<div dir="ltr">Hi Stefan<br><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 24, 2017 at 2:49 PM, Stefan Berger <span dir="ltr"><<a href="mailto:stefanb@linux.vnet.ibm.com" target="_blank">stefanb@linux.vnet.ibm.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class="">
<div class="m_7144159799123816744moz-cite-prefix">On 11/23/2017 03:19 PM, Marc-André
Lureau wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi<br>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Nov 23, 2017 at 8:49 PM,
Stefan Berger <span dir="ltr"><<a href="mailto:stefanb@linux.vnet.ibm.com" target="_blank">stefanb@linux.vnet.ibm.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"><span class="m_7144159799123816744gmail-">
<div class="m_7144159799123816744gmail-m_9090830907091030486moz-cite-prefix">On
11/23/2017 07:48 AM, <a class="m_7144159799123816744gmail-m_9090830907091030486moz-txt-link-abbreviated" href="mailto:jwang@whu.edu.cn" target="_blank">jwang@whu.edu.cn</a>
wrote:<br>
</div>
<blockquote type="cite">
<blockquote class="m_7144159799123816744gmail-m_9090830907091030486ReferenceQuote" style="padding-left:5px;margin-right:0px;margin-left:5px;border-left:2px solid rgb(182,182,182)">
<p> Hi,Berger, </p>
<p> Thanks. But as I know CRB interface should
be for mobile platform. We just want to
support Windows Server
2012. Currently,the Windows Server 2012 can
find physical TPM2 device. However, for vTPM,
the windows server 2012 virtual machine just
can find a virtual TPM 1.2 device and can not
find vTPM 2.0 device. We have tried linux such
as ubuntu and the ubuntu virtual machine
can find vTPM 2.0 device in seabios 1.10 and
our modified <span lang="EN-US">qemu-kvm-ev-2.6.</span></p>
</blockquote>
</blockquote>
</span> My suggestion is to try to pick the patches
for QEMU and SeaBIOS CRB support or wait for the next
version of QEMU...<span class="m_7144159799123816744gmail-HOEnZb"><font color="#888888"><br>
</font></span></div>
</blockquote>
<div><br>
</div>
<div>I couldn't make Windows work with TPM2 and seabios.
However, I have some patch for ovmf to compile TPM2
support in, and it seem to work quite ok. I still have
to figure out some PhysicalPresence issues (using
swtpm/libtpms). I am busy with other projects now, but
you can take a look at the branches (<a href="https://github.com/elmarco/edk2/tree/tpm2" target="_blank">https://github.com/elmarco/<wbr>edk2/tree/tpm2</a>,
<a href="https://github.com/elmarco/qemu/tree/tpm" target="_blank">https://github.com/elmarco/<wbr>qemu/tree/tpm</a>).
As you can see, work in progress, and help welcome!<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br></span>
Windows seems to need CRB for it to accept the TPM 2... It may work
'better' with UEFI, but the device is also recognized with (patched)
SeaBIOS.<br></div></blockquote><div><br></div><div>I am mostly testing with windows 10, and tpm.msc complains that TPM is malfunctionning with seabios & my chhanges (even tough it does some exchanges). With the UEFI branch, it passes, but Bitlocker still complains the TPM is malfunctioning. Apparently, this could be related to PhysicalPresence (I have no clear idea how PP works, I'll need to study that a bit)</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
<br>
For Win2012R2 this is also relevant:<br>
<br>
<a class="m_7144159799123816744moz-txt-link-freetext" href="https://support.microsoft.com/en-us/help/3095701/tpm-2-0-device-can-t-be-recognized-in-windows-server-2012-r2" target="_blank">https://support.microsoft.com/<wbr>en-us/help/3095701/tpm-2-0-<wbr>device-can-t-be-recognized-in-<wbr>windows-server-2012-r2</a><span class="HOEnZb"><font color="#888888"><br></font></span></div></blockquote><div><br></div><div>thanks</div><div> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><span class="HOEnZb"><font color="#888888">
<br>
<br>
Stefan</font></span><div><div class="h5"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div class="gmail_extra">
<div class="gmail_quote">
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"><span class="m_7144159799123816744gmail-HOEnZb"><font color="#888888"> <br>
