* [Qemu-devel] [Bug 1716132] [NEW] Win 10 bitlocker won't initialise pass-through TPM
@ 2017-09-09 14:05 Kelvin Middleton
2017-09-11 15:44 ` Stefan Berger
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Kelvin Middleton @ 2017-09-09 14:05 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
All stock Ubuntu Zesty, Win10Pro KVM guest configured with OVMF and Q35.
My host has an ASRock Z97 Extreme 6 board with a TPM header which is
populated with v1.2 complaint device.
Testing in my host the TPM device is function, I can tpm_takeownership
and tpm_clear successfully and similar testing by passing the device
through to a linux guest also succeeds.
However using Bitlocker in Windows 10 Pro release 1703 Windows advises
it cannot "Prepare" the device which I take to mean it cannot take
ownership of it. I believe this to be related to Windows inability to
view the TCG Event Log which is evidenced in the below 2 screencaps,
however I'm no expert.
https://s26.postimg.org/vter35eh5/Screenshot_20170907_114644.png
https://s26.postimg.org/klo854qyx/Screenshot_20170909_143841.png
I've also tested the scenario with qemu 2.10 which provided the exact
same results. The only difference in the test setup is that I had to
make the guest boot with SeaBios instead of OVMF. (Windows wouldn't
boot with OVMF with the boot manager giving me an error pointing to a
BCD issue. Researching this it seemed related to an old ACPI problem, I
believe this unrelated to my TPM issue so will do more research and
raise a separate bug for this if needed.)
Happy to provide further configurations and build logs as necessary so
please advise me what is needed.
Lastly for background reading. I've been trying to get TPM passthrough
working with Windows for a long time now and have hit several different
issues which I believe have been addressed by both code maturity in Qemu
but also in Windows releases. An earlier bug report can be found here
(https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1615722) which
concludes advising me to raise this new/separate issue.
Thanks in advance,
Kelvin
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1716132
Title:
Win 10 bitlocker won't initialise pass-through TPM
Status in QEMU:
New
Bug description:
All stock Ubuntu Zesty, Win10Pro KVM guest configured with OVMF and
Q35. My host has an ASRock Z97 Extreme 6 board with a TPM header
which is populated with v1.2 complaint device.
Testing in my host the TPM device is function, I can tpm_takeownership
and tpm_clear successfully and similar testing by passing the device
through to a linux guest also succeeds.
However using Bitlocker in Windows 10 Pro release 1703 Windows advises
it cannot "Prepare" the device which I take to mean it cannot take
ownership of it. I believe this to be related to Windows inability to
view the TCG Event Log which is evidenced in the below 2 screencaps,
however I'm no expert.
https://s26.postimg.org/vter35eh5/Screenshot_20170907_114644.png
https://s26.postimg.org/klo854qyx/Screenshot_20170909_143841.png
I've also tested the scenario with qemu 2.10 which provided the exact
same results. The only difference in the test setup is that I had to
make the guest boot with SeaBios instead of OVMF. (Windows wouldn't
boot with OVMF with the boot manager giving me an error pointing to a
BCD issue. Researching this it seemed related to an old ACPI problem,
I believe this unrelated to my TPM issue so will do more research and
raise a separate bug for this if needed.)
Happy to provide further configurations and build logs as necessary so
please advise me what is needed.
Lastly for background reading. I've been trying to get TPM
passthrough working with Windows for a long time now and have hit
several different issues which I believe have been addressed by both
code maturity in Qemu but also in Windows releases. An earlier bug
report can be found here
(https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1615722) which
concludes advising me to raise this new/separate issue.
Thanks in advance,
Kelvin
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1716132/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [Bug 1716132] [NEW] Win 10 bitlocker won't initialise pass-through TPM
2017-09-09 14:05 [Qemu-devel] [Bug 1716132] [NEW] Win 10 bitlocker won't initialise pass-through TPM Kelvin Middleton
@ 2017-09-11 15:44 ` Stefan Berger
2020-11-09 18:32 ` [Bug 1716132] " Thomas Huth
2021-01-09 4:17 ` Launchpad Bug Tracker
2 siblings, 0 replies; 4+ messages in thread
From: Stefan Berger @ 2017-09-11 15:44 UTC (permalink / raw)
To: Bug 1716132, qemu-devel, kelvin.middleton
On 09/09/2017 10:05 AM, Kelvin Middleton wrote:
> Public bug reported:
>
> All stock Ubuntu Zesty, Win10Pro KVM guest configured with OVMF and Q35.
