Integrating swtpm(as a software TPM) with OpenBMC on Qemu
Sandeep Kumar
sandeep.pkumar at tcs.com
Sat May 6 01:08:37 AEST 2023
TCS Confidential
Hi Stefan,
Please find below my answers inline.
Thanks,
Sandeep.
-----Original Message-----
From: Stefan Berger <stefanb at linux.ibm.com>
Sent: Friday, May 5, 2023 6:56 PM
To: Sandeep Kumar <sandeep.pkumar at tcs.com>; Cédric Le Goater <clg at kaod.org>; openbmc at lists.ozlabs.org; Ninad Palsule <ninad at linux.ibm.com>; Joel Stanley <jms at jms.id.au>; Andrew Jeffery <andrew at aj.id.au>
Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
"External email. Open with Caution"
On 5/5/23 01:40, Sandeep Kumar wrote:
> TCS Confidential
>
> Hi Stefan,
>
> Stefan: Is the kernel configured in the same way? Are you using the same kernel version?
> Ans:
> I am using the Kernel version coming with the latest openBMC without any changes.
> Kernel version used : Linux evb-ast2600 6.1.15-580639a #1 SMP
> Thu Apr 6 00:55:09 UTC 2023 armv71 GNU/Linux
>
> Stefan: What is the output of this? find /sys/class/tpm | grep pcr
> Ams: find: /sys/class/tpm: No such file or directory.
>
> Could you please point to the right version of kernel which has all these changes ?
I am not aware of changes in the Linux kernel for TPM I2C and why it would not work in this kernel version.
Does this show any files?
find /sys | grep pcr
Sandeep: It doesn't show any files.
root at evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
[ 273.273089] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e
root at evb-ast2600:~#
root at evb-ast2600:~# find /sys | grep pcr
root at evb-ast2600:~#
Do /dev/tpm0 and /dev/tpmrm0 appear after the echo ? What does dmesg show related to tpm (dmesg | grep -i tpm)?
Sandeep: I don’t see /dev/tpm0 and /dev/tpmrm0 after the echo. Output as below,
root at evb-ast2600:~# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device
[ 273.273089] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e
root at evb-ast2600:~#
root at evb-ast2600:~# find /sys | grep pcr
root at evb-ast2600:~#
root at evb-ast2600:~# ls /dev/tpm*
ls: /dev/tpm*: No such file or directory
root at evb-ast2600:~# dmesg | grep -i tpm
[ 6.290898] systemd[1]: systemd 253.1^ running in system mode (+PAM -AUDIT -SELINUX -APPARMOR -IMA -SMACK +SECCOMP -GCRYPT -GNUTLS -OPENSSL -ACL +BLKID -CURL -ELFUTILS -FIDO2 -IDN2 -IDN -IPTC -KMOD -LIBCRYPTSETUP +LIBFDISK -PCRE2 -PWQUALITY -P11KIT -QRENCODE -TPM2 -BZIP2 -LZ4 -XZ -ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON -UTMP -SYSVINIT default-hierarchy=unified)
[ 273.273089] i2c i2c-12: new_device: Instantiated device tpm_tis_i2c at 0x2e
root at evb-ast2600:~#
Stefan
>
>
> Thanks,
> Sandeep.
>
> -----Original Message-----
> From: Stefan Berger <stefanb at linux.ibm.com<mailto:stefanb at linux.ibm.com>>
> Sent: Thursday, May 4, 2023 7:30 PM
> To: Sandeep Kumar <sandeep.pkumar at tcs.com<mailto:sandeep.pkumar at tcs.com>>; Cédric Le Goater
> <clg at kaod.org<mailto:clg at kaod.org>>; openbmc at lists.ozlabs.org<mailto:openbmc at lists.ozlabs.org>; Ninad Palsule
> <ninad at linux.ibm.com<mailto:ninad at linux.ibm.com>>; Joel Stanley <jms at jms.id.au<mailto:jms at jms.id.au>>; Andrew Jeffery
> <andrew at aj.id.au<mailto:andrew at aj.id.au>>
> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on Qemu
>
> "External email. Open with Caution"
>
>
> On 5/4/23 05:12, Sandeep Kumar wrote:
>> TCS Confidential Hi C, I was able to build and run the image(for
>> evb-ast2600) with swtpm. Few issues observed, If I run with the
>> flash. img provided in your github link(https: //github.
