The following is mostly a note to myself, I'm still first of all waiting for the logs I asked above.
The config used in the example you linked is: <tpm model='tpm-crb'> <backend type='passthrough'> <device path='/dev/tpm0'/> </backend> </tpm> Per https://libvirt.org/formatdomain.html#tpm-device about tpm-crb "another available choice is the tpm-crb, which should only be used when the backend device is a TPM 2.0" tpm-tis could be an alternative, but that also might be odd. So far I mostly heard people use emulators [1][2] in libvirt that is something like: <tpm model="tpm-crb"> <backend type="emulator" version="2.0"/> </tpm> Unfortunately my TPM is unhappy with me, also I have none of the further steps in place. So no testing from me atm (IIRC xnox had a setup like this once): $ sudo /usr/sbin/tcsd -f TCSD TDDL ioctl: (25) Inappropriate ioctl for device TCSD TDDL Falling back to Read/Write device support. TCSD TCS ERROR: TCS GetCapability failed with result = 0x1e [1]: https://github.com/stefanberger/swtpm [2]: https://launchpad.net/~stefanberger/+archive/ubuntu/swtpm-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1913552 Title: using tpm reports "/dev/tpm0: Permission denied" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1913552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs