Integrating swtpm(as a software TPM) with OpenBMC on Qemu

Stefan Berger stefanb at linux.ibm.com
Thu May 4 23:59:35 AEST 2023 


On 5/4/23 05:12, Sandeep Kumar wrote:
> TCS Confidential Hi C, I was able to build and run the image(for evb-ast2600) with swtpm. Few issues observed, If I run with the flash. img provided in your github link(https: //github. com/legoater/qemu-aspeed-boot/tree/master/images) everything
> ZjQcmQRYFpfptBannerStart
> This Message Is From an External Sender
> This message came from outside your organization.
> ZjQcmQRYFpfptBannerEnd
> TCS Confidential
> 
> Hi C,
> I was able to build and run the image(for evb-ast2600) with swtpm. Few issues observed,
> 
>  1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images>) everything works as expected, i.e I get the below output.
> 
> *# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device*
> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id 1)*
> *[  182.773885] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e*
> *#*
> *#*
> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
> *#*
> *#*
> 
>  2. If I run it with the locally built image, I get this error,

Is the kernel configured in the same way? Are you using the same kernel version?
> 
> *root at evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device*
> *[  174.063597] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e*

What is the output of this?

find /sys/class/tpm | grep pcr

   Stefan

> *root at evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*
> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such file or directory*
> *root at evb-ast2600:~#*
> *root at evb-ast2600:~#*
> Please do let me know about what has been done to write the values into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . *
> Thanks,
> Sandeep.
> _____________________________________________
> *From:* Sandeep Kumar
> *Sent:* Thursday, April 20, 2023 5:45 PM
> *To:* Cédric Le Goater <clg at kaod.org>; openbmc at lists.ozlabs.org; Ninad Palsule <ninad at linux.ibm.com>; Joel Stanley <jms at jms.id.au>; Andrew Jeffery <andrew at aj.id.au>
> *Subject:* RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> Hi C,
> How to build this image => *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
> Please advise if we have to build openbmc stack in a different way than the standard procedure. We follow the below steps for build,
> 1. . setup Romulus
> 2. bitbake obmc-phosphor-image
> Thanks,
> Sandeep.
> -----Original Message-----
> From: Sandeep Kumar
> Sent: Wednesday, April 19, 2023 3:00 PM
> To: Cédric Le Goater <_clg at kaod.org_ <mailto:clg at kaod.org>>; _openbmc at lists.ozlabs.org_ <mailto:openbmc at lists.ozlabs.org>; Ninad Palsule <_ninad at linux.ibm.com_ <mailto:ninad at linux.ibm.com>>; Joel Stanley <_jms at jms.id.au_ <mailto:jms at jms.id.au>>; Andrew Jeffery <_andrew at aj.id.au_ <mailto:andrew at aj.id.au>>
> Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> Hi C,
> Got it working. Looks like slirp is no longer supported on ubnutu 18.04. have upgraded to a newer version  and is working now.
> Thanks,
> Sandeep.
> -----Original Message-----
> From: Cédric Le Goater <clg at kaod.org <mailto:clg at kaod.org>>
> Sent: Wednesday, April 19, 2023 2:26 PM
> To: Sandeep Kumar <sandeep.pkumar at tcs.com <mailto:sandeep.pkumar at tcs.com>>; openbmc at lists.ozlabs.org <mailto:openbmc at lists.ozlabs.org>; Ninad Palsule <ninad at linux.ibm.com <mailto:ninad at linux.ibm.com>>; Joel Stanley <jms at jms.id.au <mailto:jms at jms.id.au>>; Andrew Jeffery <andrew at aj.id.au <mailto:andrew at aj.id.au>>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> "External email. Open with Caution"
> Hello Sandeep
> On 4/18/23 09:45, Sandeep Kumar wrote:
>> TCS Confidential
>> 
>> Hi C,
>> Built the qemu from your branch. Few issues, *$ ./qemu-system-arm -m
>> 256 -M romulus-bmc -nographic -drive
>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd -net 
>> nic -net 
>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=
>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:12
>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>> *qemu-system-arm: -net
>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd=
>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:12
>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu: 
>> network backend 'user' is not compiled into this binary* I didn’t 
>> enable the slirp package I guess. So enabled it while running 
>> configure, *$ ../configure --enable-slirp*
>> *........*
>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried
>> pkgconfig* *A full log can be found at 
>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/me
>> son-log.txt*
>> *NOTICE: You are using Python 3.6 which is EOL. Starting with v0.62.0, 
>> Meson will require Python 3.7 or newer*
>> *ERROR: meson setup failed*
>> I have already installed slirp locally, but still getting the above error.
> Did you install the libslirp-dev or libslirp-devel package ?
> C.
> 
> TCS Confidential
> 
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>

More information about the openbmc mailing list