bhyve bhyve TPM emulation

cmoerz said:
bhyve supports TPM emulation now (see bhyve()) - anyone of you given that a try yet? What's your experience?
I've found a demo by Corvin Köhne, however he seems to make use of Linux in that presentation... any experience with Windows?
Click to expand...
Looking for the same thing right now.
I'm trying to install Win11 without bypassing tpm.

In https://reviews.freebsd.org/D32961 it says:
Code: 
-l tpm2,passthru,/dev/tpm0

My laptop doesn't show /dev/tpm0 so I think we need to activate TPM at BIOS first?
 
And finished installing win11.

Actually running with:
Code: 
network0_type="e1000"
disk0_type="ahci-hd"


Install virtio drivers and then switch to:
Code: 
network0_type="virtio-net"
disk0_type="virtio-blk"

Like I use in win10... but it doesn't work on win11:
INACCESSIBLE BOOT DEVICE


graphics passthru:
-nvidia is not supported because it misses some modules/code
-amd is supported
-intel is supported (assuming for what I see in above video) and tomorow I will try it

Doing these tests in: 15-CURRENT 3b1904d9eb04

Cheers
 
Correct procedure to install disk virtio drivers is to run bhive with virtio-blk and during win11 install, load drivers from cd.

disk0_type="virtio-blk"
disk0_name="disk0.img"

disk1_type="ahci-cd"
disk1_dev="custom"
disk1_name="/path/to/virtio-win-0.1.240.iso"
and it will recognise disk to format/install

or for better speed, just run install with: (no drivers needed)
disk0_type="nvme"
disk0_name="disk0.img"

After install is complete, run bhyve and install virtio-net drivers (without running setup from cd):
#network0_type="e1000"
network0_type="virtio-net"
network0_switch="public"
searching on cd for drivers and win11 will find it.

Working with nvme/virtio-net right now! Really cool
 
Interesting... but this is NOT emulation -- this is passthrough. You do have a physical TPM device. Emulation is when you DON"T have one but
bhyve will emulate it for you. The post title is about EMULATION, and I'm also interested in that. And yes, man page and YT videos all say it IS supported, so... Any information on HOW this is supposed to be done?
 
This is what I found so far:
Code: 
bhyve: add cmdline option for TPM emulation

At the moment, only a TPM passthru is supported. The cmdline looks like:

-l tpm,passthru,/dev/tpm0

Reviewed by: markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D32961
Repository: rG FreeBSD src repository
Author: corvink
Commit Date: Aug 17 2023
As of Aug 17 2023, only passthru was supported.

Then, the TPM emulation suggested by the author was to be based on SWTPM -- and we do have this in ports now, sysutils/swtpm
So I wonder if that can be used along with the bhyve TPM passthru.
.
 
free-and-bsd said:
Then, the TPM emulation suggested by the author was to be based on SWTPM -- and we do have this in ports now, sysutils/swtpm
So I wonder if that can be used along with the bhyve TPM passthru.
Click to expand...

I've tried it a couple of weeks ago, and the answer is no. The FreeBSD port of swtpm does not provide a character device (the implementation depends on linux' CUSE), which could then (eventually?) be passed (as passthru) to bhyve.
 
You must log in or register to reply here.
Back
Top