bhyve How to enable fTPM on ROG Strix X570-F Gaming

devhq · May 15, 2025

I'm trying to get TPM working on FreeBSD in order to install and run Windows 11 inside a bhyve virtual machine.

System setup:

Motherboard: ASUS ROG Strix X570-F Gaming (AM4)
CPU: AMD Ryzen
fTPM is enabled in BIOS
OS: FreeBSD 14.2

Even though fTPM is enabled in BIOS, I don’t see a TPM device on the system (e.g., /dev/tpm0 is missing). I checked dmesg and don’t see any TPM-related entries.

I need TPM support to install and run Windows 11 in a bhyve VM. Is there anything special that needs to be done on FreeBSD to get fTPM recognized?
If there’s a way to use a virtualized TPM in bhyve (like swtpm), that would also be a valid solution.

Any help or pointers would be greatly appreciated. Thanks!

T-Daemon · May 15, 2025

devhq said:
OS: FreeBSD 14.2

TPM as in bhyve: TPM 2.0 emulation with swtpm is supported on 14.3-BETA2 , 14.3-STABLE, 15.0-CURRENT.

T-Daemon · May 15, 2025

There is TPM support on 14.2 through tpm(4).

devhq said:
I don’t see a TPM device on the system (e.g., /dev/tpm0 is missing).

The tpm kernel module needs to be loaded to create a device node.

devhq · May 16, 2025

T-Daemon said:
There is TPM support on 14.2 through tpm(4).

The tpm kernel module needs to be loaded to create a device node.

The TPM kernel module is already loaded, but there's no /dev/tpm0, and dmesg doesn't show anything TPM-related. Seems like the device isn't being detected.

jardows · May 16, 2025

devhq said:
The TPM kernel module is already loaded, but there's no /dev/tpm0, and dmesg doesn't show anything TPM-related. Seems like the device isn't being detected.

Looking through the tpm(4) page, it doesn't look like it supports the AMD fTPM. You will probably need to purchase the ASUS SPI-TPM module for your motherboard. I have the same issue with my TUF GAMING X570-PLUS motherboard. I have yet to purchase the hardware TPM for testing though.

devhq · May 19, 2025

jardows said:
Looking through the tpm(4) page, it doesn't look like it supports the AMD fTPM. You will probably need to purchase the ASUS SPI-TPM module for your motherboard. I have the same issue with my TUF GAMING X570-PLUS motherboard. I have yet to purchase the hardware TPM for testing though.

I ended up purchasing the ASUS SPI-TPM module.
After installing the module and rebooting, /dev/tpm0 appeared, so FreeBSD does recognize the discrete TPM just fine.

However, I'm still unable to get TPM passthrough working in bhyve. When I try to launch a VM with:

-l tpm,passthru,/dev/tpm0

I get the following error:

bhyve: tpm_passthru_execute_cmd: cmd write failed (bytes written: -1 / 3968): Input/output error

And in the dmesg output, I see:

tpmtis0: Failed to write cmd to device
tpmtis0: Failed to switch to ready state

So even though the TPM module is visible and recognized by the host, bhyve fails to communicate with it via passthrough. It seems that TPM passthrough support is still unstable or not fully compatible with SPI-based TPM modules.

If anyone has successfully set up TPM passthrough on a similar configuration, I'd really appreciate any tips.

T-Daemon · May 19, 2025

devhq said:
However, I'm still unable to get TPM passthrough working in bhyve. When I try to launch a VM with:

Rich (BB code):

-l tpm,passthru,/dev/tpm0

That's not how it's done. You need to reserve pptdevs from the host for bhyve, see vmm(4) PCI PASSTHROUGH), and https://wiki.freebsd.org/bhyve/pci_passthru

EDIT: My mistake, bhyve_config(5) tpm.path. The following kernel state might the missing part. /EDIT

On AMD additionally enable vmm.amdvi (see https://wiki.freebsd.org/bhyve#Q:_Does_bhyve_support_VT-d_PCI_device_pass-through.3F).

Example /boot/loader.conf

Code:

vmm_load="YES"
tpm_load="YES"

#pptdevs="4/0/2"
hw.vmm.amdvi.enable=1

Reboot system to take effect.