[SeaBIOS] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine with seabios

汤福 tangfu at gohighsec.com
Thu Aug 23 09:25:56 CEST 2018 

Hi,
   I am sorry, I bothered you. Still vTPM 2.0 for win 10 problem, I downloaded the latest qemu source from git, the version is V3.0.50. I think this is the latest code of qemu upstream. I also downloaded seabios upstream and bulid it with tpm2 support.  Unfortunately, I tried both passthrough and emulator, and I didn’t get the expected results.

   For emulator, I did it like this:
   #mkdir /tmp/mytpm2/
   #chown tss:root /tmp/mytpm2
   #swtpm_setup --tpmstate /tmp/mytpm2 --create-ek-cert --create-platform-cert --allow-signing --tpm2
   #swtpm socket --tpmstate dir=/tmp/mytpm2   --ctrl type=unixio,path=/tmp/mytpm2/swtpm-sock   --log level=20 --tpm2

   No errors occurred, suggesting that the certificate was also generated successfully.Then I created a blank img file named win10.img,and install win10  virtual machine as follows:
   #qemu-system-x86_64 -display sdl -enable-kvm -cdrom win10.iso -serial stdio -m 2048 -boot d -bios bios.bin   -boot menu=on  -chardev socket,id=chrtpm,path=/tmp/mytpm2/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-crb,tpmdev=tpm0 win10-ovmf.img
   Enter the system when the system is successfully installed,I found that the TPM 2.0 device was not found in the System Device Manager. If I replace -device tpm-crb with -device tpm-tis and reboot the system,The TPM device can be found in the device manager.But the vTPM 2.0 is recognized as vTPM 1.2. 
  
   I also tried passthrough mode, The result is the same as emulator. So, what could be the problem?



> -----原始邮件-----
> 发件人: "Kevin O'Connor" <kevin at koconnor.net>
> 发送时间: 2018-08-21 12:08:59 (星期二)
> 收件人: "汤福" <tangfu at gohighsec.com>
> 抄送: seabios at seabios.org
> 主题: Re: [SeaBIOS] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine with seabios
> 
> On Mon, Aug 13, 2018 at 04:45:43PM +0800, 汤福 wrote:
> > Hi,
> > 
> > I want to use the vTPM in a qemu Windows image. Unfortunately, it didn't work.
> > First, the equipment:
> > TPM 2.0 hardware
> > CentOS 7.2
> > Qemu v2.10.2
> > SeaBIOS 1.11.0
> > libtpm and so on
> 
> If you retry with the latest SeaBIOS code from the master branch, does
> the problem still exist?
> 
> See:
> https://mail.coreboot.org/pipermail/seabios/2018-August/012384.html
> 
> -Kevin

More information about the SeaBIOS mailing list