On 12/5/2024 3:20 AM, Stefan Berger wrote: > > > On 12/3/24 2:58 AM, Yuvaraj Ranganathan wrote: >> Hi Everyone, >> >> We are trying to launch a VM’s using qemu with TPM passthrough >> (https://www.qemu.org/docs/master/specs/tpm.html) and >> we are encountering the QEMU launch is failing on below experiments, >> >> Problem 1: >> qemu-system-aarch64 \ >> -M virt -m 2G \ >> -tpmdev passthrough,id=tpm0,path=/dev/tpmrm0 -device tpm- >> tis,tpmdev=tpm0 \ >> -kernel /mnt/overlay/Image \ >> -drive >> file=/mnt/overlay/qcom-guestvm-image-qcs9100-ride- >> sx-20241118050754.rootfs.ext4,if=virtio,format=raw >> \ >> -append "root=/dev/vda" \ >> -cpu host --enable-kvm -smp 4 -nographic >> >> >> qemu-system-aarch64: -tpmdev passthrough,id=tpm0,path=/dev/tpmrm0: >> tpm_passthrough: Could not guess TPM cancel path >> >> >> Problem 2: (experimented based on open source discussions) >> qemu-system-aarch64 \ >> -M virt -m 2G \ >> -tpmdev >> passthrough,id=tpm0,path=/dev/tpmrm0,cancel-path=/sys/class/tpm/tpm0/ >> device/cancel >> -device tpm-tis,tpmdev=tpm0 \ >> -kernel /mnt/overlay/Image \ >> -drive >> file=/mnt/overlay/qcom-guestvm-image-qcs9100-ride- >> sx-20241118050754.rootfs.ext4,if=virtio,format=raw >> \ >> -append "root=/dev/vda" \ >> -cpu host --enable-kvm -smp 4 -nographic >> >> qemu-system-aarch64: -tpmdev >> passthrough,id=tpm0,path=/dev/tpmrm0,cancel-path=/sys/class/tpm/tpm0/ >> device/cancel: >> tpm_passthrough: Could not open TPM cancel path: No such file or >> directory > > A possibility is to pass /dev/null in this case. When we start VMs like > with passthrough in libvirt then we also pass /dev/null if the cancel > sysfs file cannot be found (anymore): > > https://github.com/libvirt/libvirt/blob/ > dba710374d92688f797bf64642cc0d640c301239/src/util/virtpm.c#L67-L93 > >> >> On further checking, it is due to /sys/class/tpm/tpm0/device/cancel >> attribute is not created by TPM driver. >> >> Temporary Solution explored: >> >> We made the change in TPM driver to use tpm1_dev_group irrespective of >> TPM version. >> tpm2_dev_group is creating only tpm_version_major attribute while >> tpm1_dev_group is creating multiple attributes including cancel + tpm2 >> attributes. >> With this change, we are able to launch VM’s successfully using QEMU >> command. >> >> TPM HW version: 2.0 >> QEMU emulator version: 6.2.0 >> >> This seems to be basic issue with QEMU + TPM 2.0 HW. >> Could you please help us know are we missing any procedure in the QEMU >> steps ? >> >> If the procedure is good, I shall go ahead to post an upstream patch >> with the fix. Need your comments here!!! >> >> Thanks, >> Yuvaraj. >> > Thanks Stefan, this suggestion worked. Thanks, Yuvaraj.
