From: "Serge E. Hallyn" <serge@hallyn.com>
To: "Roberts, William C" <william.c.roberts@intel.com>
Cc: "tpm2@lists.01.org" <tpm2@lists.01.org>,
ryaharpe@cisco.com, scmoser@cisco.com,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>
Subject: Re: QUEMU and TPM2 device emulation
Date: Wed, 14 Oct 2020 10:58:15 -0500 [thread overview]
Message-ID: <20201014155815.GA7562@mail.hallyn.com> (raw)
In-Reply-To: <SN6PR11MB34372D6EA769E056632095CFB8050@SN6PR11MB3437.namprd11.prod.outlook.com>
On Wed, Oct 14, 2020 at 03:27:53PM +0000, Roberts, William C wrote:
> Has anyone ever setup a QUEMU instance with a virtualized TPM? I need to try and replicate an issue with the in-kernel Resource manager. My goal is to use the integrated QUEMU support
> To bring up an emulated TPM device and it's associated RM node @ /dev/tpmrm0.
>
> I am looking at:
> https://android.googlesource.com/platform/external/qemu/+/emu-master-dev/docs/specs/tpm.txt
>
> Which shows this command:
>
> qemu-system-x86_64 -display sdl -enable-kvm \
> -m 1024 -boot d -bios bios-256k.bin -boot menu=on \
> -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
> -tpmdev emulator,id=tpm0,chardev=chrtpm \
> -device tpm-tis,tpmdev=tpm0 test.img
>
> <snip>
> #> dmesg | grep -i tpm
> [ 0.711310] tpm_tis 00:06: 1.2 TPM (device=id 0x1, rev-id 1)
>
> I have a few questions around this that I cannot seem to dig up any documentation on:
> 1. How to specify TPM2.0 device? The project https://github.com/stefanberger/swtpm/wiki seems to indicate it would be supported.
>
> 2. Does anyone know the minimum QUEMU version for this support? I looked in the CHANGELOG here, https://wiki.qemu.org/ChangeLog from version 2.8 to 5.2 and never saw anything
> Call out TPM 2.0 specifically.
2.11 should suffice.
> 3. Does anyone have or know of better documentation to set this up? If their isn't better documentation, should we (read I) create it? This seems like a pretty handy feature.
I'm not sure how relevant this is any more, but I did this about two years ago
and documented it at https://s3hh.wordpress.com/2018/06/03/tpm-2-0-in-qemu/
Scott and/or Ryan (added to cc:) may have done it more recently.
next prev parent reply other threads:[~2020-10-14 16:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-14 15:27 QUEMU and TPM2 device emulation Roberts, William C
2020-10-14 15:27 ` [tpm2] " Roberts, William C
2020-10-14 15:58 ` Serge E. Hallyn [this message]
2020-10-14 19:44 ` Roberts, William C
2020-10-14 19:44 ` [tpm2] " Roberts, William C
2020-10-14 16:32 ` James Bottomley
2020-10-14 19:43 ` Roberts, William C
2020-10-14 19:43 ` [tpm2] " Roberts, William C
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201014155815.GA7562@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=linux-integrity@vger.kernel.org \
--cc=ryaharpe@cisco.com \
--cc=scmoser@cisco.com \
--cc=tpm2@lists.01.org \
--cc=william.c.roberts@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.