Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtua

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtua

From:	汤福
Subject:	Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine
Date:	Sun, 19 Aug 2018 15:44:41 +0800 (GMT+08:00)

I tried it according to your method, but I have some problems. My host is 
centos 7.2 with the TPM 2.0 hardware and qemu v2.10.2. The driver for the TPM 
2.0 hardware is crb device，Execute lsmod to view the tpm 2.0 driver information 
as follows：
address@hidden BUILD]# lsmod | grep tpm
tpm_crb                12972  0 

I downloaded the OVMF-20182028-5.noarch.src.rpm package from the rpm search 
website. And rebulid it with -DTPM2_ENABLE and -DSECURE_BOOT_ENABLE, Rebulid 
everything well and generate the OVMF.fd and OVMF_ARGS.fd file，so I copy 
OVMF.fd to my qemu-kvm project and start qemu to install windows 10 virtual 
machine.

I first created a blank img file named win10.img，and install win10  virtual 
machine as follows：
address@hidden BUILD]#qemu-system-x86_64 -display sdl -enable-kvm  -m 4096 
-boot d  -cdrom win10.iso -bios OVMF.fd  -net none  -boot menu=on -tpmdev 
cuse-tpm,id=tpm0,cancel-path=/dev/null,type=passthrough,path=/dev/tpm0  -device 
tpm-tis,tpmdev=tpm0 win10.img

The installation process is very very slow, the system automatically restarts 
after the installation is complete. But it seems can't enter the desktop. The 
system restarts cyclically, it looks like there is a problem with BIOS boot. I 
think of what you said that  for Windows TPM 2 support will need the TPM CRB 
device, so I start qemu with parameter of -device tpm-crb but it didn't work. 
Prompt the following error message：
address@hidden BUILD]#qemu-system-x86_64 -display sdl -enable-kvm  -m 4096 
-boot d  -bios OVMF.fd  -net none  -boot menu=on -tpmdev 
cuse-tpm,id=tpm0,cancel-path=/dev/null,type=passthrough,path=/dev/tpm0  -device 
tpm-crb,tpmdev=tpm0 win10.img
address@hidden BUILD]#qemu-system-x86_64: -device tpm-crb,tpmdev=tpm0: 
'tpm-crb' is not a valid device model name

I don't know where the problem is, I need you to give me some help. Thank you 
very much!


> -----原始邮件-----
> 发件人: "Marc-André Lureau" <address@hidden>
> 发送时间: 2018-08-16 16:56:52 (星期四)
> 收件人: address@hidden
> 抄送: QEMU <address@hidden>
> 主题: Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual 
> machine
> 
> Hi
> On Thu, Aug 16, 2018 at 3:29 AM 汤福 <address@hidden> wrote:
> >
> > Hi,
> >
> > I want to use the vTPM in a qemu Windows image. Unfortunately, it didn't 
> > work.
> > First, the equipment:
> > TPM 2.0 hardware
> > CentOS 7.2
> > Qemu v2.10.2
> > SeaBIOS 1.11.0
> > libtpm and so on
> >
> > My host is centos 7.2 with the TPM 2.0 hardware and qemu v2.10.2.
> > I make the libtpm and seabios with ./configure, make and so on. I checked 
> > seabios with make menuconfig the TPM setting. It is enabled tpm by default.
> > Eventually, all works without errors.
> >
> > I start the Widnows 10 image with:
> > qemu-system-x86_64 -display sdl -enable-kvm -m 2048 -boot d -bios bios.bin 
> > -boot menu=on -tpmdev 
> > cuse-tpm,id=tpm0,cancel-path=/dev/null,type=passthrough,path=/dev/tpm0  
> > -device tpm-tis,tpmdev=tpm0 win10.img
> >
> >
> > First it looks all fine. Windows 10 booted up but the vTPM was recognized 
> > as TPM 1.2 instead of TPM 2.0 in device manager. I open the tpm Manager 
> > with tpm.msc but get error with No compatible TPM found.
> > If I use vTPM in a qemu linux image, everything gose well. I think of what 
> > you said 
> >
> >
> > So, what could be the problem?
> 
> You need to build libtpms & swtpm from Stefan tpm2-preview branches.
> (Alternatively, there is now an experimental fedora copr repository:
> https://copr.fedorainfracloud.org/coprs/stefanberger/swtpm/)
> 
> I suggest to setup the VM with libvirt upstream, which will do the
> preliminary swtpm_setup for you, or follow
> https://github.com/stefanberger/swtpm/wiki/Certificiates-created-by-swtpm_setup
> 
> For Windows TPM 2 support, you will need the TPM CRB device, and
> upstream OVMF compiled with  -D TPM2_ENABLE (TIS & Bios are 1.2 only
> for Windows, even if seabios does have some 2.0 support with them)
> 
> Furthermore, to pass the WLK tests, you need PPI & MOR interface,
> which are still pending merge ([PATCH v9 0/6] Add support for TPM
> Physical Presence interface)
> 
> 
> 
> 
> -- 
> Marc-André Lureau

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine, 汤福, 2018/08/13
- [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine, 汤福, 2018/08/15
  - Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine, Marc-André Lureau, 2018/08/16
    - Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine, 汤福 <=
    - Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine, Marc-André Lureau, 2018/08/21

Prev by Date: Re: [Qemu-devel] virtio ignores pci_address_space_*()?
Next by Date: Re: [Qemu-devel] Bugs when cross-compiling qemu for Windows with mingw 8.1, executable doesn't run
Previous by thread: Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine
Next by thread: Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine
Index(es):
- Date
- Thread