Stefan</font></span>
<div>
<div class="m_7144159799123816744gmail-h5"><br>
<br>
<blockquote type="cite">
<blockquote class="m_7144159799123816744gmail-m_9090830907091030486ReferenceQuote" style="padding-left:5px;margin-right:0px;margin-left:5px;border-left:2px solid rgb(182,182,182)">
<p> </p>
<p> <span lang="EN-US">This problem has been
bothering us for a month. Could you give
us some help?</span> </p>
<p> </p>
<p> Best,<br>
Juan<br>
<br>
<br>
<br>
<br>
</p>
<blockquote class="m_7144159799123816744gmail-m_9090830907091030486ReferenceQuote" style="padding-left:5px;margin-right:0px;margin-left:5px;border-left:2px solid rgb(182,182,182)" name="replyContent">
-----原始邮件-----<br>
<b>发件人:</b><span id="m_7144159799123816744gmail-m_9090830907091030486rc_from">"Stefan
Berger" <<a href="mailto:stefanb@linux.vnet.ibm.com" target="_blank">stefanb@linux.vnet.ibm.com</a>></span><br>
<b>发送时间:</b><span id="m_7144159799123816744gmail-m_9090830907091030486rc_senttime">2017-11-23
03:41:30 (星期四)</span><br>
<b>收件人:</b> <a href="mailto:00011007@whu.edu.cn" target="_blank">00011007@whu.edu.cn</a><br>
<b>抄送:</b> <br>
<b>主题:</b> Re: Fw: Can VTPM2 support WINDOWS<br>
<br>
<div class="m_7144159799123816744gmail-m_9090830907091030486moz-cite-prefix">
On 11/16/2017 08:40 AM, <a class="m_7144159799123816744gmail-m_9090830907091030486moz-txt-link-abbreviated" href="mailto:00011007@whu.edu.cn" target="_blank">00011007@whu.edu.cn</a>
wrote:<br>
</div>
<blockquote type="cite"> <br>
<br>
<br>
<blockquote class="m_7144159799123816744gmail-m_9090830907091030486ReferenceQuote" style="padding-left:5px;margin-right:0px;margin-left:5px;border-left:2px solid rgb(182,182,182)"> -----原始邮件-----<br>
<b>发件人:</b><span id="m_7144159799123816744gmail-m_9090830907091030486rc_from"><a class="m_7144159799123816744gmail-m_9090830907091030486moz-txt-link-abbreviated" href="mailto:00011007@whu.edu.cn" target="_blank">00011007@whu.edu.cn</a></span><br>
<b>发送时间:</b><span id="m_7144159799123816744gmail-m_9090830907091030486rc_senttime">2017-11-16
17:30:57 (星期四)</span><br>
<b>收件人:</b> <a class="m_7144159799123816744gmail-m_9090830907091030486moz-txt-link-abbreviated" href="mailto:seabios@seabios.org" target="_blank">seabios@seabios.org</a><br>
<b>抄送:</b> <br>
<b>主题:</b> Can VTPM2 support WINDOWS<br>
<br>
<p> Hi,all, </p>
<p> We want VTPM2 to support
windows virtual machines. So I want to
know if the current seabios can
support the windows guest OS when the
tpm driver can not be modified. The
host OS we used is CentOS 7.3 and the
seabios version is 1.10.2. The
hypervisor is KVM+QEMU. The windows
version is windows server 2012 that
can automatically support physical
TPM2 chip. </p>
</blockquote>
</blockquote>
<br>
I only ever tried with Windows 10 and that
requires a CRB interface (rather than TIS )
for a TPM2, which we will only get with the
next version of QEMU. I would assume that
this is also the case with windows server
2012.<br>
<br>
Stefan<br>
<br>
<blockquote type="cite">
<blockquote class="m_7144159799123816744gmail-m_9090830907091030486ReferenceQuote" style="padding-left:5px;margin-right:0px;margin-left:5px;border-left:2px solid rgb(182,182,182)">
<p> Looking forward to reply as soon as
possible. </p>
<p> <br>
Yours sincerely, </p>
<p> Juan </p>
<p> <br>
</p>
<span>
<hr class="m_7144159799123816744gmail-m_9090830907091030486signature-separator" style="margin:0.5em 0px;border-color:currentcolor;border-style:none;border-width:medium;width:30em;height:1px;background-color:rgb(153,153,153)" align="left"> <br>
Best Wishes! <br>
******************************<wbr>******************************<wbr>******************************<wbr>*****
<br>
Juan Wang <br>
Computer School, Wuhan Univers<wbr>ity
<br>
Key Laboratory of Aerospace In<wbr>formation Security and Trusted<wbr> Computing, Ministry of <wbr>Education
<br>
Mobile Phone : 18986213038 <br>
E-Mail : <a href="mailto:jwang@whu.edu.cn" target="_blank">jwang@whu.edu.<wbr>cn</a>
<br>
******************************<wbr>******************************<wbr>******************************<wbr>***** </span><br>
<br>
