Re: [Qemu-devel] TPM does not seem to work under QEMU with TPM patches

Re: [Qemu-devel] TPM does not seem to work under QEMU with TPM patches

[Kent Yoder]

Hi Jordi,

On Mon, Aug 20, 2012 at 06:12:44PM -0400, Jordi Cucurull Juan wrote:
> Dear all,
> 
> I am testing the TPM patches of Stefan Berger to provide TPM support
> to QEMU. Nevertheless I have not managed to run them successfully.
> During the compilation of QEMU with his patches (V18 for revision
> 563987d) I have not had any issue. But, I have a virtual machine
> based on CentOS 6.2 and the TPM does not seem to be present. I run
> the machine with the following command line (as a root user):
> 
> # /usr/local/bin/qemu-system-x86_64 -hda qemu-disk-centos.img -m
> 1024 -boot d -enable-kvm -usbdevice tablet -k es -tpmdev
> passthrough,id=tpm0,path=/dev/tpm0 -device tpm-tis,tpmdev=tpm0
> 
> My real machine has an Infineon TPM v1.2. When I try to load the TSS
> library (Trousers) inside the client machine (the CentOS 6.2) it
> throws the following error:
> 
> insmod: error inserting '/lib/modules/2.6.32-279.5.1.el6.x86_64/kernel/drivers/char/tpm/tpm_atmel.ko':
> -1 no such device

  This should be fine - the tpm_tis driver should be driving the vtpm.

> 
> Apart from this, QEMU does not throw any error. Should I enable
> something else to have access to the TPM? In addition, I do not see
> any /dev/vtpm0 device in my real machine.

  As I understand them, the qemu patches allow direct writing from the
guest to the host's /dev/tpm0, so you wouldn't see a new device node.

Kent

> 
> Best regards,
> Jordi.
> 
> 
> -- 
> Jordi Cucurull Juan
> Researcher
> Scytl Secure Electronic Voting
> Plaça Gal·la Placidia, 1-3, 1st floor · 08006 Barcelona
> Phone:     + 34 934 230 324
> Fax        + 34 933 251 028
> jordi.cucurull@scytl.com
> http://www.scytl.com
> 
> NOTICE: The information in this e-mail and in any of its attachments is confidential and intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, any disclosure, copying, distribution or retaining of this message or any part of it, without the prior written consent of Scytl Secure Electronic Voting, SA is prohibited and may be unlawful. If you have received this in error, please contact the sender and delete the material from any computer.
> 
> Your data are in a file owned by Scytl Secure Electronic Voting, S.A. You can exercice your rights of access, rectification, cancellation and opposition by contacting Scytl Secure Electronic Voting, S.A. at the following address: Gal·la Placídia, 1-3. 1st, 08006 Barcelona (Spain), according to the Organic Law 15/1999, of 13th December of Protection of Personal Data.
> 
> 

[Qemu-devel] TPM does not seem to work under QEMU with TPM patches

[Jordi Cucurull Juan]

Dear all,

I am testing the TPM patches of Stefan Berger to provide TPM support to 
QEMU. Nevertheless I have not managed to run them successfully. During 
the compilation of QEMU with his patches (V18 for revision 563987d) I 
have not had any issue. But, I have a virtual machine based on CentOS 
6.2 and the TPM does not seem to be present. I run the machine with the 
following command line (as a root user):

# /usr/local/bin/qemu-system-x86_64 -hda qemu-disk-centos.img -m 1024 
-boot d -enable-kvm -usbdevice tablet -k es -tpmdev 
passthrough,id=tpm0,path=/dev/tpm0 -device tpm-tis,tpmdev=tpm0

My real machine has an Infineon TPM v1.2. When I try to load the TSS 
library (Trousers) inside the client machine (the CentOS 6.2) it throws 
the following error:

insmod: error inserting 
'/lib/modules/2.6.32-279.5.1.el6.x86_64/kernel/drivers/char/tpm/tpm_atmel.ko': 
-1 no such device

Apart from this, QEMU does not throw any error. Should I enable 
something else to have access to the TPM? In addition, I do not see any 
/dev/vtpm0 device in my real machine.


Best regards,
Jordi.


-- 
Jordi Cucurull Juan
Researcher
Scytl Secure Electronic Voting
Plaça Gal·la Placidia, 1-3, 1st floor · 08006 Barcelona
Phone:     + 34 934 230 324
Fax        + 34 933 251 028
jordi.cucurull@scytl.com
http://www.scytl.com

NOTICE: The information in this e-mail and in any of its attachments is confidential and intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, any disclosure, copying, distribution or retaining of this message or any part of it, without the prior written consent of Scytl Secure Electronic Voting, SA is prohibited and may be unlawful. If you have received this in error, please contact the sender and delete the material from any computer.

Your data are in a file owned by Scytl Secure Electronic Voting, S.A. You can exercice your rights of access, rectification, cancellation and opposition by contacting Scytl Secure Electronic Voting, S.A. at the following address: Gal·la Placídia, 1-3. 1st, 08006 Barcelona (Spain), according to the Organic Law 15/1999, of 13th December of Protection of Personal Data.

