It's a package, just run in your gentoo box: emerge swtpm And setup using: https://qemu-project.gitlab.io/qemu/specs/tpm.html
On Wed, Aug 4, 2021 at 2:49 AM Roger Lawhorn <r...@twc.com> wrote: > > how do i install swtpm? > is it a package in my repo or do i need to compile the source code? > i dont use libvert, i run a qemu script to launch windows 10 > how do i tell qemu that it needs to use it? > is it an additional switch on the command line? > thanks > > > On 8/3/21 2:20 AM, Brett Peckinpaugh wrote: > > I found my issue, it was mainly I was still using the i440fx and needed to > switch to q35. Which required a bit more work, and as I had to rebuild and > reinstall windows I used the secure boot OVMF and with that I should be if I > decide to 100% windows 11 compliant. You will need to install swtpm and > might have to correct some permissions based on your install, and what user > and it's permissions that are running your qemu and libvirt. > > On Mon, Aug 2, 2021 at 9:39 PM Roger Lawhorn <r...@twc.com> wrote: >> >> We are all facing a forced upgrade to windows 11 so we must answer this >> question. >> Thanks for asking it. >> I am not familiar with TPM in virt machines so I decline to comment. >> >> On 7/2/21 2:03 AM, Brett Peckinpaugh wrote: >> >> With Win 11 coming I figured I would spend a bit of time tinkering and see I >> could be ready if I decided it isn't the junk OS that every other windows OS >> is. I run a guest with OVMF for UEFI and pass through a PCIE video card. >> Everything works fine. >> >> Challenge I am running into is I installed swtpm, then added a software TPM >> to my guest. System boots and runs fine but the TPM fails to start in the >> Windows guest with a code of 10. From Linux it all looks good. Windows >> events just say generic failure messages. >> >> To confuse me more, I have a server with a guest running windows that is >> just virtual. Added the TPM and it shows up and is working on that guest. >> Host is Manjaro flavor of Arch. >> >> Linux logs for the TPM seems good. Any ideas? I tried to boot using a >> secure boot enabled version of OVMF and guest would not even start. >> >> Starting vTPM manufacturing as root:root @ Thu 01 Jul 2021 10:48:40 PM PDT >> Successfully created RSA 2048 EK with handle 0x81010001. >> Invoking /usr/share/swtpm/swtpm-localca --type ek --ek >> ac3b97418acfd724aed5d9dcc0f0e10a1a90b04ab21525115e7bb00009b9ea63525acc5ac367deef59d99620f129417f21e1419edaebd8b1f385a5b874b463d744c609b2f4c6fc00bfe5712bea7d7506e29ba8b4cb34e1b3c90d3f5a1805ba52628751aef659959d12a33d5238ec82bfa0b04ebab52bde403c9291f80a949de6303af04aa1a706ca4b054f45e94d4749b729ddf2b50849abaae1f681c3bb48ddfce1166fd804b9197d14af5fff9a52e48b0707916091516ed67c4c1e519b51478ecc25c89d9ad7a6f1e29e263b35cb54ca75ebe8bc2d7a82a3f262108abc75592467ccf5defe9e46f3706cc90ae67a4b38910e61a05ff62a9d3ec383bd352143 >> --dir /var/lib/libvirt/swtpm/5e3c8d62-c0ef-41d7-9b7f-cddf618df88a/tpm2 >> --logfile /var/log/swtpm/libvirt/qemu/Megaera-swtpm.log --vmid >> Megaera:5e3c8d62-c0ef-41d7-9b7f-cddf618df88a --tpm-spec-family 2.0 >> --tpm-spec-level 0 --tpm-spec-revision 162 --tpm-manufacturer id:00001014 >> --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile >> /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options >> Successfully created EK certificate locally. >> Invoking /usr/share/swtpm/swtpm-localca --type platform --ek >> ac3b97418acfd724aed5d9dcc0f0e10a1a90b04ab21525115e7bb00009b9ea63525acc5ac367deef59d99620f129417f21e1419edaebd8b1f385a5b874b463d744c609b2f4c6fc00bfe5712bea7d7506e29ba8b4cb34e1b3c90d3f5a1805ba52628751aef659959d12a33d5238ec82bfa0b04ebab52bde403c9291f80a949de6303af04aa1a706ca4b054f45e94d4749b729ddf2b50849abaae1f681c3bb48ddfce1166fd804b9197d14af5fff9a52e48b0707916091516ed67c4c1e519b51478ecc25c89d9ad7a6f1e29e263b35cb54ca75ebe8bc2d7a82a3f262108abc75592467ccf5defe9e46f3706cc90ae67a4b38910e61a05ff62a9d3ec383bd352143 >> --dir /var/lib/libvirt/swtpm/5e3c8d62-c0ef-41d7-9b7f-cddf618df88a/tpm2 >> --logfile /var/log/swtpm/libvirt/qemu/Megaera-swtpm.log --vmid >> Megaera:5e3c8d62-c0ef-41d7-9b7f-cddf618df88a --tpm-spec-family 2.0 >> --tpm-spec-level 0 --tpm-spec-revision 162 --tpm-manufacturer id:00001014 >> --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile >> /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options >> Successfully created platform certificate locally. >> Successfully created NVRAM area 0x1c00002 for RSA 2048 EK certificate. >> Successfully created NVRAM area 0x1c08000 for platform certificate. >> Successfully created ECC EK with handle 0x81010016. >> Invoking /usr/share/swtpm/swtpm-localca --type ek --ek >> x=0ecc2c9a02316295724304fcdeb9802c6d2f2d5fa40c34717ea9ff64f4d5e969c79f6eaba9bf4f8e6c67416057542a7e,y=6d54604b00bbbc83f8e9d02983c3486514218c9eabf29dbfc692058506828b299cec8605be490173ebe1727719ff5c90,id=secp384r1 >> --dir /var/lib/libvirt/swtpm/5e3c8d62-c0ef-41d7-9b7f-cddf618df88a/tpm2 >> --logfile /var/log/swtpm/libvirt/qemu/Megaera-swtpm.log --vmid >> Megaera:5e3c8d62-c0ef-41d7-9b7f-cddf618df88a --tpm-spec-family 2.0 >> --tpm-spec-level 0 --tpm-spec-revision 162 --tpm-manufacturer id:00001014 >> --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile >> /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options >> Successfully created EK certificate locally. >> Successfully created NVRAM area 0x1c00016 for ECC EK certificate. >> Successfully activated PCR banks sha1,sha256 among sha1,sha256,sha384,sha512. >> Successfully authored TPM state. >> Ending vTPM manufacturing @ Thu 01 Jul 2021 10:48:40 PM PDT >> >> _______________________________________________ >> vfio-users mailing list >> vfio-users@redhat.com >> https://listman.redhat.com/mailman/listinfo/vfio-users >> >> >> _______________________________________________ >> vfio-users mailing list >> vfio-users@redhat.com >> https://listman.redhat.com/mailman/listinfo/vfio-users > > > _______________________________________________ > vfio-users mailing list > vfio-users@redhat.com > https://listman.redhat.com/mailman/listinfo/vfio-users _______________________________________________ vfio-users mailing list vfio-users@redhat.com https://listman.redhat.com/mailman/listinfo/vfio-users
