On Fri, Jan 10, 2020 at 12:32:02AM +0000, Yao, Jiewen wrote: > Hi Marc-André > Would you please share some information on how to use vTPM with QEMU? > > I saw https://github.com/stefanberger/qemu-tpm > > But I am not sure if that has been integrated to official QEMU release? > Actually the TPM document can be found in the qemu package: https://github.com/qemu/qemu/blob/master/docs/specs/tpm.txt
I also maintained a wiki page for openSUSE: https://en.opensuse.org/Software_TPM_Emulator_For_QEMU Hope this helps. Cheers, Gary Lin > > -----Original Message----- > > From: Laszlo Ersek <ler...@redhat.com> > > Sent: Thursday, January 9, 2020 9:07 PM > > To: Yao, Jiewen <jiewen....@intel.com>; Ard Biesheuvel > > <ard.biesheu...@linaro.org> > > Cc: edk2-devel-groups-io <devel@edk2.groups.io>; Marc-André Lureau > > <marcandre.lur...@redhat.com> > > Subject: Re: [PATCH 4/4] ArmVirtPkg/ArmVirtQemu: add optional support for > > TPM2 measured boot > > > > On 01/09/20 01:51, Yao, Jiewen wrote: > > > Hi > > > Comment for the warning: > > >>> WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0xC) > > >>> WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0xD) > > > > > > The reason is that: The DSC added all HASH algorithm to the TCG2 driver. > > (SHA1/SHA256/SHA384/SHA512/SM3). > > > But the current TPM hardware device does not support SHA384 (0xC) and > > SHA512 (0xD). > > > > > > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > > > <LibraryClasses> > > > > > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRout > > erPei.inf > > > NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > > > > > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > > > > > NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > > > > > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > > > NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > > > } > > > > > > > > > It is warning because the Firmware Image *may* want to support another > > TPM2 which has such capability. > > > It just means the *current* TPM2 does not support this hash. > > > The platform owner may decide to clean up the warning by remove the > > SHA384/SHA512 null lib instance > > > support for current TPM2, or leave them as is for another TPM2. > > > > Thank you for the explanation! > > > > > BTW: Is there any document on how to enable TPM2 on QEMU ? > > > I would like to have a try. :-) > > > > Please ask Marc-André (already CC'd) about vTPM usage with QEMU; > > unfortunately, I don't know. > > > > Thanks! > > Laszlo > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#53180): https://edk2.groups.io/g/devel/message/53180 Mute This Topic: https://groups.io/mt/69499023/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