Re: [Qemu-devel] TPM does not seem to work under QEMU with TPM patches

[Jordi Cucurull Juan]

Hi Kent,

I have solved the issue. The problem was that in CentOS the tpm_dis 
driver is integrated into the kernel and it was not loaded by default. I 
have added the following keywords to the kernel load line in the bootloader:

tpm_tis.force=1

Now the /dev/tpm0 device appears in the virtual machine and the TSS 
library loads correctly.

Thanks!
Jordi.


On 08/20/2012 10:14 PM, Kent Yoder wrote:
> Hi Jordi,
>
> On Mon, Aug 20, 2012 at 06:12:44PM -0400, Jordi Cucurull Juan wrote:
>> Dear all,
>>
>> I am testing the TPM patches of Stefan Berger to provide TPM support
>> to QEMU. Nevertheless I have not managed to run them successfully.
>> During the compilation of QEMU with his patches (V18 for revision
>> 563987d) I have not had any issue. But, I have a virtual machine
>> based on CentOS 6.2 and the TPM does not seem to be present. I run
>> the machine with the following command line (as a root user):
>>
>> # /usr/local/bin/qemu-system-x86_64 -hda qemu-disk-centos.img -m
>> 1024 -boot d -enable-kvm -usbdevice tablet -k es -tpmdev
>> passthrough,id=tpm0,path=/dev/tpm0 -device tpm-tis,tpmdev=tpm0
>>
>> My real machine has an Infineon TPM v1.2. When I try to load the TSS
>> library (Trousers) inside the client machine (the CentOS 6.2) it
>> throws the following error:
>>
>> insmod: error inserting '/lib/modules/2.6.32-279.5.1.el6.x86_64/kernel/drivers/char/tpm/tpm_atmel.ko':
>> -1 no such device
>    This should be fine - the tpm_tis driver should be driving the vtpm.
>
>> Apart from this, QEMU does not throw any error. Should I enable
>> something else to have access to the TPM? In addition, I do not see
>> any /dev/vtpm0 device in my real machine.
>    As I understand them, the qemu patches allow direct writing from the
> guest to the host's /dev/tpm0, so you wouldn't see a new device node.
>
> Kent
>
>> Best regards,
>> Jordi.
>>
>>
>> -- 
>> Jordi Cucurull Juan
>> Researcher
>> Scytl Secure Electronic Voting
>> Plaça Gal·la Placidia, 1-3, 1st floor · 08006 Barcelona
>> Phone:     + 34 934 230 324
>> Fax        + 34 933 251 028
>> jordi.cucurull@scytl.com
>> http://www.scytl.com
>>
>> NOTICE: The information in this e-mail and in any of its attachments is confidential and intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, any disclosure, copying, distribution or retaining of this message or any part of it, without the prior written consent of Scytl Secure Electronic Voting, SA is prohibited and may be unlawful. If you have received this in error, please contact the sender and delete the material from any computer.
>>
>> Your data are in a file owned by Scytl Secure Electronic Voting, S.A. You can exercice your rights of access, rectification, cancellation and opposition by contacting Scytl Secure Electronic Voting, S.A. at the following address: Gal·la Placídia, 1-3. 1st, 08006 Barcelona (Spain), according to the Organic Law 15/1999, of 13th December of Protection of Personal Data.
>>
>>
>

Re: [Qemu-devel] TPM does not seem to work under QEMU with TPM patches

[Stefan Berger]

On 08/20/2012 06:12 PM, Jordi Cucurull Juan wrote:
> Dear all,
>
> I am testing the TPM patches of Stefan Berger to provide TPM support 
> to QEMU. Nevertheless I have not managed to run them successfully. 
> During the compilation of QEMU with his patches (V18 for revision 
> 563987d) I have not had any issue. But, I have a virtual machine based 
> on CentOS 6.2 and the TPM does not seem to be present. I run the 
> machine with the following command line (as a root user):
>
> # /usr/local/bin/qemu-system-x86_64 -hda qemu-disk-centos.img -m 1024 
> -boot d -enable-kvm -usbdevice tablet -k es -tpmdev 
> passthrough,id=tpm0,path=/dev/tpm0 -device tpm-tis,tpmdev=tpm0
>
> My real machine has an Infineon TPM v1.2. When I try to load the TSS 
> library (Trousers) inside the client machine (the CentOS 6.2) it 
> throws the following error:
>
> insmod: error inserting 
> '/lib/modules/2.6.32-279.5.1.el6.x86_64/kernel/drivers/char/tpm/tpm_atmel.ko': 
> -1 no such device
>
You have to use tpm_tis.
Unless you are using the SeaBIOS extensions for TPM support as well you 
have do

modprobe tpm_tis force=1

or in the grub command line

tpm_tis.force=1

The 'force' parameter is necessary if ACPI tables for TPM are missing 
and those are only provided once SeaBIOS has been patched with TPM support.


      Stefan

> Apart from this, QEMU does not throw any error. Should I enable 
> something else to have access to the TPM? In addition, I do not see 
> any /dev/vtpm0 device in my real machine.
>
>
> Best regards,
> Jordi.
>
>