[SeaBIOS] Fw: Re: Re: Fw: Can VTPM2 support WINDOWS
Stefan Berger
stefanb at linux.vnet.ibm.com
Fri Nov 24 14:49:58 CET 2017
On 11/23/2017 03:19 PM, Marc-André Lureau wrote:
> Hi
>
> On Thu, Nov 23, 2017 at 8:49 PM, Stefan Berger
> <stefanb at linux.vnet.ibm.com <mailto:stefanb at linux.vnet.ibm.com>> wrote:
>
> On 11/23/2017 07:48 AM, jwang at whu.edu.cn <mailto:jwang at whu.edu.cn>
> wrote:
>>
>> Hi,Berger,
>>
>> Thanks. But as I know CRB interface should be for mobile
>> platform. We just want to support Windows Server
>> 2012. Currently,the Windows Server 2012 can find physical
>> TPM2 device. However, for vTPM, the windows server 2012
>> virtual machine just can find a virtual TPM 1.2 device and
>> can not find vTPM 2.0 device. We have tried linux such as
>> ubuntu and the ubuntu virtual machine can find vTPM 2.0
>> device in seabios 1.10 and our modified qemu-kvm-ev-2.6.
>>
> My suggestion is to try to pick the patches for QEMU and SeaBIOS
> CRB support or wait for the next version of QEMU...
>
>
> I couldn't make Windows work with TPM2 and seabios. However, I have
> some patch for ovmf to compile TPM2 support in, and it seem to work
> quite ok. I still have to figure out some PhysicalPresence issues
> (using swtpm/libtpms). I am busy with other projects now, but you can
> take a look at the branches
> (https://github.com/elmarco/edk2/tree/tpm2,
> https://github.com/elmarco/qemu/tree/tpm). As you can see, work in
> progress, and help welcome!
Windows seems to need CRB for it to accept the TPM 2... It may work
'better' with UEFI, but the device is also recognized with (patched)
SeaBIOS.
For Win2012R2 this is also relevant:
https://support.microsoft.com/en-us/help/3095701/tpm-2-0-device-can-t-be-recognized-in-windows-server-2012-r2
Stefan
>
>
> Stefan
>
>
>> This problem has been bothering us for a month. Could you
>> give us some help?
>>
>> Best,
>> Juan
>>
>>
>>
>>
>> -----原始邮件-----
>> *发件人:*"Stefan Berger" <stefanb at linux.vnet.ibm.com
>> <mailto:stefanb at linux.vnet.ibm.com>>
>> *发送时间:*2017-11-23 03:41:30 (星期四)
>> *收件人:* 00011007 at whu.edu.cn <mailto:00011007 at whu.edu.cn>
>> *抄送:*
>> *主题:* Re: Fw: Can VTPM2 support WINDOWS
>>
>> On 11/16/2017 08:40 AM, 00011007 at whu.edu.cn
>> <mailto:00011007 at whu.edu.cn> wrote:
>>>
>>>
>>>
>>> -----原始邮件-----
>>> *发件人:*00011007 at whu.edu.cn
>>> <mailto:00011007 at whu.edu.cn>
>>> *发送时间:*2017-11-16 17:30:57 (星期四)
>>> *收件人:* seabios at seabios.org
>>> <mailto:seabios at seabios.org>
>>> *抄送:*
>>> *主题:* Can VTPM2 support WINDOWS
>>>
>>> Hi,all,
>>>
>>> We want VTPM2 to support windows virtual machines.
>>> So I want to know if the current seabios can support
>>> the windows guest OS when the tpm driver can not be
>>> modified. The host OS we used is CentOS 7.3 and the
>>> seabios version is 1.10.2. The hypervisor is
>>> KVM+QEMU. The windows version is windows server 2012
>>> that can automatically support physical TPM2 chip.
>>>
>>
>> I only ever tried with Windows 10 and that requires a CRB
>> interface (rather than TIS ) for a TPM2, which we will
>> only get with the next version of QEMU. I would assume
>> that this is also the case with windows server 2012.
>>
>> Stefan
>>
>>> Looking forward to reply as soon as possible.
>>>
>>>
>>> Yours sincerely,
>>>
>>> Juan
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> Best Wishes!
>>> ***********************************************************************************************
>>>
>>> Juan Wang
>>> Computer School, Wuhan University
>>> Key Laboratory of Aerospace Information Security and
>>> Trusted Computing, Ministry of Education
>>> Mobile Phone : 18986213038
>>> E-Mail : jwang at whu.edu.cn
>>> <mailto:jwang at whu.edu.cn>
>>> ***********************************************************************************************
>>>
>>>
>>> **
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> Best Wishes!
>>> ***********************************************************************************************
>>>
>>> Juan Wang
>>> Computer School, Wuhan University
>>> Key Laboratory of Aerospace Information Security and
>>> Trusted Computing, Ministry of Education
>>> Mobile Phone : 18986213038
>>> E-Mail : jwang at whu.edu.cn <mailto:jwang at whu.edu.cn>
>>> ***********************************************************************************************
>>>
>>>
>>> **
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> Best Wishes!
>> ***********************************************************************************************
>>
>> Juan Wang
>> Computer School, Wuhan University
>> Key Laboratory of Aerospace Information Security and
>> Trusted Computing, Ministry of Education
>> Mobile Phone : 18986213038
>> E-Mail : jwang at whu.edu.cn <mailto:jwang at whu.edu.cn>
>> ***********************************************************************************************
>>
>>
>> **
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> Best Wishes!
>> ***********************************************************************************************
>>
>> Juan Wang
>> Computer School, Wuhan University
>> Key Laboratory of Aerospace Information Security and
>> Trusted Computing, Ministry of Education
>> Mobile Phone : 18986213038
>> E-Mail : jwang at whu.edu.cn <mailto:jwang at whu.edu.cn>
>> ***********************************************************************************************
>>
>>
>> **
>
>
>
> _______________________________________________
> SeaBIOS mailing list
> SeaBIOS at seabios.org <mailto:SeaBIOS at seabios.org>
> https://mail.coreboot.org/mailman/listinfo/seabios
> <https://mail.coreboot.org/mailman/listinfo/seabios>
>
>
>
>
> --
> Marc-André Lureau
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/seabios/attachments/20171124/012185a4/attachment-0001.html>
More information about the SeaBIOS
mailing list