I tried it according to your method, but I have some problems. My host is centos 7.2 with the TPM 2.0 hardware and qemu v2.10.2. The driver for the TPM 2.0 hardware is crb device,Execute lsmod to view the tpm 2.0 driver information as follows: [root@localhost BUILD]# lsmod | grep tpm tpm_crb 12972 0
I downloaded the OVMF-20182028-5.noarch.src.rpm package from the rpm search website. And rebulid it with -DTPM2_ENABLE and -DSECURE_BOOT_ENABLE, Rebulid everything well and generate the OVMF.fd and OVMF_ARGS.fd file,so I copy OVMF.fd to my qemu-kvm project and start qemu to install windows 10 virtual machine. I first created a blank img file named win10.img,and install win10 virtual machine as follows: [root@localhost BUILD]#qemu-system-x86_64 -display sdl -enable-kvm -m 4096 -boot d -cdrom win10.iso -bios OVMF.fd -net none -boot menu=on -tpmdev cuse-tpm,id=tpm0,cancel-path=/dev/null,type=passthrough,path=/dev/tpm0 -device tpm-tis,tpmdev=tpm0 win10.img The installation process is very very slow, the system automatically restarts after the installation is complete. But it seems can't enter the desktop. The system restarts cyclically, it looks like there is a problem with BIOS boot. I think of what you said that for Windows TPM 2 support will need the TPM CRB device, so I start qemu with parameter of -device tpm-crb but it didn't work. Prompt the following error message: [root@localhost BUILD]#qemu-system-x86_64 -display sdl -enable-kvm -m 4096 -boot d -bios OVMF.fd -net none -boot menu=on -tpmdev cuse-tpm,id=tpm0,cancel-path=/dev/null,type=passthrough,path=/dev/tpm0 -device tpm-crb,tpmdev=tpm0 win10.img [root@localhost BUILD]#qemu-system-x86_64: -device tpm-crb,tpmdev=tpm0: 'tpm-crb' is not a valid device model name I don't know where the problem is, I need you to give me some help. Thank you very much! > -----原始邮件----- > 发件人: "Marc-André Lureau" <marcandre.lur...@gmail.com> > 发送时间: 2018-08-16 16:56:52 (星期四) > 收件人: tan...@gohighsec.com > 抄送: QEMU <qemu-devel@nongnu.org> > 主题: Re: [Qemu-devel] vTPM 2.0 is recognized as vTPM 1.2 on the Win 10 virtual > machine > > Hi > On Thu, Aug 16, 2018 at 3:29 AM 汤福 <tan...@gohighsec.com> wrote: > > > > Hi, > > > > I want to use the vTPM in a qemu Windows image. Unfortunately, it didn't > > work. > > First, the equipment: > > TPM 2.0 hardware > > CentOS 7.2 > > Qemu v2.10.2 > > SeaBIOS 1.11.0 > > libtpm and so on > > > > My host is centos 7.2 with the TPM 2.0 hardware and qemu v2.10.2. > > I make the libtpm and seabios with ./configure, make and so on. I checked > > seabios with make menuconfig the TPM setting. It is enabled tpm by default. > > Eventually, all works without errors. > > > > I start the Widnows 10 image with: > > qemu-system-x86_64 -display sdl -enable-kvm -m 2048 -boot d -bios bios.bin > > -boot menu=on -tpmdev > > cuse-tpm,id=tpm0,cancel-path=/dev/null,type=passthrough,path=/dev/tpm0 > > -device tpm-tis,tpmdev=tpm0 win10.img > > > > > > First it looks all fine. Windows 10 booted up but the vTPM was recognized > > as TPM 1.2 instead of TPM 2.0 in device manager. I open the tpm Manager > > with tpm.msc but get error with No compatible TPM found. > > If I use vTPM in a qemu linux image, everything gose well. I think of what > > you said > > > > > > So, what could be the problem? > > You need to build libtpms & swtpm from Stefan tpm2-preview branches. > (Alternatively, there is now an experimental fedora copr repository: > https://copr.fedorainfracloud.org/coprs/stefanberger/swtpm/) > > I suggest to setup the VM with libvirt upstream, which will do the > preliminary swtpm_setup for you, or follow > https://github.com/stefanberger/swtpm/wiki/Certificiates-created-by-swtpm_setup > > For Windows TPM 2 support, you will need the TPM CRB device, and > upstream OVMF compiled with -D TPM2_ENABLE (TIS & Bios are 1.2 only > for Windows, even if seabios does have some 2.0 support with them) > > Furthermore, to pass the WLK tests, you need PPI & MOR interface, > which are still pending merge ([PATCH v9 0/6] Add support for TPM > Physical Presence interface) > > > > > -- > Marc-André Lureau
