[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtua
From: |
汤福 |
Subject: |
Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine |
Date: |
Sun, 19 Aug 2018 15:44:41 +0800 (GMT+08:00) |
I tried it according to your method, but I have some problems. My host is
centos 7.2 with the TPM 2.0 hardware and qemu v2.10.2. The driver for the TPM
2.0 hardware is crb device,Execute lsmod to view the tpm 2.0 driver information
as follows:
address@hidden BUILD]# lsmod | grep tpm
tpm_crb 12972 0
I downloaded the OVMF-20182028-5.noarch.src.rpm package from the rpm search
website. And rebulid it with -DTPM2_ENABLE and -DSECURE_BOOT_ENABLE, Rebulid
everything well and generate the OVMF.fd and OVMF_ARGS.fd file,so I copy
OVMF.fd to my qemu-kvm project and start qemu to install windows 10 virtual
machine.
I first created a blank img file named win10.img,and install win10 virtual
machine as follows:
address@hidden BUILD]#qemu-system-x86_64 -display sdl -enable-kvm -m 4096
-boot d -cdrom win10.iso -bios OVMF.fd -net none -boot menu=on -tpmdev
cuse-tpm,id=tpm0,cancel-path=/dev/null,type=passthrough,path=/dev/tpm0 -device
tpm-tis,tpmdev=tpm0 win10.img
The installation process is very very slow, the system automatically restarts
after the installation is complete. But it seems can't enter the desktop. The
system restarts cyclically, it looks like there is a problem with BIOS boot. I
think of what you said that for Windows TPM 2 support will need the TPM CRB
device, so I start qemu with parameter of -device tpm-crb but it didn't work.
Prompt the following error message:
address@hidden BUILD]#qemu-system-x86_64 -display sdl -enable-kvm -m 4096
-boot d -bios OVMF.fd -net none -boot menu=on -tpmdev
cuse-tpm,id=tpm0,cancel-path=/dev/null,type=passthrough,path=/dev/tpm0 -device
tpm-crb,tpmdev=tpm0 win10.img
address@hidden BUILD]#qemu-system-x86_64: -device tpm-crb,tpmdev=tpm0:
'tpm-crb' is not a valid device model name
I don't know where the problem is, I need you to give me some help. Thank you
very much!
> -----原始邮件-----
> 发件人: "Marc-André Lureau" <address@hidden>
> 发送时间: 2018-08-16 16:56:52 (星期四)
> 收件人: address@hidden
> 抄送: QEMU <address@hidden>
> 主题: Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual
> machine
>
> Hi
> On Thu, Aug 16, 2018 at 3:29 AM 汤福 <address@hidden> wrote:
> >
> > Hi,
> >
> > I want to use the vTPM in a qemu Windows image. Unfortunately, it didn't
> > work.
> > First, the equipment:
> > TPM 2.0 hardware
> > CentOS 7.2
> > Qemu v2.10.2
> > SeaBIOS 1.11.0
> > libtpm and so on
> >
> > My host is centos 7.2 with the TPM 2.0 hardware and qemu v2.10.2.
> > I make the libtpm and seabios with ./configure, make and so on. I checked
> > seabios with make menuconfig the TPM setting. It is enabled tpm by default.
> > Eventually, all works without errors.
> >
> > I start the Widnows 10 image with:
> > qemu-system-x86_64 -display sdl -enable-kvm -m 2048 -boot d -bios bios.bin
> > -boot menu=on -tpmdev
> > cuse-tpm,id=tpm0,cancel-path=/dev/null,type=passthrough,path=/dev/tpm0
> > -device tpm-tis,tpmdev=tpm0 win10.img
> >
> >
> > First it looks all fine. Windows 10 booted up but the vTPM was recognized
> > as TPM 1.2 instead of TPM 2.0 in device manager. I open the tpm Manager
> > with tpm.msc but get error with No compatible TPM found.
> > If I use vTPM in a qemu linux image, everything gose well. I think of what
> > you said
> >
> >
> > So, what could be the problem?
>
> You need to build libtpms & swtpm from Stefan tpm2-preview branches.
> (Alternatively, there is now an experimental fedora copr repository:
> https://copr.fedorainfracloud.org/coprs/stefanberger/swtpm/)
>
> I suggest to setup the VM with libvirt upstream, which will do the
> preliminary swtpm_setup for you, or follow
> https://github.com/stefanberger/swtpm/wiki/Certificiates-created-by-swtpm_setup
>
> For Windows TPM 2 support, you will need the TPM CRB device, and
> upstream OVMF compiled with -D TPM2_ENABLE (TIS & Bios are 1.2 only
> for Windows, even if seabios does have some 2.0 support with them)
>
> Furthermore, to pass the WLK tests, you need PPI & MOR interface,
> which are still pending merge ([PATCH v9 0/6] Add support for TPM
> Physical Presence interface)
>
>
>
>
> --
> Marc-André Lureau