Sample Header Ad - 728x90

TPM2 in qemu running aarch64 alpine linux

2 votes
1 answer
140 views
kernel-modules qemu firmware alpine-linux tpm
I want to run an Alpine Linux VM and want to connect the host's TPM to the VM. The host is x86_64 based. The command for qemu is 
qemu-system-aarch64 \
    -m 1024 -cpu cortex-a57 -M virt \
    -bios /usr/share/qemu-efi-aarch64/QEMU_EFI.fd \
    -drive file=disk.qcow2,if=virtio,format=qcow2 \
    -cdrom alpine-3.21.3-aarch64.iso \
    -nographic \
    -device virtio-net-device,netdev=n0 \
    -netdev user,id=n0 \
    -tpmdev type=passthrough,id=tpm0,path=/dev/tpmrm0,cancel-path=/dev/tpmrm0 \
    -device tpm-tis-device,tpmdev=tpm0
As for the installation disk alpine-3.21.3-aarch64.iso, I have tried both the "standard" and the "virt" version from here . They both boot fine and also the installation works, but from neither I can access the host's tpm. On the host, the TPM works fine, as I can test for example using tpm2_getrandom 8 --hex and from the fact that /dev/tpm0 and /dev/tpmrm0 exist. On the VM, those two devices do not exist and I cannot get it to work. Here some debugging output from the VM: 
$ dmesg | grep -i tpm
[    0.000000] efi: SMBIOS 3.0=0x7fed0000 TPMFinalLog=0x7c3e0000 MEMATTR=0x7e227018 ACPI 2.0=0x7c3d0018 TPMEventLog=0x7c3d9098 INITRD=0x7c3c9b18 MEMRESERVE=0x7c3c9b98 
[    0.000000] ACPI: TPM2 0x000000007C3DE898 00004C (v04 BOCHS  BXPC     00000001 BXPC 00000001)
I had already added the kernel module tpm_tis_spi to /etc/modules. This is why I see: 
$ lsmod | grep -i tpm
tpm_tis_spi            20480  0
tpm_tis_core           28672  1 tpm_tis_spi
tpm                   102400  2 tpm_tis_core,tpm_tis_spi
rng_core               20480  1 tpm
There seem to be some drivers available: 
$ find /lib/modules/$(uname -r) -name '*tpm*'
/lib/modules/6.12.16-0-lts/kernel/drivers/char/tpm
/lib/modules/6.12.16-0-lts/kernel/drivers/char/tpm/tpm.ko.gz
/lib/modules/6.12.16-0-lts/kernel/drivers/char/tpm/tpm_tis_spi.ko.gz
/lib/modules/6.12.16-0-lts/kernel/drivers/char/tpm/tpm_tis_core.ko.gz
/lib/modules/6.12.16-0-lts/kernel/drivers/char/tpm/tpm_atmel.ko.gz
/lib/modules/6.12.16-0-lts/kernel/drivers/char/tpm/xen-tpmfront.ko.gz
/lib/modules/6.12.16-0-lts/kernel/drivers/char/tpm/tpm_infineon.ko.gz
/sys/class/tpm/ and /sys/class/tpmrm/ exist, but are empty. On the host, from tpm2_getcap properties-fixed I figured out that the TPM is an Infineon SLB9670. On the VM, this only gives an error message (as currently expected): 
$ tpm2_getcap properties-fixed
ERROR:tcti:src/tss2-tcti/tcti-device.c:455:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:149:tcti_from_file() Could not initialize TCTI file: device 
ERROR:tcti:src/tss2-tcti/tctildr.c:477:tctildr_init_context_data() Failed to instantiate TCTI 
ERROR: Could not load tcti, got: "(null)"
What am I missing?
Asked by HerpDerpington (195 rep)
Feb 21, 2025, 07:26 PM
Last activity: Feb 26, 2025, 04:19 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "kernel-modules"
More questions tagged "qemu"
More questions tagged "firmware"
Footer Ad - 728x90