Re: [Qemu-devel] [PATCH 4/4] tpm: Provide libtpms software TPM backend

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 4/4] tpm: Provide libtpms software TPM backend

From:	Xu, Quan
Subject:	Re: [Qemu-devel] [PATCH 4/4] tpm: Provide libtpms software TPM backend
Date:	Mon, 16 Dec 2013 12:45:21 +0000

Hi Bryant / Berger,
        Now vtpm can be detected in virtual machine based on KVM. 
/sys/class/misc/tpm0 is created. /sys/class/misc/tpm0/device/{ active, owned, 
enabled} value are correct. 
But it is failed to take ownership. 
    1) Can it take ownership in your system?
    2) One software engineer will follow libtpms and make it work for KVM, and 
another software engineer will integrate qemu/seabios with Xen vtpm backend.
      Also my team is very interested to collaborate with you to upstream. BTW, 
I will follow all of the topics.
    3) We can schedule a meeting to talk in detail. I am at Intel Asian-Pacific 
R&D center, Shanghai China. Time zone 8+.



Thanks 
Quan




> -----Original Message-----
> From: Corey Bryant [mailto:address@hidden
> Sent: Monday, December 02, 2013 10:16 PM
> To: Xu, Quan; Stefan Berger
> Cc: address@hidden
> Subject: Re: [Qemu-devel] [PATCH 4/4] tpm: Provide libtpms software TPM
> backend
> 
> 
> 
> On 12/01/2013 11:00 PM, Xu, Quan wrote:
> >
> >
> >> -----Original Message-----
> >> From: Corey Bryant [mailto:address@hidden
> >> Sent: Tuesday, November 26, 2013 10:40 PM
> >> To: Xu, Quan
> >> Cc: address@hidden
> >> Subject: Re: [Qemu-devel] [PATCH 4/4] tpm: Provide libtpms software
> >> TPM backend
> >>
> >>
> >> On 11/25/2013 10:04 PM, Xu, Quan wrote:
> >>>        Thanks Bryant, this problem has been solved by following
> >> "http://www.mail-archive.com/address@hidden/msg200808.html";.
> >>>        But there is another problem when run configure with
> >>> "./configure --target-list=x86_64-softmmu --enable-tpm". The value
> >>> of "libtpms" is still "no". when I modified "tpm_libtpms" to "yes"
> >>> in configure file directly and make, then reported with error
> >>> "hw/tpm/tpm_libtpms.c:21:33: fatal error: libtpms/tpm_library.h: No
> >>> such file or directory".  Now I am installing libtpms with
> >> https://github.com/coreycb/libtpms for libtpms lib. Could you share
> >> specific step to configure QEMU based on your patch, if it comes easily to
> you?
> >>
> >> Here's what I've been using to build libtpms:
> >>
> >> $ CFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> >> -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
> >> $ export CFLAGS
> >> $ ./configure --build=x86_64-redhat-linux-gnu --prefix=/usr
> >> --libdir=/usr/lib64
> >> $ make
> >> $ sudo make install
> >>
> >> And then the configure you're using above should work for QEMU.
> >
> >
> >
> >      Sorry for my delay to answer you. I had a cold and took a sick leave 
> > at last
> Friday.
> 
> Not a problem.  I hope you're feeling better.
> 
> >
> >      Now I have setup QEMU with your patch. Start VM with below
> command:
> > ==
> >     qemu-system-x86_64 -m 1024 -hda rhel.raw -nographic -vnc :1 -drive
> > file=nvram.qcow2,if=none,id=nvram0-0-0,format=qcow2 -device
> > tpm-tis,tpmdev=tpm-tpm0,id=tpm0 -tpmdev
> > libtpms,id=tpm-tpm0,nvram=nvram0-0-0 -net nic -net
> > tap,ifname=tap0,script=no ==
> >
> > rhel.raw is Red Hat 6.4 image. Also I have rebuild kernel with TPM 1.2 
> > driver in
> VM. But I still can't find " /sys/class/misc/tpm0/ ".
> >
> >      Does it need SeaBios bios.bin to make it work?  If need bios.bin, could
> you send me a bios.bin and tell me how to enable bios.bin with your patch?
> 
> Yes it needs bios.bin.  I've attached a bios.bin that has vTPM seabios 
> updates.
> You should be able to copy everything from /usr/local/share/qemu to a new
> directory, and just replace the bios.bin in the new directory with the one 
> I've
> attached.  Then point qemu at the new directory.
> 
> Also, make sure you enable the boot menu.  Then when you boot your guest
