diff --git a/internal/server/device/tpm.go b/internal/server/device/tpm.go
index 59c2856581b..71314e8c99c 100644
--- a/internal/server/device/tpm.go
+++ b/internal/server/device/tpm.go
@@ -202,11 +202,13 @@ func (d *tpm) startVM() (*deviceConfig.RunConfig, error) {
 		},
 	}
 
-	proc, err := subprocess.NewProcess("swtpm", []string{"socket", "--tpm2", "--tpmstate", fmt.Sprintf("dir=%s", tpmDevPath), "--ctrl", fmt.Sprintf("type=unixio,path=%s", socketPath)}, "", "")
+	proc, err := subprocess.NewProcess("swtpm", []string{"socket", "--tpm2", "--tpmstate", fmt.Sprintf("dir=%s", tpmDevPath), "--ctrl", fmt.Sprintf("type=unixio,path=swtpm-%s.sock", d.name)}, "", "")
 	if err != nil {
 		return nil, err
 	}
 
+	proc.Cwd = tpmDevPath
+
 	// Start the TPM emulator.
 	err = proc.Start(context.Background())
 	if err != nil {
diff --git a/internal/server/instance/drivers/driver_qemu.go b/internal/server/instance/drivers/driver_qemu.go
index 8cac04a8585..f13e1cd85e6 100644
--- a/internal/server/instance/drivers/driver_qemu.go
+++ b/internal/server/instance/drivers/driver_qemu.go
@@ -3668,7 +3668,7 @@ func (d *qemu) generateQemuConfigFile(cpuInfo *cpuTopology, mountInfo *storagePo
 
 		// Add TPM device.
 		if len(runConf.TPMDevice) > 0 {
-			err = d.addTPMDeviceConfig(&cfg, runConf.TPMDevice)
+			err = d.addTPMDeviceConfig(&cfg, runConf.TPMDevice, fdFiles)
 			if err != nil {
 				return "", nil, err
 			}
@@ -4852,7 +4852,7 @@ func (d *qemu) addUSBDeviceConfig(usbDev deviceConfig.USBDeviceItem) (monitorHoo
 	return monHook, nil
 }
 
-func (d *qemu) addTPMDeviceConfig(cfg *[]cfgSection, tpmConfig []deviceConfig.RunConfigItem) error {
+func (d *qemu) addTPMDeviceConfig(cfg *[]cfgSection, tpmConfig []deviceConfig.RunConfigItem, fdFiles *[]*os.File) error {
 	var devName, socketPath string
 
 	for _, tpmItem := range tpmConfig {
@@ -4863,9 +4863,16 @@ func (d *qemu) addTPMDeviceConfig(cfg *[]cfgSection, tpmConfig []deviceConfig.Ru
 		}
 	}
 
+	fd, err := unix.Open(socketPath, unix.O_PATH, 0)
+	if err != nil {
+		return err
+	}
+
+	tpmFD := d.addFileDescriptor(fdFiles, os.NewFile(uintptr(fd), socketPath))
+
 	tpmOpts := qemuTPMOpts{
 		devName: devName,
-		path:    socketPath,
+		path:    fmt.Sprintf("/proc/self/fd/%d", tpmFD),
 	}
 	*cfg = append(*cfg, qemuTPM(&tpmOpts)...)
 
diff --git a/shared/subprocess/proc.go b/shared/subprocess/proc.go
index 3f83db43fa4..241e2bf877e 100644
--- a/shared/subprocess/proc.go
+++ b/shared/subprocess/proc.go
@@ -27,6 +27,7 @@ type Process struct {
 	Name     string         `yaml:"name"`
 	Args     []string       `yaml:"args,flow"`
 	Apparmor string         `yaml:"apparmor"`
+	Cwd      string         `yaml:"cwd"`
 	PID      int64          `yaml:"pid"`
 	Stdin    io.ReadCloser  `yaml:"-"`
 	Stdout   io.WriteCloser `yaml:"-"`
@@ -153,6 +154,11 @@ func (p *Process) start(ctx context.Context, fds []*os.File) error {
 	cmd.Stderr = p.Stderr
 	cmd.Stdin = p.Stdin
 	cmd.SysProcAttr = p.SysProcAttr
+
+	if p.Cwd != "" {
+		cmd.Dir = p.Cwd
+	}
+
 	if cmd.SysProcAttr == nil {
 		cmd.SysProcAttr = &syscall.SysProcAttr{}
 	}