[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-discuss] Trustedgrub2 reports No TPM found

From: anshul makkar
Subject: Re: [Qemu-discuss] Trustedgrub2 reports No TPM found
Date: Wed, 10 May 2017 09:41:03 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1

Hi Stefan,


" swtpm: ./configure --prefix=/usr --with-openssl ; make ; sudo make check -j16 ; sudo make install" . Don't we need to specify "--with-cuse" or its typo from you ?

While building libtpm, even though we specify "--with-tpm2" flag during configuration phase, it builds libtpm for both 1.2 and 2.0 and when I did make install I found that only 1.2 libraries were getting installed. Its kind of weird but I worked around this by deleting the 1.2 libraries after doing make and then did make install.

/swtpm_cuse --name vtpm0 --tpmstate dir=/tmp/vtpm0 --log file=/root/out.log

sudo qemu-system-x86_64 -enable-kvm -display sdl -m 2048 -boot b -bios /local/home/anshulma/tpm/seabios-tpm/out/bios.bin -boot menu=on -tpmdev cuse-tpm,id=tpm0,path=/dev/vtpm0 -device tpm-tis,tpmdev=tpm0 -drive format=raw,file=../../stefanberger_qemu_tpm/qemu-tpm/ubuntu.img/

After following the above steps, my ubuntu guest and trusted grub can see TPM. I installed TPM2-tss and tpm-tools in the guest. But I am not able to execute tpm2 commands.


Error: Failed to initialize tcti context: 0x1 //trying to communicate over socket. initsocketTCTI failed.

##> resourcemgr
 Resource Mgr, device TCTI, failed initialization: 0xa000a. Exiting....
./tpm2_rc_decode 0xa000a : TSS2_BASE_RC_IO_ERROR.

Then I read that I can remove resourcemgr from the configuration and can use direct TCTI mechanism introduced in TPM 2.0.

##>tpm2_takeownership -T device
Error: Failed to initialize device TCTI context. //directly communicate with TCTI device. initdeviceTCTI failed.
./tpm2_rc_decode: 0xa00a: TSS2_BASE_RC_IO_ERROR, IO failure.

I think I am missing some library or configuration which prevents initialization of TCTI interface.

Please can you suggest.

Anshul Makkar

On 05/05/17 18:36, Stefan Berger wrote:
I would use the following configure lines. You may want to watch out so you don't have two versions of the library on your system, though: libtpms: ./configure --prefix=/usr --with-tpm2 --with-openssl ; make ; make check ; sudo make install swtpm: ./configure --prefix=/usr --with-openssl ; make ; sudo make check -j16 ; sudo make install Please run a 'make check -j16' on the swtpm project before running a 'make install'. Can you follow the setup steps that the person raising this issue followed: https://github.com/stefanberger/swtpm/issues/21

    ----- Original message -----
    From: anshul makkar <address@hidden>
    To: <address@hidden>, <address@hidden>
    Subject: Trustedgrub2 reports No TPM found
    Date: Fri, May 5, 2017 12:32 PM

    I had a working vTPM solution with TPM 1.2 using swtpm, libtpm

    I wanted to try TPM 2.0 so I switched to:

    swtpm: tpm2-preview branch. Compiled using ./configure --with-tpm2
    --enable-debug --enable-cuse

    libtpm: tpm2-preview.rev142 branch. Compiled using ./configure
    --with-tpm2 --enable-debug

    Installed TPM2.0-TSS software stack.

    Using seabios with TPM patches and TrustedGrub2.

    Now when I start guest with TrustedGrub2, I get an error message from
    grub that TPM device not found. Even Windows guest fails to detect

    Command that I used to start the guest

    swtpm_cuse --tpm2 -M 260 -m 1 -n vtpm0 . I can see /dev/vtpm0
    after this

    Launch the guest: sudo qemu-system-x86_64  -enable-kvm  -m 2048
    -boot b
    -bios seabios.bin -boot menu=on -tpmdev
    -device tpm-tis,tpmdev=tpm0 -drive format=raw,file=ubuntu.img

    I debugged TrustedGrub2.0 code and found that it issues BIOS call INT
    1Ah, (AH)=BBh,(AL)=00h ( TCG_StatusCheck ) which fails.

    TPM 1.2 used to work fine, so just wondering if I have missed any

    Please can you share your thoughts.


    Anshul Makkar

reply via email to

[Prev in Thread] Current Thread [Next in Thread]