qemu-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-discuss] Trustedgrub2 reports No TPM found

From: Stefan Berger
Subject: Re: [Qemu-discuss] Trustedgrub2 reports No TPM found
Date: Wed, 10 May 2017 11:56:55 +0000 
   Hi Anshul,

    so does the SeaBIOS menu show several entries in case of TPM 1.2 and
   the single entry in case of TPM 2?

    I don't know these TPM 2 tools and how they work. You may want to try
   these tools here as an alternative:
   [1]https://sourceforge.net/projects/ibmtpm20tss/files/?source=navbar

   Regards,
      Stefan

     ----- Original message -----
     From: anshul makkar <address@hidden>
     To: Stefan Berger <address@hidden>
     Cc: <address@hidden>
     Subject: Re: Trustedgrub2 reports No TPM found
     Date: Wed, May 10, 2017 4:41 AM

     Hi Stefan,
     Thanks..

     " swtpm: ./configure --prefix=/usr --with-openssl ; make ; sudo make
     check -j16 ; sudo make install" . Don't we need to specify
     "--with-cuse" or its typo from you ?

     While building libtpm, even though we specify "--with-tpm2" flag
     during configuration phase, it builds libtpm for both 1.2 and 2.0
     and when I did make install I found that only 1.2 libraries were
     getting installed. Its kind of weird but I worked around this by
     deleting the 1.2 libraries after doing make and then did make
     install.
     swtpm_cuse --name vtpm0 --tpmstate dir=/tmp/vtpm0 --log
     file=/root/out.log
     sudo qemu-system-x86_64  -enable-kvm -display sdl  -m 2048 -boot b
     -bios /local/home/anshulma/tpm/seabios-tpm/out/bios.bin -boot
     menu=on -tpmdev cuse-tpm,id=tpm0,path=/dev/vtpm0 -device
     tpm-tis,tpmdev=tpm0 -drive
     format=raw,file=../../stefanberger_qemu_tpm/qemu-tpm/ubuntu.img

     After following the above steps, my ubuntu guest and trusted grub
     can see TPM. I installed TPM2-tss and tpm-tools in the guest. But I
     am not able to execute tpm2 commands.

     ##>tpm2_takeownership

     Error: Failed to initialize tcti context: 0x1 //trying to
     communicate over socket. initsocketTCTI failed.
     ##> resourcemgr
      Resource Mgr, device TCTI, failed initialization: 0xa000a.
     Exiting....
     ./tpm2_rc_decode 0xa000a : TSS2_BASE_RC_IO_ERROR.
     Then I read that I can remove resourcemgr from the configuration and
     can use direct TCTI mechanism introduced in TPM 2.0.
     ##>tpm2_takeownership -T device
     Error: Failed to initialize device TCTI context. //directly
     communicate with TCTI device. initdeviceTCTI failed.
     ./tpm2_rc_decode: 0xa00a: TSS2_BASE_RC_IO_ERROR, IO failure.
     I think I am missing some library or configuration which prevents
     initialization of TCTI interface.
     Please can you suggest.
     Thanks
     Anshul Makkar

   On 05/05/17 18:36, Stefan Berger wrote:

   I would use the following configure lines. You may want to watch out so
   you don't have two versions of the library on your system, though:

   libtpms: ./configure --prefix=/usr --with-tpm2 --with-openssl ; make ;
   make check ; sudo make install
   swtpm: ./configure --prefix=/usr --with-openssl ; make ; sudo make
   check -j16 ; sudo make install

   Please run a 'make check -j16' on the swtpm project before running a
   'make install'.

   Can you follow the setup steps that the person raising this issue
   followed: [2]https://github.com/stefanberger/swtpm/issues/21


     ----- Original message -----
     From: anshul makkar [3]<address@hidden>
     To: [4]<address@hidden>, [5]<address@hidden>
     Cc:
     Subject: Trustedgrub2 reports No TPM found
     Date: Fri, May 5, 2017 12:32 PM

   Hi,
   I had a working vTPM solution with TPM 1.2 using swtpm, libtpm qemu2.8,
   cuse.
   I wanted to try TPM 2.0 so I switched to:
   swtpm: tpm2-preview branch. Compiled using ./configure --with-tpm2
   --enable-debug --enable-cuse
   libtpm: tpm2-preview.rev142 branch. Compiled using ./configure
   --with-tpm2 --enable-debug
   Installed TPM2.0-TSS software stack.
   Using seabios with TPM patches and TrustedGrub2.
   [6]https://github.com/ts468/seabios-tpm
   Now when I start guest with TrustedGrub2, I get an error message from
   grub that TPM device not found. Even Windows guest fails to detect TPM.
   Command that I used to start the guest
   swtpm_cuse --tpm2 -M 260 -m 1 -n vtpm0 . I can see /dev/vtpm0 after
   this
   command.
   Launch the guest: sudo qemu-system-x86_64  -enable-kvm  -m 2048 -boot b
   -bios seabios.bin -boot menu=on -tpmdev
   cuse-tpm,id=tpm0,path=/dev/vtpm0
   -device tpm-tis,tpmdev=tpm0 -drive format=raw,file=ubuntu.img
   I debugged TrustedGrub2.0 code and found that it issues BIOS call INT
   1Ah, (AH)=BBh,(AL)=00h ( TCG_StatusCheck ) which fails.
   TPM 1.2 used to work fine, so just wondering if I have missed any
   components.
   Please can you share your thoughts.
   Thanks
   Anshul Makkar

References

   1. https://sourceforge.net/projects/ibmtpm20tss/files/?source=navbar
   2. https://github.com/stefanberger/swtpm/issues/21
   3. mailto:address@hidden
   4. mailto:address@hidden
   5. mailto:address@hidden
   6. https://github.com/ts468/seabios-tpm
reply via email to
[Prev in Thread] Current Thread [Next in Thread]