JustKernel

swTPM: SWTPM package provides TPM emulators with different front-end interfaces to libtpms. TPM emulators provide socket interfaces (TCP/IP) and the Linux CUSE interface for the creation of multiple native /dev/vtpm* devices. Those can be the targets of multiple QEMU cuse-tpm instances.
https://github.com/stefanberger/swtpm, master branch. tpm2 branch for TPM 2.0 implementation.
tpm-tools: tpm-tools is an open-source package designed to enable user and application enablement of Trusted Computing using a Trusted Platform Module (TPM), similar to a smart card environment.
The tpm-tools package contains commands to allow the platform administrator the ability to manage and diagnose the platform’s TPM.
https://github.com/srajiv/tpm-tools

trousers:
Trousers is an open-source TCG Software Stack (TSS).
https://github.com/srajiv/trousers

SeaBIOS with TPM patches:
Component Dependencies:
FUSE : git clone https://github.com/libfuse/libfuse.git
nspr: git clone https://github.com/servo/nspr.git
git clone https://github.com/servo/nspr.git
gettext and gettext-devel
automake
automake
autoconf
bash
coreutils
expect
libtool
sed
libtpms
libtpms-devel
fuse
fuse-devel
glib2
glib2-devel
gmp
gmp-devel
nss-devel
net-tools
selinux-policy-devel
gnutls
gnutls-devel
libtasn1
libtasn1-tools
libtasn1-devel
rpm-build (to build RPMs)

Compilation:
QEMU with TPM: straightforward . ./configure and make
tpm-tools:
$ sh bootstrap.sh
$ sudo apt install autopoint
$ make , make install
trousers:
$ sh bootstrap.sh
$ ./configure [–enable-debug] [–enable-gprof] [–enable-gcov]
$ make
# make install
swtpm :
$ ./bootstrap.sh
./configure –prefix=/usr
make
make check
make install
Execution:
Initialize two vTPMs’ initial state with an EK each:

# mkdir /tmp/myvtpm0
# chown -R tss:root /tmp/myvtpm0
# swtpm_setup –tpm-state /tmp/myvtpm0 –createek

# mkdir /tmp/myvtpm1
# chown -R tss:root /tmp/myvtpm1
# swtpm_setup –tpm-state /tmp/myvtpm1 –createek

Start the vTPM to use it with QEMU:

# export TPM_PATH=/tmp/myvtpm0
# swtpm_cuse -n vtpm0

# export TPM_PATH=/tmp/myvtpm1
# swtpm_cuse -n vtpm1

Running QEMU with the cuse-tpm:

There are two needed options for the passthrough -tpmdev and -device as shown in these examples. Note that the “path” parameter points to the native (/dev/vtpm0…) path, while the id and tpmdev are the guest’s view.

$ qemu-system-x86_64 -display sdl -enable-kvm -cdrom cdrom.iso \
-m 1024 -boot d -bios bios.bin -boot menu=on -tpmdev \
cuse-tpm,id=tpm0,path=/dev/vtpm0 \
-device tpm-tis,tpmdev=tpm0 test.img

$ qemu-system-x86_64 -display sdl -enable-kvm -cdrom cdrom.iso \
-m 1024 -boot d -bios bios.bin -boot menu=on -tpmdev \
cuse-tpm,id=tpm1,path=/dev/vtpm1 \
-device tpm-tis,tpmdev=tpm1 test2.img

Tags: software TPM, swtpm