Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
ContentsContents
Virtualization Guide
  1. Preface
  2. I Introduction
    1. 1 Virtualization technology
    2. 2 Virtualization scenarios
    3. 3 Introduction to Xen virtualization
    4. 4 Introduction to KVM virtualization
    5. 5 Virtualization tools
    6. 6 Installation of virtualization components
    7. 7 Virtualization limits and support
  3. II Managing virtual machines with libvirt
    1. 8 Starting and stopping libvirtd
    2. 9 Preparing the VM Host Server
    3. 10 Guest installation
    4. 11 Basic VM Guest management
    5. 12 Connecting and authorizing
    6. 13 Advanced storage topics
    7. 14 Configuring virtual machines with Virtual Machine Manager
    8. 15 Configuring virtual machines with virsh
    9. 16 Managing virtual machines with Vagrant
    10. 17 Xen to KVM migration guide
  4. III Hypervisor-independent features
    1. 18 Disk cache modes
    2. 19 VM Guest clock settings
    3. 20 libguestfs
    4. 21 QEMU guest agent
    5. 22 Software TPM emulator
  5. IV Managing virtual machines with Xen
    1. 23 Setting up a virtual machine host
    2. 24 Virtual networking
    3. 25 Managing a virtualization environment
    4. 26 Block devices in Xen
    5. 27 Virtualization: configuration options and settings
    6. 28 Administrative tasks
    7. 29 XenStore: configuration database shared between domains
    8. 30 Xen as a high-availability virtualization host
    9. 31 Xen: converting a paravirtual (PV) guest into a fully virtual (FV/HVM) guest
  6. V Managing virtual machines with QEMU
    1. 32 QEMU overview
    2. 33 Setting up a KVM VM Host Server
    3. 34 Guest installation
    4. 35 Running virtual machines with qemu-system-ARCH
    5. 36 Virtual machine administration using QEMU monitor
  7. Glossary
  8. A Virtual machine drivers
  9. B Configuring GPU Pass-Through for NVIDIA cards
  10. C XM, XL toolstacks, and the libvirt framework
  11. D GNU licenses
Navigation
Applies to SUSE Linux Enterprise Server 15 SP3

22 Software TPM emulator Edit source

22.1 Introduction Edit source

The Trusted Platform Module (TPM) is a cryptoprocessor that secures hardware using cryptographic keys. For developers who use the TPM to develop security features, a software TPM emulator is a convenient solution. Compared to a hardware TPM device, the emulator has no limit on the number of guests that can access it. Also, it is simple to switch between TPM versions 1.2 and 2.0. QEMU supports the software TPM emulator that is included in the swtpm package.

22.2 Prerequisites Edit source

Before you can install and use the software TPM emulator, you need to install the libvirt virtualization environment. Refer to Section 6.2, “Running the yast2-vm module” and install one of the provided virtualization solutions.

22.3 Installation Edit source

To use the software TPM emulator, install the swtpm package:

tux > sudo zypper install swtpm

22.4 Using swtpm with QEMU Edit source

swtpm provides three types of interface: socket, chardev, and cuse. This procedure focuses on the socket interface.

  1. Create a directory mytpm0 inside the VM directory—for example, /var/lib/libvirt/qemu/sle15sp3—to store the TPM states:

    tux > sudo mkdir /var/lib/libvirt/qemu/sle15sp3/mytpm0
  2. Start swtmp. It will create a socket file—for example, swtpm-sock—that QEMU can use:

     tux > sudo swtpm socket
      --tpmstate dir=/var/lib/libvirt/qemu/sle15sp3/mytpm0 \
      --ctrl type=unixio,path=/var/lib/libvirt/qemu/sle15sp3/mytpm0/swtpm-sock \
      --log level=20
    Tip
    Tip: TPM version 2.0

    By default, swtpm starts a TPM version 1.2 emulator and stores its states in the tpm-00.permall directory. To create a TPM 2.0 instance, run:

     tux > sudo swtpm socket
      --tpm2
      --tpmstate dir=/var/lib/libvirt/qemu/sle15sp3/mytpm0 \
      --ctrl type=unixio,path=/var/lib/libvirt/qemu/sle15sp3/mytpm0/swtpm-sock \
      --log level=20

    TPM 2.0 states will be stored in the tpm2-00.permall directory.

  3. Add the following command line parameters to the qemu-system-ARCH command:

    tux > qemu-system-x86_64 \
    [...]
    -chardev socket,id=chrtpm,path=/var/lib/libvirt/qemu/sle15sp3/mytpm0/swtpm-sock \
    -tpmdev emulator,id=tpm0,chardev=chrtpm \
    -device tpm-tis,tpmdev=tpm0
  4. Verify that the TPM device is available in the guest by running the following command:

    tux > tpm_version
    TPM 1.2 Version Info:
    Chip Version:        1.2.18.158
    Spec Level:          2
    Errata Revision:     3
    TPM Vendor ID:       IBM
    TPM Version:         01010000
    Manufacturer Info:   49424d00

22.5 Using swtpm with libvirt Edit source

To use swtpm with libvirt, add the following TPM device to the guest XML specification:

<devices>
 <tpm model='tpm-tis'>
  <backend type='emulator' version='2.0'/>
 </tpm>
</devices>

libvirt will start swtpm for the guest automatically; you do not need to start it manually in advance. The corresponding permall file will be created in /var/lib/libvirt/swtpm/VM_UUID.

22.6 TPM measurement with OVMF firmware Edit source

If the guest uses the Open Virtual Machine Firmware (OVMF), it will measure components with TPM. You can find the event log in /sys/kernel/security/tpm0/binary_bios_measurements.

22.7 Resources Edit source

Print this page