search

churchers / vm-bhyve

Shell based, minimal dependency bhyve manager
BSD 2-Clause "Simplified" License
822 stars 174 forks source link

tpm support #540

Open doubleddav opened 9 months ago

doubleddav commented 9 months ago

Since FreeBSD 14 release, bhyve now supports TPM passthrough and emulation, which is handy for recent versions of Windows.

Just wondering if this has or will be implemented into vm-bhyve?

Thanks

yaroslav-gwit commented 9 months ago

I am interested in trying this out too. Could you please point me to a man page, or a patch that shows more info on the bhyve TPM emulation? I couldn't find anything so far on this subject.

Once you know the raw bhyve flags, you can pass them in as a custom VM start string in vm-bhyve.

nunotexbsd commented 9 months ago

Hello,

I'm running vm-bhyve-devel with success with win11 using tpm. Don't forget to kldload tpm first.

loader="uefi"
graphics="yes"
graphics_res="1920x1080"
xhci_mouse="yes"
cpu=4
memory=4G

# put up to 8 disks on a single ahci controller.
# without this, adding a disk pushes the following network devices onto higher slot numbers,
# which causes windows to see them as a new interface
ahci_device_limit="8"

# ideally this should be changed to virtio-net and drivers installed in the guest
# e1000 works out-of-the-box

#network0_type="e1000"
network0_type="virtio-net"
network0_switch="public"

#disk0_type="ahci-hd"
#disk0_type="virtio-blk"
#disk0_type="virtio-scsi"

disk0_type="nvme"
disk0_name="disk0.img"

#disk1_type="ahci-cd"
#disk1_dev="custom"
#disk1_name="/home/nunotex/Downloads/virtio-win-0.1.240.iso"

# windows expects the host to expose localtime by default, not UTC
utctime="no"

# sound, tpm
bhyve_options="-s 1,hda,play=/dev/dsp -l tpm,passthru,/dev/tpm0"

#bhyve_options="-s 5:0,passthru,1/0/0" # sample

# nvidia passthru
#passthru0="1/0/0"
#passthru1="1/0/1"

uuid="af2a6d8d-9c0c-11ee-9989-002b67dfc673"
network0_mac="58:9c:fc:07:8e:fd"
nunotexbsd commented 9 months ago

(...) How I did install virtio drivers without setup from cd and how to install win11 with nvme: https://forums.FreeBSD.org/threads/bhyve-tpm-emulation.91254/post-633892

yaroslav-gwit commented 9 months ago

Doesn't the passthru mean that you can only use the tpm on a single VM exclusively?

nunotexbsd commented 9 months ago

Doesn't the passthu mean that you can only use the tpm on a single VM exclusively?

From https://wiki.freebsd.org/bhyve it supports passthru and emulation. Didn't try emulation. Since its not used by freebsd OS, I'm using it passthru.

For my way of thinking, since tpm is a hardware device we can use it in any vm (if computer has it). If system doesn't have it, emulation will be an option. (?)

yaroslav-gwit commented 9 months ago

Yeah that's the thing, Wiki page mentions the emulation but the man page says only passthru mode is supported. Which is a problem, if you want to use the TPM on multiple VMs at the same time.

GogoFC commented 7 months ago

I am interested in trying this out too. Could you please point me to a man page, or a patch that shows more info on the bhyve TPM emulation? I couldn't find anything so far on this subject.

Once you know the raw bhyve flags, you can pass them in as a custom VM start string in vm-bhyve.

I just use this on Bhyve and old Computers. It bypasses TPM and let's you install Win 11. https://github.com/AveYo/MediaCreationTool.bat I create a Windows 11 ISO file using that and it works on bhyve as well.