i found this:
https://titanwolf.org/Network/Articles/Article?AID=61faf297-0fb8-4dac-babc-877e889b896e#gsc.tab=0
On 8/3/21 8:36 PM, Ivan Volosyuk wrote:
It's a package, just run in your gentoo box:
emerge swtpm
And setup using:
https://qemu-project.gitlab.io/qemu/specs/tpm.html
On Wed, Aug 4, 2021 at 2:49 AM Roger Lawhorn <r...@twc.com> wrote:
how do i install swtpm?
is it a package in my repo or do i need to compile the source code?
i dont use libvert, i run a qemu script to launch windows 10
how do i tell qemu that it needs to use it?
is it an additional switch on the command line?
thanks
On 8/3/21 2:20 AM, Brett Peckinpaugh wrote:
I found my issue, it was mainly I was still using the i440fx and needed to
switch to q35. Which required a bit more work, and as I had to rebuild and
reinstall windows I used the secure boot OVMF and with that I should be if I
decide to 100% windows 11 compliant. You will need to install swtpm and might
have to correct some permissions based on your install, and what user and it's
permissions that are running your qemu and libvirt.
On Mon, Aug 2, 2021 at 9:39 PM Roger Lawhorn <r...@twc.com> wrote:
We are all facing a forced upgrade to windows 11 so we must answer this
question.
Thanks for asking it.
I am not familiar with TPM in virt machines so I decline to comment.
On 7/2/21 2:03 AM, Brett Peckinpaugh wrote:
With Win 11 coming I figured I would spend a bit of time tinkering and see I
could be ready if I decided it isn't the junk OS that every other windows OS
is. I run a guest with OVMF for UEFI and pass through a PCIE video card.
Everything works fine.
Challenge I am running into is I installed swtpm, then added a software TPM to
my guest. System boots and runs fine but the TPM fails to start in the Windows
guest with a code of 10. From Linux it all looks good. Windows events just
say generic failure messages.
To confuse me more, I have a server with a guest running windows that is just
virtual. Added the TPM and it shows up and is working on that guest. Host is
Manjaro flavor of Arch.
Linux logs for the TPM seems good. Any ideas? I tried to boot using a secure
boot enabled version of OVMF and guest would not even start.
Starting vTPM manufacturing as root:root @ Thu 01 Jul 2021 10:48:40 PM PDT
Successfully created RSA 2048 EK with handle 0x81010001.
Invoking /usr/share/swtpm/swtpm-localca --type ek --ek
ac3b97418acfd724aed5d9dcc0f0e10a1a90b04ab21525115e7bb00009b9ea63525acc5ac367deef59d99620f129417f21e1419edaebd8b1f385a5b874b463d744c609b2f4c6fc00bfe5712bea7d7506e29ba8b4cb34e1b3c90d3f5a1805ba52628751aef659959d12a33d5238ec82bfa0b04ebab52bde403c9291f80a949de6303af04aa1a706ca4b054f45e94d4749b729ddf2b50849abaae1f681c3bb48ddfce1166fd804b9197d14af5fff9a52e48b0707916091516ed67c4c1e519b51478ecc25c89d9ad7a6f1e29e263b35cb54ca75ebe8bc2d7a82a3f262108abc75592467ccf5defe9e46f3706cc90ae67a4b38910e61a05ff62a9d3ec383bd352143
--dir /var/lib/libvirt/swtpm/5e3c8d62-c0ef-41d7-9b7f-cddf618df88a/tpm2
--logfile /var/log/swtpm/libvirt/qemu/Megaera-swtpm.log --vmid
Megaera:5e3c8d62-c0ef-41d7-9b7f-cddf618df88a --tpm-spec-family 2.0
--tpm-spec-level 0 --tpm-spec-revision 162 --tpm-manufacturer id:00001014
--tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile
/etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Successfully created EK certificate locally.
Invoking /usr/share/swtpm/swtpm-localca --type platform --ek
ac3b97418acfd724aed5d9dcc0f0e10a1a90b04ab21525115e7bb00009b9ea63525acc5ac367deef59d99620f129417f21e1419edaebd8b1f385a5b874b463d744c609b2f4c6fc00bfe5712bea7d7506e29ba8b4cb34e1b3c90d3f5a1805ba52628751aef659959d12a33d5238ec82bfa0b04ebab52bde403c9291f80a949de6303af04aa1a706ca4b054f45e94d4749b729ddf2b50849abaae1f681c3bb48ddfce1166fd804b9197d14af5fff9a52e48b0707916091516ed67c4c1e519b51478ecc25c89d9ad7a6f1e29e263b35cb54ca75ebe8bc2d7a82a3f262108abc75592467ccf5defe9e46f3706cc90ae67a4b38910e61a05ff62a9d3ec383bd352143
--dir /var/lib/libvirt/swtpm/5e3c8d62-c0ef-41d7-9b7f-cddf618df88a/tpm2
--logfile /var/log/swtpm/libvirt/qemu/Megaera-swtpm.log --vmid
Megaera:5e3c8d62-c0ef-41d7-9b7f-cddf618df88a --tpm-spec-family 2.0
--tpm-spec-level 0 --tpm-spec-revision 162 --tpm-manufacturer id:00001014
--tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile
/etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Successfully created platform certificate locally.
Successfully created NVRAM area 0x1c00002 for RSA 2048 EK certificate.
Successfully created NVRAM area 0x1c08000 for platform certificate.
Successfully created ECC EK with handle 0x81010016.
Invoking /usr/share/swtpm/swtpm-localca --type ek --ek
x=0ecc2c9a02316295724304fcdeb9802c6d2f2d5fa40c34717ea9ff64f4d5e969c79f6eaba9bf4f8e6c67416057542a7e,y=6d54604b00bbbc83f8e9d02983c3486514218c9eabf29dbfc692058506828b299cec8605be490173ebe1727719ff5c90,id=secp384r1
--dir /var/lib/libvirt/swtpm/5e3c8d62-c0ef-41d7-9b7f-cddf618df88a/tpm2
--logfile /var/log/swtpm/libvirt/qemu/Megaera-swtpm.log --vmid
Megaera:5e3c8d62-c0ef-41d7-9b7f-cddf618df88a --tpm-spec-family 2.0
--tpm-spec-level 0 --tpm-spec-revision 162 --tpm-manufacturer id:00001014
--tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile
/etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Successfully created EK certificate locally.
Successfully created NVRAM area 0x1c00016 for ECC EK certificate.
Successfully activated PCR banks sha1,sha256 among sha1,sha256,sha384,sha512.
Successfully authored TPM state.
Ending vTPM manufacturing @ Thu 01 Jul 2021 10:48:40 PM PDT
_______________________________________________
vfio-users mailing list
vfio-users@redhat.com
https://listman.redhat.com/mailman/listinfo/vfio-users
_______________________________________________
vfio-users mailing list
vfio-users@redhat.com
https://listman.redhat.com/mailman/listinfo/vfio-users
_______________________________________________
vfio-users mailing list
vfio-users@redhat.com
https://listman.redhat.com/mailman/listinfo/vfio-users
_______________________________________________
vfio-users mailing list
vfio-users@redhat.com
https://listman.redhat.com/mailman/listinfo/vfio-users
