TPM2 event log inside libvirt Guest (missing /sys/kernel/security/tpm0/)

Question

TPM2 event log inside libvirt Guest (missing /sys/kernel/security/tpm0/)

pefeigl opened this issue a year ago · 9 comments

Describe the bug

I'm running a libvirt VM with a software TPM2 (via swtpm). I can access the PCRs fine, however I don't see /sys/kernel/security/tpm0 (nor the binary event log file inside it). I've tried both tpm-tis and tpm-crb, neither seems to help. Guest is Debian Bookworm (verified on some actual hardware that the directory and file show up on that kernel at all).

Required: To Reproduce (without these steps your issue may be deleted)

Create a new libvirt VM, edit the definition:

    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'/>
    </tpm>

Start the VM, check for /sys/kernel/security/tpm0/

Expected behavior

I'd love to read the TPM2 event log (via tpm2_eventlog).

Desktop (please complete the following information):

Guest:
OS: Debian
Version 12 (Bookworm)
Host:
- OS: Arch

Versions of relevant components
(All on the Arch Host, not in the Debian Guest)

swtpm: 0.8.1-1 [TPM emulator version 0.8.1, Copyright (c) 2014-2022 IBM Corp. and others]
libtpms: 0.9.6-1
openssl: 3.1.3-1
gnutls: 3.8.1-2
...:

Log files

Starting vTPM manufacturing as tss:tss @ Tue 03 Oct 2023 12:52:01 PM CEST
Successfully created RSA 2048 EK with handle 0x81010001.
  Invoking /usr/bin/swtpm_localca --type ek --ek cc7ff23efd1ae26606acbbde5c14e4db3c0941682faeb4e6b9a60959f71f43eb684298468e2107ea03c4044845a3c2a2cf4eff12885b16c50cba18c60bd9c11d28a0f59a1fbfb7e3b697aad9fb07a2bc2995bbf0ce293564edb97c789b8d13e68466c96ed5222d92e4a885a8f2db56440f03fa32c0bb68abde0fd265781be8b41ed0fa28a4f1b55f62d3fe927dc9adfea31adde38a08e8aa2ee3bb75dd84cb2f7278e0a6a729bd7121dd950e9409f54c0d984c93de87a212d160813d08fac58cf58a0b76b6a6be170adcba4d5f87fb74a5127b517b1663f6ded9f45a83b9146e8f3a83455cf14391663bbdeab90c0b684fbd8e0e2be8f04140b4dade2735f815 --dir /tmp/swtpm_setup.certs.ZKWWB2 --logfile /var/log/swtpm/libvirt/qemu/ved-swtpm.log --vmid ved:78e2a87a-cdf9-41a3-a8a4-b70be41bd26f --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Successfully created EK certificate locally.
  Invoking /usr/bin/swtpm_localca --type platform --ek cc7ff23efd1ae26606acbbde5c14e4db3c0941682faeb4e6b9a60959f71f43eb684298468e2107ea03c4044845a3c2a2cf4eff12885b16c50cba18c60bd9c11d28a0f59a1fbfb7e3b697aad9fb07a2bc2995bbf0ce293564edb97c789b8d13e68466c96ed5222d92e4a885a8f2db56440f03fa32c0bb68abde0fd265781be8b41ed0fa28a4f1b55f62d3fe927dc9adfea31adde38a08e8aa2ee3bb75dd84cb2f7278e0a6a729bd7121dd950e9409f54c0d984c93de87a212d160813d08fac58cf58a0b76b6a6be170adcba4d5f87fb74a5127b517b1663f6ded9f45a83b9146e8f3a83455cf14391663bbdeab90c0b684fbd8e0e2be8f04140b4dade2735f815 --dir /tmp/swtpm_setup.certs.ZKWWB2 --logfile /var/log/swtpm/libvirt/qemu/ved-swtpm.log --vmid ved:78e2a87a-cdf9-41a3-a8a4-b70be41bd26f --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Successfully created platform certificate locally.
Successfully created NVRAM area 0x1c00002 for RSA 2048 EK certificate.
Successfully created NVRAM area 0x1c08000 for platform certificate.
Successfully created ECC EK with handle 0x81010016.
  Invoking /usr/bin/swtpm_localca --type ek --ek x=f230bdf4bea23dfcaf56bf4e8f6ac0c6900afcf99ead8e3f69be0a98fc4b425fea94d852708591c7971161bda9f4ed62,y=086c8a4f5150d07c5f39e12e4b51ed0769ac23df8a84e00e4968bf79629814f79c7fd76f1840d310eae4288d8b79f71f,id=secp384r1 --dir /tmp/swtpm_setup.certs.ZKWWB2 --logfile /var/log/swtpm/libvirt/qemu/ved-swtpm.log --vmid ved:78e2a87a-cdf9-41a3-a8a4-b70be41bd26f --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Successfully created EK certificate locally.
Successfully created NVRAM area 0x1c00016 for ECC EK certificate.
Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512.
Successfully authored TPM state.
Ending vTPM manufacturing @ Tue 03 Oct 2023 12:52:01 PM CEST

