[SeaBIOS] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine with seabios

汤福 tangfu at gohighsec.com
Thu Aug 23 11:15:00 CEST 2018 

Excuse me, is there some case of successful attempts on Windows 10?  Or just some technical knowledge has not really test? Could you provide me some technical docs? Thanks!


> -----原始邮件-----
> 发件人: "Marc-André Lureau" <marcandre.lureau at gmail.com>
> 发送时间: 2018-08-23 16:37:36 (星期四)
> 收件人: tangfu at gohighsec.com
> 抄送: "Kevin O'Connor" <kevin at koconnor.net>, seabios at seabios.org
> 主题: Re: [SeaBIOS] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine with seabios
> 
> Hi
> 
> On Thu, Aug 23, 2018 at 9:29 AM 汤福 <tangfu at gohighsec.com> wrote:
> >
> > Hi,
> >    I am sorry, I bothered you. Still vTPM 2.0 for win 10 problem, I downloaded the latest qemu source from git, the version is V3.0.50. I think this is the latest code of qemu upstream. I also downloaded seabios upstream and bulid it with tpm2 support.  Unfortunately, I tried both passthrough and emulator, and I didn’t get the expected results.
> >
> >    For emulator, I did it like this:
> >    #mkdir /tmp/mytpm2/
> >    #chown tss:root /tmp/mytpm2
> >    #swtpm_setup --tpmstate /tmp/mytpm2 --create-ek-cert --create-platform-cert --allow-signing --tpm2
> >    #swtpm socket --tpmstate dir=/tmp/mytpm2   --ctrl type=unixio,path=/tmp/mytpm2/swtpm-sock   --log level=20 --tpm2
> >
> >    No errors occurred, suggesting that the certificate was also generated successfully.Then I created a blank img file named win10.img,and install win10  virtual machine as follows:
> >    #qemu-system-x86_64 -display sdl -enable-kvm -cdrom win10.iso -serial stdio -m 2048 -boot d -bios bios.bin   -boot menu=on  -chardev socket,id=chrtpm,path=/tmp/mytpm2/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-crb,tpmdev=tpm0 win10-ovmf.img
> >    Enter the system when the system is successfully installed,I found that the TPM 2.0 device was not found in the System Device Manager. If I replace -device tpm-crb with -device tpm-tis and reboot the system,The TPM device can be found in the device manager.But the vTPM 2.0 is recognized as vTPM 1.2.
> >
> >    I also tried passthrough mode, The result is the same as emulator. So, what could be the problem?
> >
> 
> Try with OVMF. According to some technical docs, it seems Windows
> requires UEFI & CRB for TPM 2. That's also what testing suggestsTry.
> We are able to pass most WLK TPM tests with this setup.
> 
> >
> >
> > > -----原始邮件-----
> > > 发件人: "Kevin O'Connor" <kevin at koconnor.net>
> > > 发送时间: 2018-08-21 12:08:59 (星期二)
> > > 收件人: "汤福" <tangfu at gohighsec.com>
> > > 抄送: seabios at seabios.org
> > > 主题: Re: [SeaBIOS] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual machine with seabios
> > >
> > > On Mon, Aug 13, 2018 at 04:45:43PM +0800, 汤福 wrote:
> > > > Hi,
> > > >
> > > > I want to use the vTPM in a qemu Windows image. Unfortunately, it didn't work.
> > > > First, the equipment:
> > > > TPM 2.0 hardware
> > > > CentOS 7.2
> > > > Qemu v2.10.2
> > > > SeaBIOS 1.11.0
> > > > libtpm and so on
> > >
> > > If you retry with the latest SeaBIOS code from the master branch, does
> > > the problem still exist?
> > >
> > > See:
> > > https://mail.coreboot.org/pipermail/seabios/2018-August/012384.html
> > >
> > > -Kevin
> > _______________________________________________
> > SeaBIOS mailing list
> > SeaBIOS at seabios.org
> > https://mail.coreboot.org/mailman/listinfo/seabios
> 
> 
> 
> -- 
> Marc-André Lureau

More information about the SeaBIOS mailing list