From: James Bottomley <James.Bottomley(a)HansenPartnership.com>
Sent: Wednesday, October 14, 2020 11:32 AM
To: Roberts, William C <william.c.roberts(a)intel.com>; tpm2(a)lists.01.org; linux-
Subject: Re: QUEMU and TPM2 device emulation
On Wed, 2020-10-14 at 15:27 +0000, Roberts, William C wrote:
> Has anyone ever setup a QUEMU instance with a virtualized TPM? I need
> to try and replicate an issue with the in-kernel Resource manager. My
> goal is to use the integrated QUEMU support To bring up an emulated
> TPM device and it's associated RM node @ /dev/tpmrm0.
> I am looking at:
> Which shows this command:
> qemu-system-x86_64 -display sdl -enable-kvm \
> -m 1024 -boot d -bios bios-256k.bin -boot menu=on \
> -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
> -tpmdev emulator,id=tpm0,chardev=chrtpm \
> -device tpm-tis,tpmdev=tpm0 test.img
> #> dmesg | grep -i tpm
> [ 0.711310] tpm_tis 00:06: 1.2 TPM (device=id 0x1, rev-id 1)
> I have a few questions around this that I cannot seem to dig up any
> documentation on:
> 1. How to specify TPM2.0 device? The project
seems to indicate it would
> be supported.
All QEMU is doing is passing through a socket to something as a TPM.
Either TPM 1.2 or 2.0 could be on the end of that socket, so what really matters is
what's at the other end of /tmp/mytpm1/swtpm-sock.
If you change that to be TPM 2.0 then QEMU will see it.
Thanks James, once I started fiddling with it, it started to make sense. You need to start
the swtpm component
with the option --tpm2, then pass through everything else in qemu the same way, as you
Ill post my commands for anyone else who may stumble into this on their quest:
## Start TPM Emulator
Note that one needs the --tpm2 option to start a TPM2.0 emulator.
swtpm socket --tpmstate dir=/tmp/mytpm1 --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock
--log level=20 --tpm2
## Boot the VM
qemu-system-x86_64 -hda ~/qemu-images/ubuntu-20.04-amd64.img -boot d -m 2048 -enable-kvm
-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock -tpmdev
emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0