Re: TPM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 08/29/2018 07:38 AM, Dag Nygren wrote:


On onsdag 29 augusti 2018 kl. 10:00:39 EEST Sandro Bonazzola wrote:

2018-08-28 13:52 GMT+02:00 Dag Nygren <dag@xxxxxxxxxx>:


We have a desperate need for TPM support and:

1. Tried the "standard" distro install. linvirt supports
   TPM passthrough but kvm-qemu barfs:
   "unsupported configuration: The QEMU executable /usr/libexec/qemu-kvm
does not support TPM backend type passthrough"

2. The activated the qemu-ev repo and updated qemu-kvm to version 2.10.0,
which for sure
    should support at least passthrough. No luck - Same error message.
    Downloaded the source for th rpm and found a line: "--disable-tpm"
    in build_configure.sh. Guess that the maintainers has some reason
    to turn tpm off. Can somone confirm this?


Not sure about reasons for turning off, but request to enable it has been
closed wontfix: https://bugzilla.redhat.com/show_bug.cgi?id=1327947

Thanks for the comments and reactions so far!

Well. Changed -disable-tpm to enable-tpm in the rpmbuild and
built myself a version with TPM passthrough enabled. Just to find
out that it only supports tpm_tis in 2.10.0 and our device
only seem to speak tpm_cdr :-(. Bugger.. But we really do need multiple
VM:s accessing the hardware TPM anyway and this would only give us
one VM ...

Also downloaded qemu 2.12.0 and tried to very optimistically just
throw it in the rpmbuild. And got a heap of patch fails already
at the first patch. Expected of course... So no such luck.

Now looking further it also seems like even 2.12.0 will not solve
our problem as it only gives multiple VM access to the swtpm emulator.
We need access to the hardware TPM...

Can you make swtpm use the hardware ?

Any advice would/will be valuable!


You could try using Xen.
A quick search implies that Xen from 4.3 onward will virtualize TPM.
I am not sure if the libvirt drivers for xen will support the feature but some work around may be possible. 

--
Alvin Starr                   ||   land:  (905)513-7688
Netvel Inc.                   ||   Cell:  (416)806-0133
alvin@xxxxxxxxxx              ||

_______________________________________________
CentOS-virt mailing list
CentOS-virt@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos-virt
[Index of Archives]     [CentOS Users]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [X.org]     [Xfree86]     [Linux USB]

  Powered by Linux