> My host has an ASRock Z97 Extreme 6 board with a TPM header which is
> populated with v1.2 complaint device.
>
> Testing in my host the TPM device is function, I can tpm_takeownership
> and tpm_clear successfully and similar testing by passing the device
> through to a linux guest also succeeds.
>
> However using Bitlocker in Windows 10 Pro release 1703 Windows advises
> it cannot "Prepare" the device which I take to mean it cannot take
> ownership of it. I believe this to be related to Windows inability to
> view the TCG Event Log which is evidenced in the below 2 screencaps,
> however I'm no expert.
>
> https://s26.postimg.org/vter35eh5/Screenshot_20170907_114644.png
> https://s26.postimg.org/klo854qyx/Screenshot_20170909_143841.png
There's no event log when you were to use it with SeaBIOS. I don't know
about OVMF.
SeaBIOS, once it recognizes that the device has already been
initialized, presumably by the host, will back off from using the device
and extending PCRs 0-7. Extending them would otherwise mess up the state
of the PCRs which has to correspond to the host's BIOS log entries. OVMF
should probably behave the same way in this case. The problem the is
that this can lead to certain software inside of VMs not working.
Bitlocker may be one of them.
The solution that would probably get you the farthest is to use a
software TPM emulator, possibly with SeaBIOS as the firmware if Windows
10 accepts it. The issue here is that the patches implementing the TPM
emulator driver are not commonly available upstream.
Stefan
>
> I've also tested the scenario with qemu 2.10 which provided the exact
> same results. The only difference in the test setup is that I had to
> make the guest boot with SeaBios instead of OVMF. (Windows wouldn't
> boot with OVMF with the boot manager giving me an error pointing to a
> BCD issue. Researching this it seemed related to an old ACPI problem, I
> believe this unrelated to my TPM issue so will do more research and
> raise a separate bug for this if needed.)
>
> Happy to provide further configurations and build logs as necessary so
> please advise me what is needed.
>
> Lastly for background reading. I've been trying to get TPM passthrough
> working with Windows for a long time now and have hit several different
> issues which I believe have been addressed by both code maturity in Qemu
> but also in Windows releases. An earlier bug report can be found here
> (https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1615722) which
> concludes advising me to raise this new/separate issue.
>
> Thanks in advance,
>
> Kelvin
>
> ** Affects: qemu
> Importance: Undecided
> Status: New
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 1716132] Re: Win 10 bitlocker won't initialise pass-through TPM
2017-09-09 14:05 [Qemu-devel] [Bug 1716132] [NEW] Win 10 bitlocker won't initialise pass-through TPM Kelvin Middleton
2017-09-11 15:44 ` Stefan Berger
@ 2020-11-09 18:32 ` Thomas Huth
2021-01-09 4:17 ` Launchpad Bug Tracker
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Huth @ 2020-11-09 18:32 UTC (permalink / raw)
To: qemu-devel
The QEMU project is currently considering to move its bug tracking to another system. For this we need to know which bugs are still valid and which could be closed already. Thus we are setting older bugs to "Incomplete" now.
If you still think this bug report here is valid, then please switch the state back to "New" within the next 60 days, otherwise this report will be marked as "Expired". Thank you and sorry for the inconvenience.
** Changed in: qemu
Status: New => Incomplete
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1716132
Title:
Win 10 bitlocker won't initialise pass-through TPM
Status in QEMU:
Incomplete
Bug description:
All stock Ubuntu Zesty, Win10Pro KVM guest configured with OVMF and
Q35. My host has an ASRock Z97 Extreme 6 board with a TPM header
which is populated with v1.2 complaint device.
Testing in my host the TPM device is function, I can tpm_takeownership
and tpm_clear successfully and similar testing by passing the device
through to a linux guest also succeeds.
