Unfortunately, it does not work by default on ONE 6.10 since swtpm is run as root:
Starting vTPM manufacturing as root:root @ Tue 19 Nov 2024 10:56:27 AM CET
The qemu process can’t access that socket by default
Tue Nov 19 10:56:31 2024 [Z0][VMM][E]: DEPLOY: error: Failed to create domain from /var/lib/one//datastores/0/34/deployment.0 error: internal error: process exited while connecting to monitor: 2024-11-19T09:56:27.597981Z qemu-kvm-one: -chardev socket,id=chrtpm,path=/run/libvirt/qemu/swtpm/12-one-34-swtpm.sock: Failed to connect to '/run/libvirt/qemu/swtpm/12-one-34-swtpm.sock': Permission denied Could not create domain from /var/lib/one//datastores/0/34/deployment.0 ExitCode: 255
To fix that, I needed:
- to edit
/etc/libvirt/qemu.confsed -i -E 's,^#?(swtpm_[^ ]+).*,\1 = "oneadmin",' /etc/libvirt/qemu.conf - to change the owner of
/var/lib/swtpm-localca/chown -R oneadmin: /var/lib/swtpm-localca/ - restart
libvirtd