Hi all! Just setting up a cluster using Centos 7 We have a desperate need for TPM support and: 1. Tried the "standard" distro install. linvirt supports TPM passthrough but kvm-qemu barfs: "unsupported configuration: The QEMU executable /usr/libexec/qemu-kvm does not support TPM backend type passthrough" 2. The activated the qemu-ev repo and updated qemu-kvm to version 2.10.0, which for sure should support at least passthrough. No luck - Same error message. Downloaded the source for th rpm and found a line: "--disable-tpm" in build_configure.sh. Guess that the maintainers has some reason to turn tpm off. Can somone confirm this? 3. And now what next? The setup would really need swtpm, which should be available in 2.11.0. Can someone confirm that tpm will be enabled here? Would also be nice having a libvirt that will accept the swtpm configuration. the current don't like it. Could of course recompile qemu myself, but really wouldn't like going that route. The sheer number of patches applied is quite scary... Best Dag
On Tue, 28 Aug 2018 14:52:49 +0300 Dag Nygren <dag at newtech.fi> wrote:> 2. The activated the qemu-ev repo and updated qemu-kvm to version 2.10.0, which for sure > should support at least passthrough. No luck - Same error message. > Downloaded the source for th rpm and found a line: "--disable-tpm" > in build_configure.sh. Guess that the maintainers has some reason > to turn tpm off. Can somone confirm this?> Could of course recompile qemu myself, but really wouldn't like > going that route. The sheer number of patches applied is quite scary...I would change --disable-tpm to --enable-tpm in rpm spec file, rebuild the package and try if it works. Regards, Nerijus
2018-08-28 13:52 GMT+02:00 Dag Nygren <dag at newtech.fi>:> Hi all! > > Just setting up a cluster using Centos 7 > > We have a desperate need for TPM support and: > > 1. Tried the "standard" distro install. linvirt supports > TPM passthrough but kvm-qemu barfs: > "unsupported configuration: The QEMU executable /usr/libexec/qemu-kvm > does not support TPM backend type passthrough" > > 2. The activated the qemu-ev repo and updated qemu-kvm to version 2.10.0, > which for sure > should support at least passthrough. No luck - Same error message. > Downloaded the source for th rpm and found a line: "--disable-tpm" > in build_configure.sh. Guess that the maintainers has some reason > to turn tpm off. Can somone confirm this? >Not sure about reasons for turning off, but request to enable it has been closed wontfix: https://bugzilla.redhat.com/show_bug.cgi?id=1327947> > 3. And now what next? The setup would really need swtpm, which > should be available in 2.11.0. Can someone confirm that tpm > will be enabled here? Would also be nice having a libvirt that > will accept the swtpm configuration. the current don't like it. >Adding Miroslav> > Could of course recompile qemu myself, but really wouldn't like > going that route. The sheer number of patches applied is quite scary... > > Best > Dag > > > _______________________________________________ > CentOS-virt mailing list > CentOS-virt at centos.org > https://lists.centos.org/mailman/listinfo/centos-virt >-- SANDRO BONAZZOLA MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV Red Hat EMEA <https://www.redhat.com/> sbonazzo at redhat.com <https://red.ht/sig> <https://www.redhat.com/en/events/red-hat-open-source-day-italia?sc_cid=701f2000000RgRyAAK> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20180829/a27232bf/attachment.html>
On onsdag 29 augusti 2018 kl. 10:00:39 EEST Sandro Bonazzola wrote:> 2018-08-28 13:52 GMT+02:00 Dag Nygren <dag at newtech.fi>: > > > We have a desperate need for TPM support and: > > > > 1. Tried the "standard" distro install. linvirt supports > > TPM passthrough but kvm-qemu barfs: > > "unsupported configuration: The QEMU executable /usr/libexec/qemu-kvm > > does not support TPM backend type passthrough" > > > > 2. The activated the qemu-ev repo and updated qemu-kvm to version 2.10.0, > > which for sure > > should support at least passthrough. No luck - Same error message. > > Downloaded the source for th rpm and found a line: "--disable-tpm" > > in build_configure.sh. Guess that the maintainers has some reason > > to turn tpm off. Can somone confirm this? > > > > Not sure about reasons for turning off, but request to enable it has been > closed wontfix: https://bugzilla.redhat.com/show_bug.cgi?id=1327947Thanks for the comments and reactions so far! Well. Changed -disable-tpm to enable-tpm in the rpmbuild and built myself a version with TPM passthrough enabled. Just to find out that it only supports tpm_tis in 2.10.0 and our device only seem to speak tpm_cdr :-(. Bugger.. But we really do need multiple VM:s accessing the hardware TPM anyway and this would only give us one VM ... Also downloaded qemu 2.12.0 and tried to very optimistically just throw it in the rpmbuild. And got a heap of patch fails already at the first patch. Expected of course... So no such luck. Now looking further it also seems like even 2.12.0 will not solve our problem as it only gives multiple VM access to the swtpm emulator. We need access to the hardware TPM... Can you make swtpm use the hardware ? Any advice would/will be valuable! Best Dag