Re: vtpmmgr stubdom

[James Dingwall <james-xen@xxxxxxxxxxxxxx>]

Hi Manfred,

On Thu, Oct 17, 2024 at 08:18:24AM +0200, Manfred Haertel, DB3HM wrote:
> James Dingwall schrieb:
> > 
> > On Wed, Oct 16, 2024 at 11:54:17AM +0000, Brian Woods wrote:
> > > Has anyone got this working? In 4.19.1-pre (stable-4.19 HEAD) I'm getting 
> > > stubdom errors about it not being able to initialize the storage system.
> > 
> > We've been exploring the tpm options available recently but there seems
> > to be a real lack of information about what is supported and how to
> > configure it.  What I read seems as though the vtpm is based on a BerliOs
> > project that only emulates a TPM 1.2 which isn't good enough for Windows
> > (our area of interest), instead we are trying to get `swtpm` working with
> > qemu - no success yet though.
> 
> I succeeded in using swtpm with a Windows 11 VM under Xen, but it was not
> quite easy.
> 
> Windows refers to the ACPI tables when recognizing TPM. So you have to
> define a SSDT that defines a TPM 2.0 device and disables the TPM 1.2 device.
> 
> KVM contains ASL code for this, but this code is incorrect and has probably
> never worked since a patch for it was applied in 2013. The code before 2013
> works though.
> 
> In addition, a separate ACPI table with the name TPM2 is needed.
> 
> And last but not least Windows requires TPM to be started by the "BIOS", so
> you will need a TPM2 capable OVMF.

Do you have any guides/references that we might find useful to get this
working in our environment?  Building an ACPI table isn't something that
I've ever had any experience doing.

Thanks,
James