> you can press F11 to get a menu of TPM options to enable, disable, activate,
> deactivate, clear, etc the vTPM.
> 
> Here's some sample libvirt domain XML updates:
> 
> <domain type='kvm'
> xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
> ...
> <os>
>    <bootmenu enable='yes'/>
> </os>
> ...
>    <qemu:commandline>
>      <qemu:arg value='-drive'/>
>      <qemu:arg
> value='file=/home/corey/images/nvram.raw,if=none,id=drive-nvram0-0-0,forma
> t=raw'/>
>      <qemu:arg value='-tpmdev'/>
>      <qemu:arg value='libtpms,id=tpm-tpm0,nvram=drive-nvram0-0-0'/>
>      <qemu:arg value='-device'/>
>      <qemu:arg value='tpm-tis,tpmdev=tpm-tpm0,id=tpm0'/>
>      <qemu:arg value='-L'/>
>      <qemu:arg value='/usr/local/share/qemu/corey_seabios/'/>
>    </qemu:commandline>
> ...
> 
> >
> > BTW, I found a SeaBios patch:( Add TPM support to SeaBIOS)
> http://www.seabios.org/pipermail/seabios/2011-April/001609.html.
> >
> >
> >
> 
> Stefan, do you know if this is the same code that was used to build our 
> bios.bin?
> 
> --
> Regards,
> Corey Bryant
> 
> >>
> >>>        BTW, one target of my team is enabling stubdom vtpm for HVM
> >>> virtual
> >> machine on Xen virtualization, your patches and seabios are big
> breakthroughs.
> >> My team is very interested to collaborate with you / Qemu community
> >> on similar areas.
> >>
> >> That's great to hear!
> >>
> >> Unfortunately, the current approach of linking QEMU against libtpms
> >> doesn't look like it's going to make it upstream.  So it looks like
> >> we need to take a different approach.
> >
> >
> >
> > My team is very interested to collaborate to make it upstream. Let's do it
> together.
> >
> >
> >>
> >> Btw, I thought Xen already had TPM support.  Is that not supported in
> >> stubdom's?
> >
> >
> >
> > In Xen 4.3, Xen supports vtpm in stubdom for para-virtualization virtual
> machine only.
> > My team is focusing on enabling stubdom vtpm for HVM virtual machine.
> >
> >
> >
> >>
> >> --
> >> Regards,
> >> Corey Bryant
> >>
> >>>
> >>> I'd be really pleased if you can help me on these issues.
> >>>
> >>> Quan Xu
> >>> Intel
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: Corey Bryant [mailto:address@hidden
> >>>> Sent: Monday, November 25, 2013 9:53 PM
> >>>> To: Xu, Quan
> >>>> Cc: address@hidden
> >>>> Subject: Re: [Qemu-devel] [PATCH 4/4] tpm: Provide libtpms software
> >>>> TPM backend
> >>>>
> >>>>
> >>>>
> >>>> On 11/24/2013 10:36 PM, Xu, Quan wrote:
> >>>>> Bryant,
> >>>>>
> >>>>>         I found that there is some conflict in qemu-options.hx
> >>>>> between your
> >>>> patch andqemu-1.7.0-rc1.tar.bz2
> >>>> <http://wiki.qemu-project.org/download/qemu-1.7.0-rc1.tar.bz2>.
> >>>>>
> >>>>> What QEMU version does this patch base on? Thanks.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> Quan Xu
> >>>>>
> >>>>> Intel
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>> Thanks Quan.  I believe I built these on top of commit
> >>>> c2d30667760e3d7b81290d801e567d4f758825ca.  I don't think this
> >>>> series is going to make it upstream though so I likely won't be 
> >>>> submitting a
> v2.
> >>>>
> >>>> --
> >>>> Regards,
> >>>> Corey Bryant
> >>>
> >>>
> >
> > Quan Xu
> > Intel
> >
> >
> >
> >

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH 4/4] tpm: Provide libtpms software TPM backend, Xu, Quan, 2013/12/01
- Re: [Qemu-devel] [PATCH 4/4] tpm: Provide libtpms software TPM backend, Corey Bryant, 2013/12/02
  - Re: [Qemu-devel] [PATCH 4/4] tpm: Provide libtpms software TPM backend, Stefan Berger, 2013/12/02
  - Re: [Qemu-devel] [PATCH 4/4] tpm: Provide libtpms software TPM backend, Xu, Quan <=

Prev by Date: Re: [Qemu-devel] [PATCH] usb: Remove magic constants from device bmAttributes
Next by Date: Re: [Qemu-devel] [PATCH v1 22/22] petalogix-ml605: Make the LMB visible only to the CPU
Previous by thread: Re: [Qemu-devel] [PATCH 4/4] tpm: Provide libtpms software TPM backend
Next by thread: Re: [Qemu-devel] [PATCH v6 1/5] hw/ptimer: add VMSTATE_PTIMER_ARRAY
Index(es):
- Date
- Thread