From: Jakob Bohm <address@hidden>
To: address@hidden
Sent: Wednesday, August 15, 2012 7:23 PM
Subject: Re: [Qemu-discuss] QEMU-TPM with SeaBIOS
On 8/15/2012 9:40 AM, khan wahid wrote:
> Hi,
> I want to build a trusted integrity measurement OS, so that a remote party can check the system's integrity. But I don't have a hardware TPM, so I run the TPM emulator (http://tpm-emulator.berlios.de/) and patched my Qemu and SeaBIOS with the TPM related Patches (provided by Mr. Stefan Berger) to test the integrity measurement in virtual machine based Linux. To launch a Linux through Qemu, at first I compiled Linux from the source with Kernel-IMA functionality. Now I have the following files-
> The compiled kernel-IMA image at /home/rrsuj/linux-2.6.32.59/arch/x86/boot/bzImage
> And the new initrd at /boot/initrd.img-2.6.32.59
> The patched bios.bin at /home/rrsuj/seabios-0.6.2/out/bios.bin
>
> I first check that the TPM emulator is running, so that Qemu and SeaBIOS find a TPM (although virtual). Then I execute the following command -
>
>
#qemu-system-i386 -kernel /home/rrsuj/linux-2.6.32.59/arch/x86/boot/bzImage -initrd /boot/initrd.img-2.6.32.59 -bios /home/rrsuj/Downloads/seabios/seabios-0.6.2/out/bios.bin
> It tries to boot Linux, but gives error-
> "VFS: cannot open root device "<NULL>" or unknown-block (8,1)"
> "Please append a correct "root=" boot option;"
>In other words, the default root device indicated by a few reserved bytes
>near the start of your bzImage or dynamically set by code in your
>initrd.img was blockdev major 8, minor 1 a.k.a. /dev/sda1, but neither your
>bzImage nor any modules loaded by your initrd.img knew how to map
>"blockdev 8,1" to "sda1". So I guess you haven't loaded the relevant SCSI
>driver.
When I compiled the new kernel (/home/rrsuj/linux-2.6.32.59/arch/x86/boot/bzImage) in my host machine where the qemu is installed, it generates the
/boot/vmlinuz-2.6.32.59, and I am able to run my host machine with the new kernel, and I think the bzImange and vmlinuz are same. But this vmlinuz-2.6.32.59 is invoked by grub while booting the host machine. In the case of qemu, there is no grub to invoke the /home/rrsuj/linux-2.6.32.59/arch/x86/boot/bzImage, I think it should be invoked by the default qemu boot loader. So please tell me how could I do that?
> So I did-
> #qemu-system-i386 -kernel /home/rrsuj/Downloads/linux-2.6.32.59/arch/x86/boot/bzImage -initrd /boot/initrd.img-2.6.32.59 -append "root=/dev/sda1" -bios /home/rrsuj/Downloads/seabios/seabios-0.6.2/out/bios.bin
> but the error changes slightly-
> "VFS: cannot open root device "sda1" or unknown-block (0,0)"
> "Please append a correct "root=" boot option;"
>So this time, neither your bzImage, nor any of the loaded modules knew
>how to map "sda1" to "(8,1)", probably
for the same reason as in your
>first attempt.
> The output of "sudo fdisk -l" is-
> Device Boot Start End Blocks Id System
> /dev/sda1 * 1 2686 21569536 83 Linux
> /dev/sda2 2686 2808 979969 5 Extended
> /dev/sda5 2686 2808 979968 82 Linux swap / Solaris
>How did you run this command if you could not boot your vm?
>I guess you ran this using a different kernel or initrd which did load the proper drivers.
Sorry I forgot to mention that this fdisk output is from my host machine (another linux version), where I
executed the above qemu commands.
> So please tell me, what should I do? I had a plan to install TrustedGrub inside the virtual machine (the guest Linux), so that I can measure the total system from SeaBIOS to TrustedGrub to Linux-IMA. But it is not booting as I mentioned.
> Thank you for your help.
> Best regards
-- Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10 <call:+4531131610>
This message is only for its intended recipient, delete if misaddressed.
WiseMo - Remote Service Management for PCs, Phones and Embedded