Re: [SeaBIOS] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine with seabios
Excuse me, is there some case of successful attempts on Windows 10? Or just some technical knowledge has not really test? Could you provide me some technical docs? Thanks!
-----原始邮件----- 发件人: "Marc-André Lureau" marcandre.lureau@gmail.com 发送时间: 2018-08-23 16:37:36 (星期四) 收件人: tangfu@gohighsec.com 抄送: "Kevin O'Connor" kevin@koconnor.net, seabios@seabios.org 主题: Re: [SeaBIOS] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine with seabios
Hi
On Thu, Aug 23, 2018 at 9:29 AM 汤福 tangfu@gohighsec.com wrote:
Hi, I am sorry, I bothered you. Still vTPM 2.0 for win 10 problem, I downloaded the latest qemu source from git, the version is V3.0.50. I think this is the latest code of qemu upstream. I also downloaded seabios upstream and bulid it with tpm2 support. Unfortunately, I tried both passthrough and emulator, and I didn’t get the expected results.
For emulator, I did it like this: #mkdir /tmp/mytpm2/ #chown tss:root /tmp/mytpm2 #swtpm_setup --tpmstate /tmp/mytpm2 --create-ek-cert --create-platform-cert --allow-signing --tpm2 #swtpm socket --tpmstate dir=/tmp/mytpm2 --ctrl type=unixio,path=/tmp/mytpm2/swtpm-sock --log level=20 --tpm2
No errors occurred, suggesting that the certificate was also generated successfully.Then I created a blank img file named win10.img,and install win10 virtual machine as follows: #qemu-system-x86_64 -display sdl -enable-kvm -cdrom win10.iso -serial stdio -m 2048 -boot d -bios bios.bin -boot menu=on -chardev socket,id=chrtpm,path=/tmp/mytpm2/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-crb,tpmdev=tpm0 win10-ovmf.img Enter the system when the system is successfully installed,I found that the TPM 2.0 device was not found in the System Device Manager. If I replace -device tpm-crb with -device tpm-tis and reboot the system,The TPM device can be found in the device manager.But the vTPM 2.0 is recognized as vTPM 1.2.
I also tried passthrough mode, The result is the same as emulator. So, what could be the problem?
Try with OVMF. According to some technical docs, it seems Windows requires UEFI & CRB for TPM 2. That's also what testing suggestsTry. We are able to pass most WLK TPM tests with this setup.
-----原始邮件----- 发件人: "Kevin O'Connor" kevin@koconnor.net 发送时间: 2018-08-21 12:08:59 (星期二) 收件人: "汤福" tangfu@gohighsec.com 抄送: seabios@seabios.org 主题: Re: [SeaBIOS] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine with seabios
On Mon, Aug 13, 2018 at 04:45:43PM +0800, 汤福 wrote:
Hi,
I want to use the vTPM in a qemu Windows image. Unfortunately, it didn't work. First, the equipment: TPM 2.0 hardware CentOS 7.2 Qemu v2.10.2 SeaBIOS 1.11.0 libtpm and so on
If you retry with the latest SeaBIOS code from the master branch, does the problem still exist?
See: https://mail.coreboot.org/pipermail/seabios/2018-August/012384.html
-Kevin
SeaBIOS mailing list SeaBIOS@seabios.org https://mail.coreboot.org/mailman/listinfo/seabios
-- Marc-André Lureau
-
汤福