Re: [Qemu-devel] [PATCH 4/4] tpm: Provide libtpms software TPM backend

From: Corey Bryant
Subject: Re: [Qemu-devel] [PATCH 4/4] tpm: Provide libtpms software TPM backend
Date: Mon, 02 Dec 2013 09:16:25 -0500
On 12/01/2013 11:00 PM, Xu, Quan wrote:

From: Corey Bryant
Sent: Tuesday, November 26, 2013 10:40 PM
To: Xu, Quan
Cc: address@hidden
Subject: Re: [Qemu-devel] [PATCH 4/4] tpm: Provide libtpms software TPM

On 11/25/2013 10:04 PM, Xu, Quan wrote:
       Thanks Bryant, this problem has been solved by following
       But there is another problem when run configure with
"./configure --target-list=x86_64-softmmu --enable-tpm". The value of
"libtpms" is still "no". when I modified "tpm_libtpms" to "yes" in
configure file directly and make, then reported with error
"hw/tpm/tpm_libtpms.c:21:33: fatal error: libtpms/tpm_library.h: No
such file or directory".  Now I am installing libtpms with
https://github.com/coreycb/libtpms for libtpms lib. Could you share specific 
to configure QEMU based on your patch, if it comes easily to you?

Here's what I've been using to build libtpms:

$ CFLAGS='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
$ export CFLAGS
$ ./configure --build=x86_64-redhat-linux-gnu --prefix=/usr
$ make
$ sudo make install

And then the configure you're using above should work for QEMU.

     Sorry for my delay to answer you. I had a cold and took a sick leave at 
last Friday.

Not a problem.  I hope you're feeling better.

     Now I have setup QEMU with your patch. Start VM with below command:
    qemu-system-x86_64 -m 1024 -hda rhel.raw -nographic -vnc :1 -drive 
file=nvram.qcow2,if=none,id=nvram0-0-0,format=qcow2 -device 
tpm-tis,tpmdev=tpm-tpm0,id=tpm0 -tpmdev libtpms,id=tpm-tpm0,nvram=nvram0-0-0 
-net nic -net tap,ifname=tap0,script=no

rhel.raw is Red Hat 6.4 image. Also I have rebuild kernel with TPM 1.2 driver in VM. But 
I still can't find " /sys/class/misc/tpm0/ ".

     Does it need SeaBios bios.bin to make it work?  If need bios.bin, could 
you send me a bios.bin and tell me how to enable bios.bin with your patch?

Yes it needs bios.bin. I've attached a bios.bin that has vTPM seabios updates. You should be able to copy everything from /usr/local/share/qemu to a new directory, and just replace the bios.bin in the new directory with the one I've attached. Then point qemu at the new directory.

Also, make sure you enable the boot menu. Then when you boot your guest you can press F11 to get a menu of TPM options to enable, disable, activate, deactivate, clear, etc the vTPM.

Here's some sample libvirt domain XML updates:

<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
  <bootmenu enable='yes'/>
    <qemu:arg value='-drive'/>
<qemu:arg value='file=/home/corey/images/nvram.raw,if=none,id=drive-nvram0-0-0,format=raw'/>
    <qemu:arg value='-tpmdev'/>
    <qemu:arg value='libtpms,id=tpm-tpm0,nvram=drive-nvram0-0-0'/>
    <qemu:arg value='-device'/>
    <qemu:arg value='tpm-tis,tpmdev=tpm-tpm0,id=tpm0'/>
    <qemu:arg value='-L'/>
    <qemu:arg value='/usr/local/share/qemu/corey_seabios/'/>

BTW, I found a SeaBios patch:( Add TPM support to SeaBIOS) 

Stefan, do you know if this is the same code that was used to build our bios.bin?

Corey Bryant

       BTW, one target of my team is enabling stubdom vtpm for HVM virtual
machine on Xen virtualization, your patches and seabios are big breakthroughs.
My team is very interested to collaborate with you / Qemu community on similar

That's great to hear!

Unfortunately, the current approach of linking QEMU against libtpms doesn't look
like it's going to make it upstream.  So it looks like we need to take a 

My team is very interested to collaborate to make it upstream. Let's do it 

Btw, I thought Xen already had TPM support.  Is that not supported in

In Xen 4.3, Xen supports vtpm in stubdom for para-virtualization virtual 
machine only.
My team is focusing on enabling stubdom vtpm for HVM virtual machine.

Corey Bryant

I'd be really pleased if you can help me on these issues.

Quan Xu

On 11/24/2013 10:36 PM, Xu, Quan wrote:

        I found that there is some conflict in qemu-options.hx
between your
patch andqemu-1.7.0-rc1.tar.bz2

What QEMU version does this patch base on? Thanks.

Quan Xu


Thanks Quan.  I believe I built these on top of commit
c2d30667760e3d7b81290d801e567d4f758825ca.  I don't think this series
is going to make it upstream though so I likely won't be submitting a v2.

Corey Bryant

Quan Xu

