On 08/29/2018 07:38 AM, Dag Nygren wrote:
On onsdag 29 augusti 2018 kl. 10:00:39 EEST Sandro Bonazzola wrote:
2018-08-28 13:52 GMT+02:00 Dag Nygren dag@newtech.fi:
We have a desperate need for TPM support and:
- Tried the "standard" distro install. linvirt supports TPM passthrough but kvm-qemu barfs: "unsupported configuration: The QEMU executable /usr/libexec/qemu-kvm
does not support TPM backend type passthrough"
- The activated the qemu-ev repo and updated qemu-kvm to version 2.10.0,
which for sure should support at least passthrough. No luck - Same error message. Downloaded the source for th rpm and found a line: "--disable-tpm" in build_configure.sh. Guess that the maintainers has some reason to turn tpm off. Can somone confirm this?
Not sure about reasons for turning off, but request to enable it has been closed wontfix: https://bugzilla.redhat.com/show_bug.cgi?id=1327947
Thanks for the comments and reactions so far!
Well. Changed -disable-tpm to enable-tpm in the rpmbuild and built myself a version with TPM passthrough enabled. Just to find out that it only supports tpm_tis in 2.10.0 and our device only seem to speak tpm_cdr :-(. Bugger.. But we really do need multiple VM:s accessing the hardware TPM anyway and this would only give us one VM ...
Also downloaded qemu 2.12.0 and tried to very optimistically just throw it in the rpmbuild. And got a heap of patch fails already at the first patch. Expected of course... So no such luck.
Now looking further it also seems like even 2.12.0 will not solve our problem as it only gives multiple VM access to the swtpm emulator. We need access to the hardware TPM...
Can you make swtpm use the hardware ?
Any advice would/will be valuable!
You could try using Xen. A quick search implies that Xen from 4.3 onward will virtualize TPM. I am not sure if the libvirt drivers for xen will support the feature but some work around may be possible.