> -----Original Message----- > From: Serge E. Hallyn <serge@xxxxxxxxxx> > Sent: Wednesday, October 14, 2020 10:58 AM > To: Roberts, William C <william.c.roberts@xxxxxxxxx> > Cc: tpm2@xxxxxxxxxxxx; ryaharpe@xxxxxxxxx; scmoser@xxxxxxxxx; linux- > integrity@xxxxxxxxxxxxxxx > Subject: Re: QUEMU and TPM2 device emulation > > On Wed, Oct 14, 2020 at 03:27:53PM +0000, Roberts, William C wrote: > > Has anyone ever setup a QUEMU instance with a virtualized TPM? I need > > to try and replicate an issue with the in-kernel Resource manager. My goal is to > use the integrated QUEMU support To bring up an emulated TPM device and it's > associated RM node @ /dev/tpmrm0. > > > > I am looking at: > > https://android.googlesource.com/platform/external/qemu/+/emu-master-d > > ev/docs/specs/tpm.txt > > > > Which shows this command: > > > > qemu-system-x86_64 -display sdl -enable-kvm \ > > -m 1024 -boot d -bios bios-256k.bin -boot menu=on \ > > -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \ > > -tpmdev emulator,id=tpm0,chardev=chrtpm \ > > -device tpm-tis,tpmdev=tpm0 test.img > > > > <snip> > > #> dmesg | grep -i tpm > > [ 0.711310] tpm_tis 00:06: 1.2 TPM (device=id 0x1, rev-id 1) > > > > I have a few questions around this that I cannot seem to dig up any > documentation on: > > 1. How to specify TPM2.0 device? The project > https://github.com/stefanberger/swtpm/wiki seems to indicate it would be > supported. > > > > 2. Does anyone know the minimum QUEMU version for this support? I > > looked in the CHANGELOG here, https://wiki.qemu.org/ChangeLog from > version 2.8 to 5.2 and never saw anything Call out TPM 2.0 specifically. > > 2.11 should suffice. > > > 3. Does anyone have or know of better documentation to set this up? If their > isn't better documentation, should we (read I) create it? This seems like a pretty > handy feature. > > I'm not sure how relevant this is any more, but I did this about two years ago and > documented it at https://s3hh.wordpress.com/2018/06/03/tpm-2-0-in-qemu/ Thanks, yeah I stumbled into this, it was super helpful. I got it working and posted back With my commands.
