QEMU

Windows 10 reports no compatible TPM found yet device manager shows it?

Bug #1615823 reported by Kelvin Middleton
32
This bug affects 5 people
Affects Status Importance Assigned to Milestone
QEMU
Expired
Undecided
Unassigned

Bug Description

Ubuntu 16.04 with stock kvm, libvirt, ovmf
Qemu 2.5 installed from stock ubuntu ppa
Qemu 2.6.1 built from tarball.
Qemu 2.7.0-rc4 built from tarball.

Windows 10 guest reports a TPM device is installed and the driver functional under Device Manager-->Security Devices. TPM Administrator however advises no compatible TPM chip can be found.

Qemu 2.5 is buggy and prevents the guest loading the TPM driver, this was addressed by http://git.qemu.org/?p=qemu.git;a=commit;h=2b1c2e8e5f1990f0a201a8cbf9d366fca60f4aa8

Have tested the below cmd out on both qemu-2.6.1 and qemu-2.7.0-rc4, both suffer the same problem. My TPM is most certainly compatible as installing Win10Pro onto the same host as bare metal provides me the desired and expected functionality aka Bitlocker and TPM Administrator work.

sudo ./qemu-system-x86_64 \
-enable-kvm \
-machine q35 \
-cpu host \
-m 4096 \
-smp 4,sockets=1,cores=2,threads=2 \
-device i82801b11-bridge,id=pci.1,bus=pcie.0,addr=0x1e \
-device pci-bridge,chassis_nr=2,id=pci.2,bus=pci.1,addr=0x1 \
-device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vgamem_mb=16,bus=pcie.0,addr=0x2 \
-drive file=/usr/share/qemu/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \
-drive file=/mnt/120GB_SSD/wintpm_VARS.fd,if=pflash,format=raw,unit=1 \
-drive file=/mnt/120GB_SSD/wintpm.qcow2,format=qcow2,if=none,id=drive-virtio-disk0 \
-device virtio-blk-pci,scsi=off,bus=pci.2,addr=0x3,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=2 \
-drive file="/mnt/share/Filestorage/Images/Microsoft Windows 10 Pro x64.iso",format=raw,if=none,media=cdrom,id=drive-sata0-0-0,readonly=on \
-device ide-cd,bus=ide.0,drive=drive-sata0-0-0,id=sata0-0-0 \
-drive file=/mnt/share/Filestorage/Images/virtio-win-0.1.117.iso,format=raw,if=none,media=cdrom,id=drive-sata0-0-1,readonly=on \
-device ide-cd,bus=ide.1,drive=drive-sata0-0-1,id=sata0-0-1 \
-tpmdev passthrough,id=tpm-tpm0,path=/dev/tpm0,cancel-path=/sys/class/tpm/tpm0/device/cancel \
-device tpm-tis,tpmdev=tpm-tpm0,id=tpm0

Revision history for this message
Kelvin Middleton (kelvin-middleton) wrote :

Hi, any chance of this bug getting triaged anytime soon? I've posted to the qemu-devel mailing list twice but no response. Am keen to resolve this soon if its user error or not so if its a bonafide bug?

Thanks,

Kelvin

Revision history for this message
Markus Heberling (markus-tisoft) wrote :

I have the same problem with Windows 10 Enterprise running under qemu-2.5.0-9.fc23.1.tpmfix (which is the qemu version containing the fix you mentioned above.) on fedora 23. The same qemu version runs windows 7 enterprise with TPM just fine. So there seems to be some change in the way Windows uses TPM between 7 and 10.

Revision history for this message
Kelvin Middleton (kelvin-middleton) wrote :

Hey, I bug out my own Win7 Ultimate iso and have the same results as Markus i.e. TPM Admin correctly see's the TPM chip installed and allows me to Initialise and generally manage it which is as per expectations but obviously different to what Windows 10 shows.

I'm using Ubuntu 16.04 but building qemu 2.7.0 to test the guests with.

Revision history for this message
Kelvin Middleton (kelvin-middleton) wrote :

So I used the Windows Media Creation tool to generate a more recent ISO which resulted in a date stamp of July-16. Using this Win10Pro image my TPM is now recognised by the TPM Administrator, I re-tested my older ISO in the same guest and this still had the problem so conclusive enough for me.

Still using 2.7.0 git tag built from source tree

Revision history for this message
Nelson Chan (nelson-bigmouth) wrote :

I can get the TPM device working in Windows 10 after I upgrade Windows to version 1607. My qemu is still 2.6.1 from ubuntu 16.10.

Revision history for this message
Kelvin Middleton (kelvin-middleton) wrote :

@Nelson, please can you provide a little more info as I'm still having problems with TPM preparation in Windows. What make and version is your TPM device. How was your guest configured i.e. SeaBios vs. OVMF, Q35 or i440FX? Are you using kvm/qemu with libvirt or just qemu on the command line? Any info/pointers would be appreciated.

Thanks,

K

Revision history for this message
Nelson Chan (nelson-bigmouth) wrote :

My laptop has a TPM 1.2 chip made by IFX (dmesg: tpm_tis 00:07: 1.2 TPM (device-id 0x1B, rev-id 16))

I couldn't get it to work in libvirt (I am running ubuntu 17.04) until I upgraded my Windows 10 to version 1607. I needed to change the CPU to "core2duo" first before I could apply the version 1607 patch (if you don't do that, you can never apply the patch). After applying this Windows patch, Windows can detect and use the TPM device assigned to it successfully.

Revision history for this message
Thomas Huth (th-huth) wrote :

The QEMU project is currently considering to move its bug tracking to another system. For this we need to know which bugs are still valid and which could be closed already. Thus we are setting older bugs to "Incomplete" now.
If you still think this bug report here is valid, then please switch the state back to "New" within the next 60 days, otherwise this report will be marked as "Expired". Or mark it as "Fix Released" if the problem has been solved with a newer version of QEMU already. Thank you and sorry for the inconvenience.

Changed in qemu:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for QEMU because there has been no activity for 60 days.]

Changed in qemu:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.