>> com/legoater/qemu-aspeed-boot/tree/master/images) everything ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization.
>> ZjQcmQRYFpfptBannerEnd
>> TCS Confidential
>>
>> Hi C,
>> I was able to build and run the image(for evb-ast2600) with swtpm.
>> Few issues observed,
>>
>> 1. If I run with the flash.img provided in your github link(_https://github.com/legoater/qemu-aspeed-boot/tree/master/images_ <https://github.com/legoater/qemu-aspeed-boot/tree/master/images>) everything works as expected, i.e I get the below output.
>>
>> *# echo tpm_tis_i2c 0x2e > /sys/bus/i2c/devices/i2c-12/new_device*
>> *[ 182.735902] tpm_tis_i2c 12-002e: 2.0 TPM (device-id 0x1, rev-id
>> 1)* *[ 182.773885] i2c i2c-12: new_device: Instantiated device
>> tpm_tis_i2c at 0x2e*
>> *#*
>> *#*
>> *# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>> *B804724EA13F52A9072BA87FE8FDCC497DFC9DF9AA15B9088694639C431688E0*
>> *#*
>> *#*
>>
>> 2. If I run it with the locally built image, I get this error,
>
> Is the kernel configured in the same way? Are you using the same kernel version?
>>
>> *root at evb-ast2600:~# echo tpm_tis_i2c 0x2e >
>> /sys/bus/i2c/devices/i2c-12/new_device*
>> *[ 174.063597] i2c i2c-12: new_device: Instantiated device
>> tpm_tis_i2c at 0x2e*
>
> What is the output of this?
>
> find /sys/class/tpm | grep pcr
>
> Stefan
>
>> *root at evb-ast2600:~# cat /sys/class/tpm/tpm0/pcr-sha256/0*
>> *cat: can't open '/sys/class/tpm/tpm0/pcr-sha256/0': No such file or
>> directory*
>> *root at evb-ast2600:~#*
>> *root at evb-ast2600:~#*
>> Please do let me know about what has been done to write the values
>> into “*/sys/class/tpm/tpm0/pcr-sha256/0**” . * Thanks, Sandeep.
>> _____________________________________________
>> *From:* Sandeep Kumar
>> *Sent:* Thursday, April 20, 2023 5:45 PM
>> *To:* Cédric Le Goater <clg at kaod.org<mailto:clg at kaod.org>>; openbmc at lists.ozlabs.org<mailto:openbmc at lists.ozlabs.org>;
>> Ninad Palsule <ninad at linux.ibm.com<mailto:ninad at linux.ibm.com>>; Joel Stanley <jms at jms.id.au<mailto:jms at jms.id.au>>;
>> Andrew Jeffery <andrew at aj.id.au<mailto:andrew at aj.id.au>>
>> *Subject:* RE: Integrating swtpm(as a software TPM) with OpenBMC on
>> Qemu Hi C, How to build this image =>
>> *obmc-phosphor-image.rootfs.wic.qcow2* ? In openBmc build directory we don’t get this image built.
>> Also, remaining image formats used while running on qemu are available in the build directory. i.e fitImage-linux.bin, aspeed-bmc-ibm-rainier.dtb and obmc-phosphor-initramfs.rootfs.cpio.xz .
>> Please advise if we have to build openbmc stack in a different way
>> than the standard procedure. We follow the below steps for build, 1. .
>> setup Romulus 2. bitbake obmc-phosphor-image Thanks, Sandeep.
