Solved bhyve: TPM 2.0 emulation with swtpm

[tanis]

Dear @ll,

bhyve: TPM 2.0 emulation with swtpm is already part of the freebsd-src, is there any schedule when this is going to be part of a RELEASE ?

Regards,

tanis

 

[T-Daemon]

This would be 14.3-RELEASE, which is scheduled to be available on or after May 30.

If you are eager to try it earlier, you can try stable/14 (14.3-PRERELEASE). This branch has the TPM 2.0 emulation also implemented.

 

[AndAlooongCameFreeBSD]

This worked for me when I made a quick test, don't forget the TPM settings for bhyve_config(5):

# pkg install swtpm

# bhyve_config(5)
# tpm.path=/root/test/swtpm.sock
# tpm.type=swtpm
# tpm.version=2.0

mkdir /root/test
cd /root/test

swtpm socket --server type=unixio,path=swtpm.sock --tpm2 \
--tpmstate dir="/root/test/"
--pid file=swtpm.pid \
--log file=swtpm.log,level=7 \
--ctrl type=unixio,path=ctrl.sock,terminate \
--chroot=/root/test/ \
--daemon \
--flags startup-clear

ls -al /root/test

# graceful shutdown
kill -s TERM $(cat swtpm.pid)

# TPM state files and log kept after shutdown
ls -al /root/test

I think startup-clear needs to be replaced with startup-state after the initial setup in the guest OS.
chmod(1) and chown(8) the files created by swtpm(8) as needed.