[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-discuss] QEMU-TPM with SeaBIOS

From: Jakob Bohm
Subject: Re: [Qemu-discuss] QEMU-TPM with SeaBIOS
Date: Fri, 17 Aug 2012 14:32:04 +0200
User-agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:14.0) Gecko/20120713 Thunderbird/14.0


The emulated hard disk interface in the virtual machine is
probably not the same as the real hard disk interface in
your real machine.  The same goes for all the other hardware
in the virtual machine.  Basically, a qemu virtual machine
is a completely different computer model than whichever
physical computer you have in front of you, and it needs
to have the hardware parts of its OS configured for that
virtual hardware.  Trying to copy the driver configuration
from a physical machine to a qemu machine is like trying to
copy it from a Dell laptop to a HP desktop.

Qemu emulates one of 3 hard disk interfaces types as
specified through qemu command line options: "IDE/PATA"
(appears as /dev/hda in Linux kernels compiled with the
classic IDE drivers, or as /dev/sda in Linux kernels
compiled with the libata PATA drivers), "SCSI" (using a
specific adapter, see the online docs for the emulated
model, appears as /dev/sda in Linux) and "virtio" (A
high speed qemu specific interface, appears as /dev/vda
in Linux).

To load the needed drivers if they are compiled as modules
(.config file lists them with an "m"), include those
module files (from /lib/modules/) in initrd.img and make
sure the scripts and config files in initrd.img will load

On 8/17/2012 10:26 AM, khan wahid wrote:
*From:* Jakob Bohm <address@hidden>
*To:* address@hidden
*Sent:* Wednesday, August 15, 2012 7:23 PM
*Subject:* Re: [Qemu-discuss] QEMU-TPM with SeaBIOS

On 8/15/2012 9:40 AM, khan wahid wrote:
> Hi,
> I want to build a trusted integrity measurement OS, so that a remote party can check the system's integrity. But I don't have a hardware TPM, so I run the TPM emulator (http://tpm-emulator.berlios.de/) and patched my Qemu and SeaBIOS with the TPM related Patches (provided by Mr. Stefan Berger) to test the integrity measurement in virtual machine based Linux. To launch a Linux through Qemu, at first I compiled Linux from the source with Kernel-IMA functionality. Now I have the following files- > The compiled kernel-IMA image at /home/rrsuj/linux-
> And the new initrd at /boot/initrd.img-
> The patched bios.bin at /home/rrsuj/seabios-0.6.2/out/bios.bin
> I first check that the TPM emulator is running, so that Qemu and SeaBIOS find a TPM (although virtual). Then I execute the following command -
> #qemu-system-i386 -kernel /home/rrsuj/linux- -initrd /boot/initrd.img- -bios /home/rrsuj/Downloads/seabios/seabios-0.6.2/out/bios.bin
> It tries to boot Linux, but gives error-
> "VFS: cannot open root device "<NULL>" or unknown-block (8,1)"
> "Please append a correct "root=" boot option;"

>In other words, the default root device indicated by a few reserved bytes
>near the start of your bzImage or dynamically set by code in your
>initrd.img was blockdev major 8, minor 1 a.k.a. /dev/sda1, but neither your
>bzImage nor any modules loaded by your initrd.img knew how to map
>"blockdev 8,1" to "sda1". So I guess you haven't loaded the relevant SCSI

When I compiled the new kernel (/home/rrsuj/linux- in my host machine where the qemu is installed, it generates the /boot/vmlinuz-, and I am able to run my host machine with the new kernel, and I think the bzImange and vmlinuz are same. But this vmlinuz- is invoked by grub while booting the host machine. In the case of qemu, there is no grub to invoke the /home/rrsuj/linux-, I think it should be invoked by the default qemu boot loader. So please tell me how could I do that?

> So I did-
> #qemu-system-i386 -kernel /home/rrsuj/Downloads/linux- -initrd /boot/initrd.img- -append "root=/dev/sda1" -bios /home/rrsuj/Downloads/seabios/seabios-0.6.2/out/bios.bin
> but the error changes slightly-
> "VFS: cannot open root device "sda1" or unknown-block (0,0)"
> "Please append a correct "root=" boot option;"

>So this time, neither your bzImage, nor any of the loaded modules knew
>how to map "sda1" to "(8,1)", probably for the same reason as in your
>first attempt.

> The output of "sudo fdisk -l" is-
> Device Boot      Start        End      Blocks  Id System
> /dev/sda1  *          1        2686    21569536  83 Linux
> /dev/sda2            2686        2808      979969    5 Extended
> /dev/sda5 2686 2808 979968 82 Linux swap / Solaris

>How did you run this command if you could not boot your vm?

>I guess you ran this using a different kernel or initrd which did load the proper drivers.

Sorry I forgot to mention that this fdisk output is from my host machine (another linux version), where I executed the above qemu commands.

> So please tell me, what should I do? I had a plan to install TrustedGrub inside the virtual machine (the guest Linux), so that I can measure the total system from SeaBIOS to TrustedGrub to Linux-IMA. But it is not booting as I mentioned.
> Thank you for your help.
> Best regards


Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

reply via email to

[Prev in Thread] Current Thread [Next in Thread]