Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtua

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtua

From:	Marc-André Lureau
Subject:	Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine
Date:	Tue, 21 Aug 2018 11:18:52 +0200

Hi
On Sun, Aug 19, 2018 at 9:47 AM 汤福 <address@hidden> wrote:
>
> I tried it according to your method, but I have some problems. My host is 
> centos 7.2 with the TPM 2.0 hardware and qemu v2.10.2. The driver for the TPM 
> 2.0 hardware is crb device，Execute lsmod to view the tpm 2.0 driver 
> information as follows：
> address@hidden BUILD]# lsmod | grep tpm
> tpm_crb                12972  0
>
> I downloaded the OVMF-20182028-5.noarch.src.rpm package from the rpm search 
> website. And rebulid it with -DTPM2_ENABLE and -DSECURE_BOOT_ENABLE, Rebulid 
> everything well and generate the OVMF.fd and OVMF_ARGS.fd file，so I copy 
> OVMF.fd to my qemu-kvm project and start qemu to install windows 10 virtual 
> machine.
>
> I first created a blank img file named win10.img，and install win10  virtual 
> machine as follows：
> address@hidden BUILD]#qemu-system-x86_64 -display sdl -enable-kvm  -m 4096 
> -boot d  -cdrom win10.iso -bios OVMF.fd  -net none  -boot menu=on -tpmdev 
> cuse-tpm,id=tpm0,cancel-path=/dev/null,type=passthrough,path=/dev/tpm0  
> -device tpm-tis,tpmdev=tpm0 win10.img

cuse-tpm doesn't exist in qemu upstream. You are using TPM passthrough
here, not vTPM.

I suggest you try with qemu upstream and read the TPM document
(replacing seabios with ovmf like you did, and tis with crb etc), in
complement with
https://github.com/stefanberger/swtpm/wiki/Certificiates-created-by-swtpm_setup
:
https://git.qemu.org/?p=qemu.git;a=blob_plain;f=docs/specs/tpm.txt

>
> The installation process is very very slow, the system automatically restarts 
> after the installation is complete. But it seems can't enter the desktop. The 
> system restarts cyclically, it looks like there is a problem with BIOS boot. 
> I think of what you said that  for Windows TPM 2 support will need the TPM 
> CRB device, so I start qemu with parameter of -device tpm-crb but it didn't 
> work. Prompt the following error message：
> address@hidden BUILD]#qemu-system-x86_64 -display sdl -enable-kvm  -m 4096 
> -boot d  -bios OVMF.fd  -net none  -boot menu=on -tpmdev 
> cuse-tpm,id=tpm0,cancel-path=/dev/null,type=passthrough,path=/dev/tpm0  
> -device tpm-crb,tpmdev=tpm0 win10.img
> address@hidden BUILD]#qemu-system-x86_64: -device tpm-crb,tpmdev=tpm0: 
> 'tpm-crb' is not a valid device model name
>
> I don't know where the problem is, I need you to give me some help. Thank you 
> very much!
>
>
> > -----原始邮件-----
> > 发件人: "Marc-André Lureau" <address@hidden>
> > 发送时间: 2018-08-16 16:56:52 (星期四)
> > 收件人: address@hidden
> > 抄送: QEMU <address@hidden>
> > 主题: Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 
> > virtual machine
> >
> > Hi
> > On Thu, Aug 16, 2018 at 3:29 AM 汤福 <address@hidden> wrote:
> > >
> > > Hi,
> > >
> > > I want to use the vTPM in a qemu Windows image. Unfortunately, it didn't 
> > > work.
> > > First, the equipment:
> > > TPM 2.0 hardware
> > > CentOS 7.2
> > > Qemu v2.10.2
> > > SeaBIOS 1.11.0
> > > libtpm and so on
> > >
> > > My host is centos 7.2 with the TPM 2.0 hardware and qemu v2.10.2.
> > > I make the libtpm and seabios with ./configure, make and so on. I checked 
> > > seabios with make menuconfig the TPM setting. It is enabled tpm by 
> > > default.
> > > Eventually, all works without errors.
> > >
> > > I start the Widnows 10 image with:
> > > qemu-system-x86_64 -display sdl -enable-kvm -m 2048 -boot d -bios 
> > > bios.bin -boot menu=on -tpmdev 
> > > cuse-tpm,id=tpm0,cancel-path=/dev/null,type=passthrough,path=/dev/tpm0  
> > > -device tpm-tis,tpmdev=tpm0 win10.img
> > >
> > >
> > > First it looks all fine. Windows 10 booted up but the vTPM was recognized 
> > > as TPM 1.2 instead of TPM 2.0 in device manager. I open the tpm Manager 
> > > with tpm.msc but get error with No compatible TPM found.
> > > If I use vTPM in a qemu linux image, everything gose well. I think of 
> > > what you said
> > >
> > >
> > > So, what could be the problem?
> >
> > You need to build libtpms & swtpm from Stefan tpm2-preview branches.
> > (Alternatively, there is now an experimental fedora copr repository:
> > https://copr.fedorainfracloud.org/coprs/stefanberger/swtpm/)
> >
> > I suggest to setup the VM with libvirt upstream, which will do the
> > preliminary swtpm_setup for you, or follow
> > https://github.com/stefanberger/swtpm/wiki/Certificiates-created-by-swtpm_setup
> >
> > For Windows TPM 2 support, you will need the TPM CRB device, and
> > upstream OVMF compiled with  -D TPM2_ENABLE (TIS & Bios are 1.2 only
> > for Windows, even if seabios does have some 2.0 support with them)
> >
> > Furthermore, to pass the WLK tests, you need PPI & MOR interface,
> > which are still pending merge ([PATCH v9 0/6] Add support for TPM
> > Physical Presence interface)
> >
> >
> >
> >
> > --
> > Marc-André Lureau



--
Marc-André Lureau

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine, 汤福, 2018/08/13
- [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine, 汤福, 2018/08/15
  - Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine, Marc-André Lureau, 2018/08/16
    - Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine, 汤福, 2018/08/19
    - Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine, Marc-André Lureau <=

Prev by Date: Re: [Qemu-devel] Qemu and Spectre_V4 + l1tf + IBRS_FW
Next by Date: Re: [Qemu-devel] [PATCH] migration: Replace strncpy() by g_strlcpy()
Previous by thread: Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine
Next by thread: [Qemu-devel] [PATCH] chardev/char-fe: Fix typos
Index(es):
- Date
- Thread