[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Secure Boot/TPM2 support for Xen HVM guests (Was: Re: vtpmmgr stubdom)

On 10/19/2024 8:53 AM, Manfred Haertel, DB3HM wrote:
> James Dingwall schrieb:
> 
>>> Windows refers to the ACPI tables when recognizing TPM. So you have to
>>> define a SSDT that defines a TPM 2.0 device and disables the TPM 1.2 device.
>>>
>>> KVM contains ASL code for this, but this code is incorrect and has probably
>>> never worked since a patch for it was applied in 2013. The code before 2013
>>> works though.
>>>
>>> In addition, a separate ACPI table with the name TPM2 is needed.
>>>
>>> And last but not least Windows requires TPM to be started by the "BIOS", so
>>> you will need a TPM2 capable OVMF.
>> 
>> Do you have any guides/references that we might find useful to get this
>> working in our environment?  Building an ACPI table isn't something that
>> I've ever had any experience doing.
> 
> I've uploaded a tarball tpm2_override.tar.gz to my Google drive:
> 
> https://drive.google.com/file/d/1mPL6Cc7eJt74zyztIIW9sSkjbU_5gxtA/view?usp=drive_link
> 
> It contains all the source files I used to build my tpm2_override.aml 
> and a prebuilt tpm2_override.aml is also included. You can start the 
> build process by executing the included make.sh .
> 
> You can use it simply by adding the following line to your xl.cfg for 
> the Windows VM:
> 
> acpi_firmware = '/usr/local/tpm2/tpm2_override.aml'
> 
> (or whereever you store your tpm2_override.aml).

I also am interested in this because I have some Windows 10 guests on Xen
that will need to be upgraded to Windows 11 before Windows 10 EOL and therefore
will need to be on a system that supports TPM2/Secure Boot. Unfortunately, Xen
with libxl does not currently support this. I am grateful for the information in
this message which is a good starting point to figure out how to add the 
necessary
support, and I want to add the findings of some further research into this 
problem
that is available online:

Two patches were made to Xen's libacpi which can add the TPM2 related ACPI 
tables to
Xen HVM guests (I don't think it will work with PVH guests because this solution
requires Qemu to provide the emulated TPM2 device provided by swtpm):

https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=5828b94b252ca29c8ef4a7464b9dd32a5f8a7ded

https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=fb751d9a2431e01586844978d38b7fa5b5468ff4

AFAICT Xen 4.18 and newer has these patches. But they are not enabled in the
corresponding versions of libxl. It looks like an appropriate patch to libxl 
could
enable the ACPI TPM2 tables in Xen guests on Xen 4.18 and newer. With these
patches enabled for a guest by appropriate patches to libxl, I think it would
not be necessary to create and enable a tpm2_override ACPI configuration to
satisfy the requirement of support for TPM2 related ACPI tables since this would
be provided by the ACPI library that comes with Xen.

> 
> There isn't any guide for this that I know of. I found it out by myself 
> by trial and error. But it runs without problems for more than two years 
> now on two laptops.

That's great to know it is possible to get the TPM2 Qemu device working
in Xen guests. But the lack of a guide is a problem. My approach to the
problem is to study how XCP-ng is providing Secure Boot/TPM2 support for
Windows 11 guests...

> 
> Note that you also need a TPM2 capable OVMF binary, as Windows expects 
> TPM to be started by UEFI. If your distribution does not contain a TPM2 
> capable OVMF binary, you have to build it yourself.

I think a good starting point for building a TPM2 capable OVMF binary would
be here:

https://github.com/xcp-ng-rpms/edk2/tree/master

In the README file of the above repository, they note that RPM XCP-ng packages
(including for edk2/ovmf firmware) are available here:

https://updates.xcp-ng.org/

This repository contains the patches to OVMF that would be needed to support
both TPM2 and secure boot on Xen HVM guests. It might not work out of the
box on currently supported Linux distros, though, because XCP-ng uses very
old RHEL 7 era software.

> 
> And of course, you have to start and configure swtpm, but this works by 
> using existing guides. You have to put the QEMU option to the 
> device_model_override line in your xl.cfg .

Actually, I think one does not need to override the device model itself with
device_model_override, but one would need to add the appropriate command line
options to the device model (qemu-xen) using a suitable device_model_args_hvm
line in xl.cfg.

> 
> And Windows requires also Secure Boot, and this requires persistent UEFI 
> variables which Xen does not support out of the box. However you can use 
> uefistored,actually written for XCP-NG, which compiles on every Linux 
> distribution. But it requires a patched OVMF...
> 

The xcp-ng-rpms/edk2 repository linked above provides a good starting point for
the patches needed to support secure boot. AFAICT, the most important ones
are the ones that add support for Tcg2PhysicalPresenceLibXen and XenVariable
to OVMF. This solution uses a shared memory region between dom0 and the guest
to provide a way to securely store the guest's UEFI variables in dom0.

XCP-ng has transitioned to varstored instead of uefistored for persistent guest
UEFI variable storage in dom0, and one can get the sources for it here:

https://github.com/xapi-project/varstored/tree/master

Also, XCP-ng has an RPM package of varstored:

https://github.com/xcp-ng-rpms/varstored/tree/master

and prebuilt binary RPM packages are also available from the xcp-ng updates
package repository.

However, AFAICT, this varstored program currently only supports the xapidb
backend that XCP-ng uses. But the Readme file for varstored does say other
backends (other than xapidb) could be added to enable support for other tools
that don't use XAPI such as xl/libxl. So to use varstored with xl/libxl, it
would need to be patched with extra support for a different backend. Also,
this package, like the edk2 package for XCP-ng, are targeting the old RHEL 7
era system so it might need some additional patches to successfully build,
install and run it on more up-to-date distros.

So there is quite a bit of work to be done for those who want to try to add 
support
for the secure boot and TPM2 requirements of Windows 11 to Xen with xl/libxl.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.