However using Bitlocker in Windows 10 Pro release 1703 Windows advises
it cannot "Prepare" the device which I take to mean it cannot take
ownership of it. I believe this to be related to Windows inability to
view the TCG Event Log which is evidenced in the below 2 screencaps,
however I'm no expert.
https://s26.postimg.org/vter35eh5/Screenshot_20170907_114644.png
https://s26.postimg.org/klo854qyx/Screenshot_20170909_143841.png
I've also tested the scenario with qemu 2.10 which provided the exact
same results. The only difference in the test setup is that I had to
make the guest boot with SeaBios instead of OVMF. (Windows wouldn't
boot with OVMF with the boot manager giving me an error pointing to a
BCD issue. Researching this it seemed related to an old ACPI problem,
I believe this unrelated to my TPM issue so will do more research and
raise a separate bug for this if needed.)
Happy to provide further configurations and build logs as necessary so
please advise me what is needed.
Lastly for background reading. I've been trying to get TPM
passthrough working with Windows for a long time now and have hit
several different issues which I believe have been addressed by both
code maturity in Qemu but also in Windows releases. An earlier bug
report can be found here
(https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1615722) which
concludes advising me to raise this new/separate issue.
Thanks in advance,
Kelvin
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1716132/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug 1716132] Re: Win 10 bitlocker won't initialise pass-through TPM
2017-09-09 14:05 [Qemu-devel] [Bug 1716132] [NEW] Win 10 bitlocker won't initialise pass-through TPM Kelvin Middleton
2017-09-11 15:44 ` Stefan Berger
2020-11-09 18:32 ` [Bug 1716132] " Thomas Huth
@ 2021-01-09 4:17 ` Launchpad Bug Tracker
2 siblings, 0 replies; 4+ messages in thread
From: Launchpad Bug Tracker @ 2021-01-09 4:17 UTC (permalink / raw)
To: qemu-devel
[Expired for QEMU because there has been no activity for 60 days.]
** Changed in: qemu
Status: Incomplete => Expired
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1716132
Title:
Win 10 bitlocker won't initialise pass-through TPM
Status in QEMU:
Expired
Bug description:
All stock Ubuntu Zesty, Win10Pro KVM guest configured with OVMF and
Q35. My host has an ASRock Z97 Extreme 6 board with a TPM header
which is populated with v1.2 complaint device.
Testing in my host the TPM device is function, I can tpm_takeownership
and tpm_clear successfully and similar testing by passing the device
through to a linux guest also succeeds.
However using Bitlocker in Windows 10 Pro release 1703 Windows advises
it cannot "Prepare" the device which I take to mean it cannot take
ownership of it. I believe this to be related to Windows inability to
view the TCG Event Log which is evidenced in the below 2 screencaps,
however I'm no expert.
https://s26.postimg.org/vter35eh5/Screenshot_20170907_114644.png
https://s26.postimg.org/klo854qyx/Screenshot_20170909_143841.png
I've also tested the scenario with qemu 2.10 which provided the exact
same results. The only difference in the test setup is that I had to
make the guest boot with SeaBios instead of OVMF. (Windows wouldn't
boot with OVMF with the boot manager giving me an error pointing to a
BCD issue. Researching this it seemed related to an old ACPI problem,
I believe this unrelated to my TPM issue so will do more research and
raise a separate bug for this if needed.)
Happy to provide further configurations and build logs as necessary so
please advise me what is needed.
Lastly for background reading. I've been trying to get TPM
passthrough working with Windows for a long time now and have hit
several different issues which I believe have been addressed by both
code maturity in Qemu but also in Windows releases. An earlier bug
report can be found here
(https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1615722) which
concludes advising me to raise this new/separate issue.
Thanks in advance,
Kelvin
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1716132/+subscriptions
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-01-09 4:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-09 14:05 [Qemu-devel] [Bug 1716132] [NEW] Win 10 bitlocker won't initialise pass-through TPM Kelvin Middleton
2017-09-11 15:44 ` Stefan Berger
2020-11-09 18:32 ` [Bug 1716132] " Thomas Huth
2021-01-09 4:17 ` Launchpad Bug Tracker
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.