Additional context
Is this a general problem, or should I be able to get the TPM2 event log?

Thanks a lot for providing this excellent library / daemon!

Answer 1 · 2023-10-03T14:13:49.000Z

Is securityfs mounted on your system? If not try

mount -t securityfs /sys/kernel/security /sys/kernel/security

Answer 2 · 2023-10-03T15:00:12.000Z

Yes, I see other directories, just not tpm0. Might this be related to the UEFI implementation that libvirt/qemu uses?

# mount | grep security
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
# ls /sys/kernel/security/
apparmor  evm  ima  integrity  lockdown  lsm  tomoyo
# dmesg | grep -i tpm
[    0.000000] efi: SMBIOS=0x7e7d4000 SMBIOS 3.0=0x7e7d2000 TPMFinalLog=0x7e9e6000 ACPI=0x7e97d000 ACPI 2.0=0x7e97d014 MEMATTR=0x7d146018 MOKvar=0x7e7b5000 
[    0.008693] ACPI: TPM2 0x000000007E976000 00004C (v04 BOCHS  BXPC     00000001 BXPC 00000001)
[    0.013792] ACPI: Reserving TPM2 table memory at [mem 0x7e976000-0x7e97604b]
[    1.504678] systemd[1]: systemd 252.12-1~deb12u1 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)

Answer 3 · 2023-10-03T15:25:17.000Z

Might this be related to the UEFI implementation that libvirt/qemu uses?

That's quite possible. Have you tried with Fedora or Ubuntu in a VM ?

Answer 4 · 2023-10-03T15:30:05.000Z

Not yet, I'll do that asap.

Answer 5 · 2023-10-03T17:57:02.000Z

EDIT: my fault, it actually is there in Debian Testing as well as the netinst Bookworm. I've been using the cloudimage bases, maybe that's the problem. I'll play around more, maybe I'm doing something wrong in setting up the VM...

OK, it's there on Ubuntu 22.04, but it's not there on Debian Trixie (= Testing). Any ideas how to get it on Debian? It seems to not be qemu's fault with the UEFI firmware, as it does work with Ubuntu :-/

Answer 6 · 2023-10-03T18:19:21.000Z

For Linux it's a compile-time option CONFIG_EFI ( https://elixir.bootlin.com/linux/latest/source/drivers/char/tpm/Makefile#L20 ). Maybe the cloud image doesn't assume EFI and the kernel there has been compiled without support for ?

Answer 7 · 2023-10-03T19:06:24.000Z

hm.. I think it's related to qemu + uefi in some way, it works for BIOS boots on all images, but not for UEFI.. so this is probably unrelated to swtpm, right?

Answer 8 · 2023-10-03T20:09:57.000Z

Yes, this is completely unrelated to swtpm. However, I remember that there was a version of QEMU where UEFI didn't have the TPM support compiled in. You may want to enter the UEFI menu (press ESC during startup) and check whether it has TPM 2 support as a choice: Device Manger -> TCG2 Configuration. If it's not there then your UEFI doesn't have TPM 2 support...

Answer 9 · 2023-10-04T07:21:16.000Z

ok, after more trying, everything works fine under ubuntu and fedora, but not under debian. I'm closing this, as it seems to be completely unrelated to swtmp, thanks for your patience and help.