You also need secure boot enabled bios even if you do not fully use it. Have it working on a VM as well
On Aug 20, 2022, 4:55 PM, at 4:55 PM, Roger Lawhorn <r...@twc.com> wrote: > >i added tmp 2.0 support to my virt machine. >windows pc health check says i dont qualify for windows 11. >my amd epyc cpu is not supported and i dont use secure boot >says tpm not detected and yet the device manager shows tpm 2.0 >installed >i can add secure boot if needed > >On 8/4/21 10:24 AM, Roger Lawhorn wrote: >> i found this: >> >https://titanwolf.org/Network/Articles/Article?AID=61faf297-0fb8-4dac-babc-877e889b896e#gsc.tab=0 > >> >> >> >> On 8/3/21 8:36 PM, Ivan Volosyuk wrote: >>> It's a package, just run in your gentoo box: >>> emerge swtpm >>> >>> And setup using: >>> https://qemu-project.gitlab.io/qemu/specs/tpm.html >>> >>> On Wed, Aug 4, 2021 at 2:49 AM Roger Lawhorn <r...@twc.com> wrote: >>>> how do i install swtpm? >>>> is it a package in my repo or do i need to compile the source code? >>>> i dont use libvert, i run a qemu script to launch windows 10 >>>> how do i tell qemu that it needs to use it? >>>> is it an additional switch on the command line? >>>> thanks >>>> >>>> >>>> On 8/3/21 2:20 AM, Brett Peckinpaugh wrote: >>>> >>>> I found my issue, it was mainly I was still using the i440fx and >>>> needed to switch to q35. Which required a bit more work, and as I >>>> had to rebuild and reinstall windows I used the secure boot OVMF >and >>>> with that I should be if I decide to 100% windows 11 compliant. >You >>>> will need to install swtpm and might have to correct some >>>> permissions based on your install, and what user and it's >>>> permissions that are running your qemu and libvirt. >>>> >>>> On Mon, Aug 2, 2021 at 9:39 PM Roger Lawhorn <r...@twc.com> wrote: >>>>> We are all facing a forced upgrade to windows 11 so we must answer > >>>>> this question. >>>>> Thanks for asking it. >>>>> I am not familiar with TPM in virt machines so I decline to >comment. >>>>> >>>>> On 7/2/21 2:03 AM, Brett Peckinpaugh wrote: >>>>> >>>>> With Win 11 coming I figured I would spend a bit of time tinkering > >>>>> and see I could be ready if I decided it isn't the junk OS that >>>>> every other windows OS is. I run a guest with OVMF for UEFI and >>>>> pass through a PCIE video card. Everything works fine. >>>>> >>>>> Challenge I am running into is I installed swtpm, then added a >>>>> software TPM to my guest. System boots and runs fine but the TPM >>>>> fails to start in the Windows guest with a code of 10. From Linux > >>>>> it all looks good. Windows events just say generic failure >messages. >>>>> >>>>> To confuse me more, I have a server with a guest running windows >>>>> that is just virtual. Added the TPM and it shows up and is >working >>>>> on that guest. Host is Manjaro flavor of Arch. >>>>> >>>>> Linux logs for the TPM seems good. Any ideas? I tried to boot >>>>> using a secure boot enabled version of OVMF and guest would not >>>>> even start. >>>>> >>>>> Starting vTPM manufacturing as root:root @ Thu 01 Jul 2021 >10:48:40 >>>>> PM PDT >>>>> Successfully created RSA 2048 EK with handle 0x81010001. >>>>> Invoking /usr/share/swtpm/swtpm-localca --type ek --ek >>>>> >ac3b97418acfd724aed5d9dcc0f0e10a1a90b04ab21525115e7bb00009b9ea63525acc5ac367deef59d99620f129417f21e1419edaebd8b1f385a5b874b463d744c609b2f4c6fc00bfe5712bea7d7506e29ba8b4cb34e1b3c90d3f5a1805ba52628751aef659959d12a33d5238ec82bfa0b04ebab52bde403c9291f80a949de6303af04aa1a706ca4b054f45e94d4749b729ddf2b50849abaae1f681c3bb48ddfce1166fd804b9197d14af5fff9a52e48b0707916091516ed67c4c1e519b51478ecc25c89d9ad7a6f1e29e263b35cb54ca75ebe8bc2d7a82a3f262108abc75592467ccf5defe9e46f3706cc90ae67a4b38910e61a05ff62a9d3ec383bd352143 > >>>>> --dir >>>>> /var/lib/libvirt/swtpm/5e3c8d62-c0ef-41d7-9b7f-cddf618df88a/tpm2 >>>>> --logfile /var/log/swtpm/libvirt/qemu/Megaera-swtpm.log --vmid >>>>> Megaera:5e3c8d62-c0ef-41d7-9b7f-cddf618df88a --tpm-spec-family 2.0 > >>>>> --tpm-spec-level 0 --tpm-spec-revision 162 --tpm-manufacturer >>>>> id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 >>>>> --configfile /etc/swtpm-localca.conf --optsfile >>>>> /etc/swtpm-localca.options >>>>> Successfully created EK certificate locally. >>>>> Invoking /usr/share/swtpm/swtpm-localca --type platform --ek >>>>> >ac3b97418acfd724aed5d9dcc0f0e10a1a90b04ab21525115e7bb00009b9ea63525acc5ac367deef59d99620f129417f21e1419edaebd8b1f385a5b874b463d744c609b2f4c6fc00bfe5712bea7d7506e29ba8b4cb34e1b3c90d3f5a1805ba52628751aef659959d12a33d5238ec82bfa0b04ebab52bde403c9291f80a949de6303af04aa1a706ca4b054f45e94d4749b729ddf2b50849abaae1f681c3bb48ddfce1166fd804b9197d14af5fff9a52e48b0707916091516ed67c4c1e519b51478ecc25c89d9ad7a6f1e29e263b35cb54ca75ebe8bc2d7a82a3f262108abc75592467ccf5defe9e46f3706cc90ae67a4b38910e61a05ff62a9d3ec383bd352143 > >>>>> --dir >>>>> /var/lib/libvirt/swtpm/5e3c8d62-c0ef-41d7-9b7f-cddf618df88a/tpm2 >>>>> --logfile /var/log/swtpm/libvirt/qemu/Megaera-swtpm.log --vmid >>>>> Megaera:5e3c8d62-c0ef-41d7-9b7f-cddf618df88a --tpm-spec-family 2.0 > >>>>> --tpm-spec-level 0 --tpm-spec-revision 162 --tpm-manufacturer >>>>> id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 >>>>> --configfile /etc/swtpm-localca.conf --optsfile >>>>> /etc/swtpm-localca.options >>>>> Successfully created platform certificate locally. >>>>> Successfully created NVRAM area 0x1c00002 for RSA 2048 EK >certificate. >>>>> Successfully created NVRAM area 0x1c08000 for platform >certificate. >>>>> Successfully created ECC EK with handle 0x81010016. >>>>> Invoking /usr/share/swtpm/swtpm-localca --type ek --ek >>>>> >x=0ecc2c9a02316295724304fcdeb9802c6d2f2d5fa40c34717ea9ff64f4d5e969c79f6eaba9bf4f8e6c67416057542a7e,y=6d54604b00bbbc83f8e9d02983c3486514218c9eabf29dbfc692058506828b299cec8605be490173ebe1727719ff5c90,id=secp384r1 > >>>>> --dir >>>>> /var/lib/libvirt/swtpm/5e3c8d62-c0ef-41d7-9b7f-cddf618df88a/tpm2 >>>>> --logfile /var/log/swtpm/libvirt/qemu/Megaera-swtpm.log --vmid >>>>> Megaera:5e3c8d62-c0ef-41d7-9b7f-cddf618df88a --tpm-spec-family 2.0 > >>>>> --tpm-spec-level 0 --tpm-spec-revision 162 --tpm-manufacturer >>>>> id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 >>>>> --configfile /etc/swtpm-localca.conf --optsfile >>>>> /etc/swtpm-localca.options >>>>> Successfully created EK certificate locally. >>>>> Successfully created NVRAM area 0x1c00016 for ECC EK certificate. >>>>> Successfully activated PCR banks sha1,sha256 among >>>>> sha1,sha256,sha384,sha512. >>>>> Successfully authored TPM state. >>>>> Ending vTPM manufacturing @ Thu 01 Jul 2021 10:48:40 PM PDT >>>>> >>>>> _______________________________________________ >>>>> vfio-users mailing list >>>>> vfio-users@redhat.com >>>>> https://listman.redhat.com/mailman/listinfo/vfio-users >>>>> >>>>> >>>>> _______________________________________________ >>>>> vfio-users mailing list >>>>> vfio-users@redhat.com >>>>> https://listman.redhat.com/mailman/listinfo/vfio-users >>>> >>>> _______________________________________________ >>>> vfio-users mailing list >>>> vfio-users@redhat.com >>>> https://listman.redhat.com/mailman/listinfo/vfio-users >> >> _______________________________________________ >> vfio-users mailing list >> vfio-users@redhat.com >> https://listman.redhat.com/mailman/listinfo/vfio-users >> > >_______________________________________________ >vfio-users mailing list >vfio-users@redhat.com >https://listman.redhat.com/mailman/listinfo/vfio-users
_______________________________________________ vfio-users mailing list vfio-users@redhat.com https://listman.redhat.com/mailman/listinfo/vfio-users
