried:
apt install -y swtpm
perhaps?
Yeah. I've even searched the Debian package directories in case it's available under a different name, but it's like Andrea says - it's not packaged for Debian yet.
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
participants (3)
-
Andrea Bolognani -
Martin Kletzander -
procmem@riseup.net