Re: [Qemu-discuss] QEMU-TPM with SeaBIOS

[Jakob Bohm]

Ah!

The emulated hard disk interface in the virtual machine is
probably not the same as the real hard disk interface in
your real machine.  The same goes for all the other hardware
in the virtual machine.  Basically, a qemu virtual machine
is a completely different computer model than whichever
physical computer you have in front of you, and it needs
to have the hardware parts of its OS configured for that
virtual hardware.  Trying to copy the driver configuration
from a physical machine to a qemu machine is like trying to
copy it from a Dell laptop to a HP desktop.

Qemu emulates one of 3 hard disk interfaces types as
specified through qemu command line options: "IDE/PATA"
(appears as /dev/hda in Linux kernels compiled with the
classic IDE drivers, or as /dev/sda in Linux kernels
compiled with the libata PATA drivers), "SCSI" (using a
specific adapter, see the online docs for the emulated
model, appears as /dev/sda in Linux) and "virtio" (A
high speed qemu specific interface, appears as /dev/vda
in Linux).

To load the needed drivers if they are compiled as modules
(.config file lists them with an "m"), include those
module files (from /lib/modules/) in initrd.img and make
sure the scripts and config files in initrd.img will load
them.


On 8/17/2012 10:26 AM, khan wahid wrote:
> ------------------------------------------------------------------------
> *From:* Jakob Bohm <address@hidden>
> *To:* address@hidden
> *Sent:* Wednesday, August 15, 2012 7:23 PM
> *Subject:* Re: [Qemu-discuss] QEMU-TPM with SeaBIOS
>
> On 8/15/2012 9:40 AM, khan wahid wrote:
> > Hi,
> > I want to build a trusted integrity measurement OS, so that a remote 
> party can check the system's integrity. But I don't have a hardware 
> TPM, so I run the TPM emulator (http://tpm-emulator.berlios.de/) and 
> patched my Qemu and SeaBIOS with the TPM related Patches (provided by 
> Mr. Stefan Berger) to test the integrity measurement in virtual 
> machine based Linux. To launch a Linux through Qemu, at first I 
> compiled Linux from the source with Kernel-IMA functionality. Now I 
> have the following files-
> > The compiled kernel-IMA image at 
> /home/rrsuj/linux-2.6.32.59/arch/x86/boot/bzImage
> > And the new initrd at /boot/initrd.img-2.6.32.59
> > The patched bios.bin at /home/rrsuj/seabios-0.6.2/out/bios.bin
> >
> > I first check that the TPM emulator is running, so that Qemu and 
> SeaBIOS find a TPM (although virtual). Then I execute the following 
> command -
> >
> > #qemu-system-i386  -kernel 
> /home/rrsuj/linux-2.6.32.59/arch/x86/boot/bzImage  -initrd 
> /boot/initrd.img-2.6.32.59  -bios 
> /home/rrsuj/Downloads/seabios/seabios-0.6.2/out/bios.bin
> > It tries to boot Linux, but gives error-
> > "VFS: cannot open root device "<NULL>" or unknown-block (8,1)"
> > "Please append a correct "root=" boot option;"
>
> >In other words, the default root device indicated by a few reserved bytes
> >near the start of your bzImage or dynamically set by code in your
> >initrd.img was blockdev major 8, minor 1 a.k.a. /dev/sda1, but 
> neither your
> >bzImage nor any modules loaded by your initrd.img knew how to map
> >"blockdev 8,1" to "sda1".  So I guess you haven't loaded the relevant 
> SCSI
> >driver.
>
> When I compiled the new kernel 
> (/home/rrsuj/linux-2.6.32.59/arch/x86/boot/bzImage)  in my host 
> machine where the qemu is installed, it generates the 
> /boot/vmlinuz-2.6.32.59, and I am able to run my host machine with the 
> new kernel, and I think the bzImange and vmlinuz are same.  But this 
> vmlinuz-2.6.32.59 is invoked by grub while booting the host machine. 
> In the case of qemu, there is no grub to invoke the 
> /home/rrsuj/linux-2.6.32.59/arch/x86/boot/bzImage, I think it should 
> be invoked by the default qemu boot loader. So please tell me how 
> could I do that?
>
> > So I did-
> > #qemu-system-i386 -kernel 
> /home/rrsuj/Downloads/linux-2.6.32.59/arch/x86/boot/bzImage -initrd 
> /boot/initrd.img-2.6.32.59  -append "root=/dev/sda1"  -bios 
> /home/rrsuj/Downloads/seabios/seabios-0.6.2/out/bios.bin
> > but the error changes slightly-
> > "VFS: cannot open root device "sda1" or unknown-block (0,0)"
> > "Please append a correct "root=" boot option;"
>
> >So this time, neither your bzImage, nor any of the loaded modules knew
> >how to map "sda1" to "(8,1)", probably for the same reason as in your
> >first attempt.
>
> > The output of "sudo fdisk -l" is-
> > Device Boot      Start        End      Blocks  Id System
> > /dev/sda1  *          1        2686    21569536  83 Linux
> > /dev/sda2            2686        2808      979969    5 Extended
> > /dev/sda5            2686        2808      979968  82 Linux swap / 
> Solaris
>
> >How did you run this command if you could not boot your vm?
>
> >I guess you ran this using a different kernel or initrd which did 
> load the proper drivers.
>
> Sorry I forgot to mention that this fdisk output is from my host 
> machine (another linux version), where I executed the above qemu 
> commands.
>
> > So please tell me, what should I do? I had a plan to install 
> TrustedGrub inside the virtual machine (the guest Linux), so that I 
> can measure the total system from SeaBIOS to TrustedGrub to Linux-IMA. 
> But it is not booting as I mentioned.
> > Thank you for your help.
> > Best regards

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded