On onsdag 29 augusti 2018 kl. 15:37:47 EEST Alvin Starr wrote: > On 08/29/2018 07:38 AM, Dag Nygren wrote: > > > On onsdag 29 augusti 2018 kl. 10:00:39 EEST Sandro Bonazzola wrote: > >> 2018-08-28 13:52 GMT+02:00 Dag Nygren <dag at newtech.fi>: > >> > >>> We have a desperate need for TPM support and: > >>> > >>> 1. Tried the "standard" distro install. linvirt supports > >>> TPM passthrough but kvm-qemu barfs: > >>> "unsupported configuration: The QEMU executable /usr/libexec/qemu-kvm > >>> does not support TPM backend type passthrough" > >>> > >>> 2. The activated the qemu-ev repo and updated qemu-kvm to version 2.10.0, > >>> which for sure > >>> should support at least passthrough. No luck - Same error message. > >>> Downloaded the source for th rpm and found a line: "--disable-tpm" > >>> in build_configure.sh. Guess that the maintainers has some reason > >>> to turn tpm off. Can somone confirm this? > >>> > >> Not sure about reasons for turning off, but request to enable it has been > >> closed wontfix: https://bugzilla.redhat.com/show_bug.cgi?id=1327947 > > Thanks for the comments and reactions so far! > > > > Well. Changed -disable-tpm to enable-tpm in the rpmbuild and > > built myself a version with TPM passthrough enabled. Just to find > > out that it only supports tpm_tis in 2.10.0 and our device > > only seem to speak tpm_cdr :-(. Bugger.. But we really do need multiple > > VM:s accessing the hardware TPM anyway and this would only give us > > one VM ... > > > > Also downloaded qemu 2.12.0 and tried to very optimistically just > > throw it in the rpmbuild. And got a heap of patch fails already > > at the first patch. Expected of course... So no such luck. > > > > Now looking further it also seems like even 2.12.0 will not solve > > our problem as it only gives multiple VM access to the swtpm emulator. > > We need access to the hardware TPM... > > > > Can you make swtpm use the hardware ? > > > > Any advice would/will be valuable! > > > You could try using Xen. > A quick search implies that Xen from 4.3 onward will virtualize TPM. > I am not sure if the libvirt drivers for xen will support the feature > but some work around may be possible. Thanks! Seems to be exactly what is needed. The problem here is that we have invested a lot of work and money in a QEMU solution already and have everything else working smoothly... The client just recently figured out that they will need TPM so nobody looked for it until now. But I will look into this! Best Dag