>> -----Original Message-----
>> From: Sandeep Kumar
>> Sent: Wednesday, April 19, 2023 3:00 PM
>> To: Cédric Le Goater <_clg at kaod.org_ <mailto:clg at kaod.org<mailto:_clg at kaod.org_%20%3cmailto:clg at kaod.org>>>;
>> _openbmc at lists.ozlabs.org_<mailto:_openbmc at lists.ozlabs.org_> <mailto:openbmc at lists.ozlabs.org>; Ninad
>> Palsule <_ninad at linux.ibm.com_ <mailto:ninad at linux.ibm.com<mailto:_ninad at linux.ibm.com_%20%3cmailto:ninad at linux.ibm.com>>>; Joel
>> Stanley <_jms at jms.id.au_ <mailto:jms at jms.id.au<mailto:_jms at jms.id.au_%20%3cmailto:jms at jms.id.au>>>; Andrew Jeffery
>> <_andrew at aj.id.au_ <mailto:andrew at aj.id.au<mailto:_andrew at aj.id.au_%20%3cmailto:andrew at aj.id.au>>>
>> Subject: RE: Integrating swtpm(as a software TPM) with OpenBMC on
>> Qemu Hi C, Got it working. Looks like slirp is no longer supported on
>> ubnutu 18.04. have upgraded to a newer version and is working now.
>> Thanks,
>> Sandeep.
>> -----Original Message-----
>> From: Cédric Le Goater <clg at kaod.org <mailto:clg at kaod.org<mailto:clg at kaod.org%20%3cmailto:clg at kaod.org>>>
>> Sent: Wednesday, April 19, 2023 2:26 PM
>> To: Sandeep Kumar <sandeep.pkumar at tcs.com
>> <mailto:sandeep.pkumar at tcs.com>>; openbmc at lists.ozlabs.org<mailto:openbmc at lists.ozlabs.org>
>> <mailto:openbmc at lists.ozlabs.org>; Ninad Palsule <ninad at linux.ibm.com
>> <mailto:ninad at linux.ibm.com>>; Joel Stanley <jms at jms.id.au
>> <mailto:jms at jms.id.au>>; Andrew Jeffery <andrew at aj.id.au
>> <mailto:andrew at aj.id.au>>
>> Subject: Re: Integrating swtpm(as a software TPM) with OpenBMC on
>> Qemu "External email. Open with Caution"
>> Hello Sandeep
>> On 4/18/23 09:45, Sandeep Kumar wrote:
>>> TCS Confidential
>>>
>>> Hi C,
>>> Built the qemu from your branch. Few issues, *$ ./qemu-system-arm -m
>>> 256 -M romulus-bmc -nographic -drive
>>> file=./obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd -net
>>> nic -net
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
>>> d
>>> =
>>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>> 1
>>> 2
>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu*
>>> *qemu-system-arm: -net
>>> user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:4443-:443,hostfw
>>> d
>>> =
>>> tcp:127.0.0.1:8880-:80,hostfwd=tcp:127.0.0.1:2200-:2200,hostfwd=udp:
>>> 1
>>> 2
>>> 7.0.0.1:6623-:623,hostfwd=udp:127.0.0.1:6664-:664,hostname=qemu:
>>> network backend 'user' is not compiled into this binary* I didn’t
>>> enable the slirp package I guess. So enabled it while running
>>> configure, *$ ../configure --enable-slirp*
>>> *........*
>>> *Run-time dependency slirp found: NO (tried pkgconfig)*
>>> *../meson.build:681:2: ERROR: Dependency "slirp" not found, tried
>>> pkgconfig* *A full log can be found at
>>> /home/tcs/work/sandeep/measured_boot/ibm_qemu/qemu/build/meson-logs/
>>> m
>>> e
>>> son-log.txt*
>>> *NOTICE: You are using Python 3.6 which is EOL. Starting with
>>> v0.62.0, Meson will require Python 3.7 or newer*
>>> *ERROR: meson setup failed*
>>> I have already installed slirp locally, but still getting the above error.
>> Did you install the libslirp-dev or libslirp-devel package ?
>> C.
>>
>> TCS Confidential
>>
>> =====-----=====-----=====
>> Notice: The information contained in this e-mail message and/or
>> attachments to it may contain confidential or privileged information.
>> If you are not the intended recipient, any dissemination, use,
>> review, distribution, printing or copying of the information
>> contained in this e-mail message and/or attachments to it are
>> strictly prohibited. If you have received this communication in
>> error, please notify us by reply e-mail or telephone and immediately
>> and permanently delete the message and any attachments. Thank you
>>
>
> TCS Confidential
TCS Confidential
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20230505/42b6fae3/attachment-0001.htm>
More information about the openbmc
mailing list