Integrating swtpm(as a software TPM) with OpenBMC on Qemu

Stefan Berger stefanb at linux.ibm.com
Fri May 5 23:26:22 AEST 2023 


On 5/5/23 01:40, Sandeep Kumar wrote:
>   TCS Confidential
> 
> Hi Stefan,
> 
> Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
> Ans:
>          I am using the Kernel version coming with the latest openBMC without any changes.
>          Kernel version used : Linux evb-ast2600 6.1.15-580639a #1 SMP Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
> 
> Stefan:  What is the output of this?  find /sys/class/tpm | grep pcr
> Ams:     find: /sys/class/tpm: No such file or directory.
> 
> Could you please point to the right version of kernel which has all these changes ?

I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.

Does this show any files?

find /sys | grep pcr

Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?

    Stefan


> 
> 
> Thanks,
> Sandeep.
> 
> -----Original Message-----
> From: Stefan Berger <stefanb at linux.ibm.com>
> Sent: Thursday, May 4, 2023 7:30 PM
> To: Sandeep Kumar <sandeep.pkumar at tcs.com>; Cédric Le Goater <clg at kaod.org>; openbmc at lists.ozlabs.org; Ninad Palsule <ninad at linux.ibm.com>; Joel Stanley <jms at jms.id.au>; Andrew Jeffery <andrew at aj.id.au>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
> 
> "External email. Open with Caution"
> 
> 
> On 5/4/23 05:12, Sandeep Kumar wrote:
>> TCS Confidential Hi C, I was able to build and run the image(for
>> evb-ast2600) with swtpm. Few issues observed, If I run with the flash. 
>> img provided in your github link(https: //github. 
>> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>> ZjQcmQRYFpfptBannerEnd
>> TCS Confidential
>>
>> Hi C,
>> I was able to build and run the image(for evb-ast2600) with swtpm. Few
>> issues observed,
>>
>>   1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images>) everything works as expected, i.e I get the below output.
>>
>> *# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device*
>> *[  182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id
>> 1)* *[  182.773885] i2c i2c-12: new_device: Instantiated device
>> tpm_tis_i2c at 0x2e*
>> *#*
>> *#*
>> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>> *#*
>> *#*
>>
>>   2. If I run it with the locally built image, I get this error,
> 
> Is the kernel configured in the same way? Are you using the same kernel version?
>>
>> *root at evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>> /sys/bus/i2c/devices/i2c-12/new_device*
>> *[  174.063597] i2c i2c-12: new_device: Instantiated device
>> tpm_tis_i2c at 0x2e*
> 
> What is the output of this?
> 
> find /sys/class/tpm | grep pcr
> 
>     Stefan
> 
>> *root at evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such file or
>> directory*
>> *root at evb-ast2600:~#*
>> *root at evb-ast2600:~#*
>> Please do let me know about what has been done to write the values
>> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>> _____________________________________________
>> *From:* Sandeep Kumar
>> *Sent:* Thursday, April 20, 2023 5:45 PM
>> *To:* Cédric Le Goater <clg at kaod.org>; openbmc at lists.ozlabs.org; Ninad
>> Palsule <ninad at linux.ibm.com>; Joel Stanley <jms at jms.id.au>; Andrew
>> Jeffery <andrew at aj.id.au>
>> *Subject:* RE: Integrating swtpm(as a software TPM) with OpenBMC on
>> Qemu Hi C, How to build this image =>
>> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
>> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>> Please advise if we have to build openbmc stack in a different way
>> than the standard procedure. We follow the below steps for build, 1. .
>> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>> -----Original Message-----
>> From: Sandeep Kumar
>> Sent: Wednesday, April 19, 2023 3:00 PM
>> To: Cédric Le Goater <_clg at kaod.org_ <mailto:clg at kaod.org>>;
>> _openbmc at lists.ozlabs.org_ <mailto:openbmc at lists.ozlabs.org>; Ninad
>> Palsule <_ninad at linux.ibm.com_ <mailto:ninad at linux.ibm.com>>; Joel
>> Stanley <_jms at jms.id.au_ <mailto:jms at jms.id.au>>; Andrew Jeffery
>> <_andrew at aj.id.au_ <mailto:andrew at aj.id.au>>
>> Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>> Hi C, Got it working. Looks like slirp is no longer supported on
>> ubnutu 18.04. have upgraded to a newer version  and is working now.
>> Thanks,
>> Sandeep.
>> -----Original Message-----
>> From: Cédric Le Goater <clg at kaod.org <mailto:clg at kaod.org>>
>> Sent: Wednesday, April 19, 2023 2:26 PM
>> To: Sandeep Kumar <sandeep.pkumar at tcs.com
>> <mailto:sandeep.pkumar at tcs.com>>; openbmc at lists.ozlabs.org
>> <mailto:openbmc at lists.ozlabs.org>; Ninad Palsule <ninad at linux.ibm.com
>> <mailto:ninad at linux.ibm.com>>; Joel Stanley <jms at jms.id.au
>> <mailto:jms at jms.id.au>>; Andrew Jeffery <andrew at aj.id.au
>> <mailto:andrew at aj.id.au>>
>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>> "External email. Open with Caution"
>> Hello Sandeep
>> On 4/18/23 09:45, Sandeep Kumar wrote:
>>> TCS Confidential
>>>
>>> Hi C,
>>> Built the qemu from your branch. Few issues, *$ ./qemu-system-arm -m
>>> 256 -M romulus-bmc -nographic -drive
>>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd -net
>>> nic -net
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd
>>> =
>>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:1
>>> 2
>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>>> *qemu-system-arm: -net
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfwd
>>> =
>>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:1
>>> 2
>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>>> network backend 'user' is not compiled into this binary* I didn’t
>>> enable the slirp package I guess. So enabled it while running
>>> configure, *$ ../configure --enable-slirp*
>>> *........*
>>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>>> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried
>>> pkgconfig* *A full log can be found at
>>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/m
>>> e
>>> son-log.txt*
>>> *NOTICE: You are using Python 3.6 which is EOL. Starting with
>>> v0.62.0, Meson will require Python 3.7 or newer*
>>> *ERROR: meson setup failed*
>>> I have already installed slirp locally, but still getting the above error.
>> Did you install the libslirp-dev or libslirp-devel package ?
>> C.
>>
>> TCS Confidential
>>
>> =====-----=====-----=====
>> Notice: The information contained in this e-mail message and/or
>> attachments to it may contain confidential or privileged information.
>> If you are not the intended recipient, any dissemination, use, review,
>> distribution, printing or copying of the information contained in this
>> e-mail message and/or attachments to it are strictly prohibited. If
>> you have received this communication in error, please notify us by
>> reply e-mail or telephone and immediately and permanently delete the
>> message and any attachments. Thank you
>>
> 
>   TCS Confidential

More information about the openbmc mailing list