Virt-Manager F41 respin installation gives error message

I can not select F41(respin sel link below) in the Virt-Manager (not available), so I selected just Fedora.
The error appears on step 5 of 5.

I can finish the configuration and the boot menu appears afterwards while starting the VM.
Seams been a cosmetic issue but it scares a bit :grin:

Unable to complete install: 'internal error: Could not run '/usr/bin/swtpm_setup'. exitstatus: 1; Check error log '/var/log/swtpm/libvirt/qemu/F41KDE-swtpm.log' for details.'

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 71, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
    ~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/virt-manager/virtManager/createvm.py", line 2008, in _do_async_install
    installer.start_install(guest, meter=meter)
    ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/virt-manager/virtinst/install/installer.py", line 726, in start_install
    domain = self._create_guest(
            guest, meter, initial_xml, final_xml,
            doboot, transient)
  File "/usr/share/virt-manager/virtinst/install/installer.py", line 667, in _create_guest
    domain = self.conn.createXML(initial_xml or final_xml, 0)
  File "/usr/lib64/python3.13/site-packages/libvirt.py", line 4545, in createXML
    raise libvirtError('virDomainCreateXML() failed')
libvirt.libvirtError: internal error: Could not run '/usr/bin/swtpm_setup'. exitstatus: 1; Check error log '/var/log/swtpm/libvirt/qemu/F41KDE-swtpm.log' for details.

sudo cat /var/log/swtpm/libvirt/qemu/F41KDE-swtpm.log
swtpm at /usr/bin/swtpm does not support TPM 2

Index of /pub/alt/live-respins

This seems the issue, and have you checked the indicated log for more information? Is there any more info than what was already posted?

I have one VM (workstation) that I configured to use TPM boot and have had no issues with it.

Yes it is supper long :grin: [1]


  1. swtpm ; GitHub - stefanberger/swtpm: Libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. β†©οΈŽ

I used default settings, so I do not know what this TPM is?

We may be able to get more info from a longer part of that log.
The single line is not very informative.

It got more now:

swtpm at /usr/bin/swtpm does not support TPM 2
Starting vTPM manufacturing as tss:tss @ Thu 23 Jan 2025 11:47:44 AM -03
Successfully created RSA 2048 EK with handle 0x81010001.
  Invoking /usr/bin/swtpm_localca --type ek --ek c5b90db77f23b7b89eae3b263246ef981211c5a9acd76169da3f5cbfe49d872b1294467661b28de663bf63d5f37997a32a0585111a7f9d8563b5a20424aa7a2bd9d61520bea23f2b73232ebf4bd4dc47537be3fc334c4461e7925a4b55c624a18da1771cae6124646d942dfe19c90ff420ce1c0109c529097880492e68c26815fc849b99662edbc07f7da76d0093c93de03bc0c96c04b83cca3450f15b8100d45610a20079914f7b86f8327d4bf6c2c06adbf71ceb94941511f746c2ef6bad0dcdd9f41efe8d9d023e7b28a8695a1254b7e26e4b7426d2ae8cbdccc7a611617695b05c0b0b7811dcff49dffc8bb1404f5503f05f7cd3ac86e54219f8b075bc27 --dir /tmp/swtpm_setup.certs.WRGY02 --logfile /var/log/swtpm/libvirt/qemu/F41KDE-swtpm.log --vmid F41KDE:08eaab3a-6323-4f56-993a-467836049d00 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Successfully created EK certificate locally.
  Invoking /usr/bin/swtpm_localca --type platform --ek c5b90db77f23b7b89eae3b263246ef981211c5a9acd76169da3f5cbfe49d872b1294467661b28de663bf63d5f37997a32a0585111a7f9d8563b5a20424aa7a2bd9d61520bea23f2b73232ebf4bd4dc47537be3fc334c4461e7925a4b55c624a18da1771cae6124646d942dfe19c90ff420ce1c0109c529097880492e68c26815fc849b99662edbc07f7da76d0093c93de03bc0c96c04b83cca3450f15b8100d45610a20079914f7b86f8327d4bf6c2c06adbf71ceb94941511f746c2ef6bad0dcdd9f41efe8d9d023e7b28a8695a1254b7e26e4b7426d2ae8cbdccc7a611617695b05c0b0b7811dcff49dffc8bb1404f5503f05f7cd3ac86e54219f8b075bc27 --dir /tmp/swtpm_setup.certs.WRGY02 --logfile /var/log/swtpm/libvirt/qemu/F41KDE-swtpm.log --vmid F41KDE:08eaab3a-6323-4f56-993a-467836049d00 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Successfully created platform certificate locally.
Successfully created NVRAM area 0x1c00002 for RSA 2048 EK certificate.
Successfully created NVRAM area 0x1c08000 for platform certificate.
Successfully created ECC EK with handle 0x81010016.
  Invoking /usr/bin/swtpm_localca --type ek --ek x=d5d7e23e012732fc30639e8a46763c89a1f2b287c4ed7c148a0ea531cbbabb3ce872dc05c6a11f0e9493cc8ba6cda4ab,y=e59b4c0d18ac80d5088e466603fb5ea75039a153bfa5aab635c5b112b9bc90f1bd65002b77209f02c9a44004762525b2,id=secp384r1 --dir /tmp/swtpm_setup.certs.WRGY02 --logfile /var/log/swtpm/libvirt/qemu/F41KDE-swtpm.log --vmid F41KDE:08eaab3a-6323-4f56-993a-467836049d00 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Successfully created EK certificate locally.
Successfully created NVRAM area 0x1c00016 for ECC EK certificate.
Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512.
Successfully authored TPM state.
Ending vTPM manufacturing @ Thu 23 Jan 2025 11:47:44 AM -03

To me that looks like a very successful result. Mine looks very similar.

I believe the first line is just a reminder message that TPM 2 is not supported

As I understand it windows 11 requires TPM 2, but not everything is that stringent in requirements.

1 Like

Thanks for your time to look on it.

I find it strange that kde is trying to install something what is just for Windows 11.

Is this TPM an addition to the EFI ?

Try to apply this update:
FEDORA-2025-6c94a9c131 β€” bugfix update for swtpm β€” Fedora Updates System

Also check if the issue persists in permissive SELinux mode:

sudo setenforce 0; getenforce

TPM is used for UEFI boot, but you can change it to BIOS boot:

1 Like

Yes, I just use UEFI so that I can test in a vm and not brake my whole system.

After adding the

sudo dnf upgrade --refresh --advisory=FEDORA-2025-6c94a9c131

Command as proposed in the bugfix link I still got the error (without reboot).
Just after updating the Kernel and reboot It worked without error.

Thanks a lot @vgaetera for your time.

p.s.
I still had to choose Fedora(fedora-unknown) because of missing F41 OS in the auto selection.

Should I do a extra request for that?

That list relies on osinfo-db, which is is often out of sync with Fedora releases, however there’s a pending update adding the latest release:
FEDORA-2025-88beb28669 β€” enhancement update for osinfo-db β€” Fedora Updates System

TPM is a bios feature for security (hardware related).
Installing bare metal directly on hardware can use it if the hardware has that module.
In a VM the bios settings you select during installation can enable the software version in the virtual bios.

Swtpm and/or selinux and/or ? error preventing VM install under UEFI with Cockpit (or Virt-Manager) - #11 by vgaetera

1 Like