diff options
author | Patrick Ohly <patrick.ohly@intel.com> | 2017-01-20 08:51:07 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-03-01 11:17:44 +0000 |
commit | 81b7a9832f9292ced5a113f0c50e1318301f7358 (patch) | |
tree | c58018580b33e880c999e894cd2542a4cd601016 /meta/recipes-devtools/qemu/qemu_2.8.0.bb | |
parent | b16192c93834d0a6530169557aa34122e1417bcf (diff) | |
download | poky-81b7a9832f9292ced5a113f0c50e1318301f7358.tar.gz |
qemu: support virtual TPM
This enables the use of swtpm (from meta-security) as a virtual TPM in
qemu. These patches extend the existing support in qemu for TPM
passthrough so that a swtpm daemon can be accessed via CUSE (character
device in user space).
To use this:
- add the meta-security layer including the swtpm enhancements for qemu
- bitbake swtpm-native
- create a TPM instance and initialize it with:
$ mkdir -p my-machine/myvtpm0
$ tmp-glibc/sysroots/x86_64-linux/usr/bin/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0 --createek
Starting vTPM manufacturing as root:root @ Fri 20 Jan 2017 08:56:18 AM CET
TPM is listening on TCP port 52167.
Successfully created EK.
Successfully authored TPM state.
Ending vTPM manufacturing @ Fri 20 Jan 2017 08:56:19 AM CET
- run swtpm *before each runqemu invocation* (it shuts down after use) and
do it as root (required to set up the /dev/vtpm0 CUSE device):
$ sudo sh -c 'PATH=`pwd`/tmp-glibc/sysroots/x86_64-linux/usr/bin/:`pwd`/tmp-glibc/sysroots/x86_64-linux/usr/sbin/:$PATH; export TPM_PATH=`pwd`/my-machine/myvtpm0; swtpm_cuse -n vtpm0' && sudo chmod a+rw /dev/vtpm0
- run qemu:
$ runqemu 'qemuparams=-tpmdev cuse-tpm,id=tpm0,path=/dev/vtpm0 -device tpm-tis,tpmdev=tpm0' ...
The guest kernel has to have TPM support enabled, which can be done with:
KERNEL_FEATURES_append = " features/tpm/tpm.scc"
(From OE-Core rev: 1264d26fa251ac11a9069f3e602dec6be9d8b9ba)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu_2.8.0.bb')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu_2.8.0.bb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu_2.8.0.bb b/meta/recipes-devtools/qemu/qemu_2.8.0.bb index e0527a8fd9..f25aa467e5 100644 --- a/meta/recipes-devtools/qemu/qemu_2.8.0.bb +++ b/meta/recipes-devtools/qemu/qemu_2.8.0.bb | |||
@@ -11,6 +11,13 @@ SRC_URI += "file://configure-fix-Darwin-target-detection.patch \ | |||
11 | file://target-ppc-fix-user-mode.patch \ | 11 | file://target-ppc-fix-user-mode.patch \ |
12 | " | 12 | " |
13 | 13 | ||
14 | SRC_URI += " \ | ||
15 | file://0001-Provide-support-for-the-CUSE-TPM.patch \ | ||
16 | file://0002-Introduce-condition-to-notify-waiters-of-completed-c.patch \ | ||
17 | file://0003-Introduce-condition-in-TPM-backend-for-notification.patch \ | ||
18 | file://0004-Add-support-for-VM-suspend-resume-for-TPM-TIS.patch \ | ||
19 | " | ||
20 | |||
14 | SRC_URI =+ "http://wiki.qemu-project.org/download/${BP}.tar.bz2" | 21 | SRC_URI =+ "http://wiki.qemu-project.org/download/${BP}.tar.bz2" |
15 | 22 | ||
16 | SRC_URI[md5sum] = "17940dce063b6ce450a12e719a6c9c43" | 23 | SRC_URI[md5sum] = "17940dce063b6ce450a12e719a6c9c43" |