<b><span style="color:rgb(255,0,0);font-family:幼圆;font-size:large"><span style="color:rgb(0,0,255);font-family:楷体;font-size:x-large"><img src="http://www.whu.edu.cn/ch_template/img/logo.png"></span></span></b>
</blockquote>
<br>
<br>
<br>
<span>
<hr class="m_7144159799123816744gmail-m_9090830907091030486signature-separator" style="margin:0.5em 0px;border-color:currentcolor;border-style:none;border-width:medium;width:30em;height:1px;background-color:rgb(153,153,153)" align="left"> <br>
Best Wishes! <br>
******************************<wbr>******************************<wbr>******************************<wbr>*****
<br>
Juan Wang <br>
Computer School, Wuhan Univers<wbr>ity <br>
Key Laboratory of Aerospace In<wbr>formation Security and Trusted<wbr> Computing, Ministry of <wbr>Education
<br>
Mobile Phone : 18986213038 <br>
E-Mail : <a class="m_7144159799123816744gmail-m_9090830907091030486moz-txt-link-abbreviated" href="mailto:jwang@whu.edu.cn" target="_blank">jwang@whu.edu.<wbr>cn</a>
<br>
******************************<wbr>******************************<wbr>******************************<wbr>***** </span><br>
<br>
<b><span style="color:rgb(255,0,0);font-family:幼圆;font-size:large"><span style="color:rgb(0,0,255);font-family:楷体;font-size:x-large"><img src="http://www.whu.edu.cn/ch_template/img/logo.png"></span></span></b>
</blockquote>
<p> <br>
</p>
</blockquote>
<br>
<br>
<br>
<span>
<hr class="m_7144159799123816744gmail-m_9090830907091030486signature-separator" style="margin:0.5em 0px;border-color:currentcolor;border-style:none;border-width:medium;width:30em;height:1px;background-color:rgb(153,153,153)" align="left"> <br>
Best Wishes! <br>
******************************<wbr>******************************<wbr>******************************<wbr>*****
<br>
Juan Wang <br>
Computer School, Wuhan Univers<wbr>ity <br>
Key Laboratory of Aerospace In<wbr>formation Security and Trusted<wbr> Computing, Ministry of <wbr>Education
<br>
Mobile Phone : 18986213038 <br>
E-Mail : <a href="mailto:jwang@whu.edu.cn" target="_blank">jwang@whu.edu.<wbr>cn</a>
<br>
******************************<wbr>******************************<wbr>******************************<wbr>***** </span><br>
<br>
<b><span style="color:rgb(255,0,0);font-family:幼圆;font-size:large"><span style="color:rgb(0,0,255);font-family:楷体;font-size:x-large"><img src="http://www.whu.edu.cn/ch_template/img/logo.png"></span></span></b>
</blockquote>
<br>
<br>
<br>
<span>
<hr class="m_7144159799123816744gmail-m_9090830907091030486signature-separator" style="margin:0.5em 0px;border-color:currentcolor;border-style:none;border-width:medium;width:30em;height:1px;background-color:rgb(153,153,153)" align="left"> <br>
Best Wishes! <br>
******************************<wbr>******************************<wbr>******************************<wbr>*****
<br>
Juan Wang <br>
Computer School, Wuhan Univers<wbr>ity <br>
Key Laboratory of Aerospace In<wbr>formation Security and Trusted<wbr> Computing, Ministry of <wbr>Education
<br>
Mobile Phone : 18986213038 <br>
E-Mail : <a class="m_7144159799123816744gmail-m_9090830907091030486moz-txt-link-abbreviated" href="mailto:jwang@whu.edu.cn" target="_blank">jwang@whu.edu.<wbr>cn</a> <br>
******************************<wbr>******************************<wbr>******************************<wbr>***** </span><br>
<br>
<b><font color="#ff0000" size="5" face="幼圆"><font color="#0000ff" size="6" face="楷体"><img src="http://www.whu.edu.cn/ch_template/img/logo.png"></font></font></b>
</blockquote>
<p><br>
</p>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
SeaBIOS mailing list<br>
<a href="mailto:SeaBIOS@seabios.org" target="_blank">SeaBIOS@seabios.org</a><br>
<a href="https://mail.coreboot.org/mailman/listinfo/seabios" rel="noreferrer" target="_blank">https://mail.coreboot.org/mail<wbr>man/listinfo/seabios</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="m_7144159799123816744gmail_signature">Marc-André Lureau<br>
</div>
</div>
</div>
</div>
</blockquote>
<p><br>
</p>
</div></div></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Marc-André Lureau<br></div>
</div></div></div>