|
| 1 | +# Introduction |
| 2 | +End-to-end development with physical hardware can be challenging due to a myriad |
| 3 | +of factors. Things like persistent state, physical wear, slow and difficult |
| 4 | +to update hardware bugs, lagging features, etc can pose additional hurdles to |
| 5 | +development tasks. |
| 6 | + |
| 7 | +A potential way to overcome this, is to use [QEMU](https://www.qemu.org) instance with an attached |
| 8 | +virtualized TPM2.0 device. This device is made available to the guest OS, and |
| 9 | +with the appropriate versions of Linux, will expose the familiar /dev/tpm0 |
| 10 | +and /dev/tpmrm0 interfaces. |
| 11 | + |
| 12 | +In this brief tutorial, we provide instructions on how to build such a system by leveraging other documentation as required. |
| 13 | + |
| 14 | +# Prerequisites |
| 15 | +Prior art does exist on this topic, and details used in this tutorial have references from |
| 16 | +the following resources: |
| 17 | + - https://www.qemu.org/docs/master/specs/tpm.html |
| 18 | + - https://graspingtech.com/ubuntu-desktop-18.04-virtual-machine-macos-qemu/ |
| 19 | + |
| 20 | +## Install the proper TPM2.0 Simulator |
| 21 | + |
| 22 | +In this tutorial, we demonstrate how to leverage the [swtpm](https://github.com/stefanberger/swtpm) as the TPM simulator. |
| 23 | +The project wiki has instructions for building and installing the simulator and its dependency, [libtpms](https://github.com/stefanberger/libtpms). |
| 24 | + |
| 25 | +## Install QEMU |
| 26 | + |
| 27 | +Next, you need to install QEMU. This is operating system dependent. Details on installing |
| 28 | +QEMU can be found by visiting their website: |
| 29 | + - https://www.qemu.org/ |
| 30 | + |
| 31 | +**The minimum version of QEMU to support this is 4.0. In this tutorial, the author tested with version 5.2.** |
| 32 | + |
| 33 | +# Install The Guest OS |
| 34 | + |
| 35 | +The author installed Ubuntu 20.04, so the commands will be specific to that ISO, but another ISO |
| 36 | +could be substituted. Additionally, the naming convention on things like hard-drive could be changed |
| 37 | +to reflect your environment more closely. |
| 38 | + |
| 39 | +Install the guest OS. This will be guest-OS specific. The general commands are to build |
| 40 | +a virtual disk: |
| 41 | +```console |
| 42 | +qemu-img create -f qcow2 ubuntu-20.04-amd64.img 30G |
| 43 | +``` |
| 44 | + |
| 45 | +Then attach it to a VM and start it with the installation media, usually an ISO: |
| 46 | +```console |
| 47 | +qemu-system-x86_64 -hda ~/qemu-images/ubuntu-20.04-amd64.img -boot d -cdrom ~/Downloads/ubuntu-20.04.1-desktop-amd64.iso -m 2048 -enable-kvm |
| 48 | +``` |
| 49 | + |
| 50 | +# Start the Guest with a TPM2.0 Device |
| 51 | + |
| 52 | +Now start the guest with a virtualized TPM2.0 device. To do this, one needs to start the SWTPM simulator in tpm2 mode using the option |
| 53 | +`--tpm2`, like so: |
| 54 | +```console |
| 55 | +mkdir /tmp/emulated_tpm |
| 56 | +swtpm socket --tpmstate dir=/tmp/emulated_tpm --ctrl type=unixio,path=/tmp/emulated_tpm/swtpm-sock --log level=20 --tpm2 |
| 57 | +``` |
| 58 | + |
| 59 | +Then start the guest: |
| 60 | +```console |
| 61 | +qemu-system-x86_64 -hda ~/qemu-images/ubuntu-20.04-amd64.img -boot d -m 2048 -enable-kvm \ |
| 62 | + -chardev socket,id=chrtpm,path=/tmp/emulated_tpm/swtpm-sock \ |
| 63 | + -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0 |
| 64 | +``` |
| 65 | + |
| 66 | +Now verify that the device nodes are present in the guest VM by opening a console and running the following command: |
| 67 | +```console |
| 68 | +ls /dev/tpm* |
| 69 | +``` |
| 70 | + |
| 71 | +You should see `/dev/tpm0` and `/dev/tpmrm0` devices in the output of the `ls` command. |
| 72 | + |
| 73 | +# Conclusion |
| 74 | + |
| 75 | +One of the major benefits to the emulated environment is being able to test end-to-end development without the need for physical |
| 76 | +hardware and it's associated drawbacks across a wide variety of environments. QEMU has the ability to emulate multiple physical |
| 77 | +CPU architectures. Couple that with the ability to install a wide array of operating systems, and you have a flexible system for |
| 78 | +debugging and building new features from the lowest portions of the stack all they way to end client applications. |
| 79 | + |
| 80 | +# Author |
| 81 | +William Roberts |
0 commit comments