RE: QUEMU and TPM2 device emulation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> -----Original Message-----
> From: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>
> Sent: Wednesday, October 14, 2020 11:32 AM
> To: Roberts, William C <william.c.roberts@xxxxxxxxx>; tpm2@xxxxxxxxxxxx; linux-
> integrity@xxxxxxxxxxxxxxx
> Subject: Re: QUEMU and TPM2 device emulation
> 
> On Wed, 2020-10-14 at 15:27 +0000, Roberts, William C wrote:
> > Has anyone ever setup a QUEMU instance with a virtualized TPM? I need
> > to try and replicate an issue with the in-kernel Resource manager. My
> > goal is to use the integrated QUEMU support To bring up an emulated
> > TPM device and it's associated RM node @ /dev/tpmrm0.
> >
> > I am looking at:
> > https://android.googlesource.com/platform/external/qemu/+/emu-master-d
> > ev/docs/specs/tpm.txt
> >
> > Which shows this command:
> >
> > qemu-system-x86_64 -display sdl -enable-kvm \
> >   -m 1024 -boot d -bios bios-256k.bin -boot menu=on \
> >   -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
> >   -tpmdev emulator,id=tpm0,chardev=chrtpm \
> >   -device tpm-tis,tpmdev=tpm0 test.img
> >
> > <snip>
> > #> dmesg | grep -i tpm
> > [    0.711310] tpm_tis 00:06: 1.2 TPM (device=id 0x1, rev-id 1)
> >
> > I have a few questions around this that I cannot seem to dig up any
> > documentation on:
> > 1. How to specify TPM2.0 device? The project
> > https://github.com/stefanberger/swtpm/wiki seems to indicate it would
> > be supported.
> 
> All QEMU is doing is passing through a socket to something as a TPM.
> Either TPM 1.2 or 2.0 could be on the end of that socket, so what really matters is
> what's at the other end of /tmp/mytpm1/swtpm-sock.
> If you change that to be TPM 2.0 then QEMU will see it.

Thanks James, once I started fiddling with it, it started to make sense. You need to start the swtpm component
with the option --tpm2, then pass through everything else in qemu the same way, as you point out.

Ill post my commands for anyone else who may stumble into this on their quest:

## Start TPM Emulator

Note that one needs the --tpm2 option to start a TPM2.0 emulator.

mkdir /tmp/mytpm1
swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock --log level=20 --tpm2

## Boot the VM
qemu-system-x86_64 -hda ~/qemu-images/ubuntu-20.04-amd64.img -boot d -m 2048 -enable-kvm -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux