# SOLVED: Problem with TPM2: tpm2-abrmd fails to start 0xa000a

## ipic

Whilst I have no desire to use secure boot on my desk PC, I do want to allow some KVM Virtual Machines to use TPM2 secure boot. I'm having trouble finding anything of help, so hoping someone here has done this on Gentoo.

This is where I have got to:

1) Enabled TPM2 in the bios and enabled some kernel options:

```

# zcat /proc/config.gz | grep -i tpm

CONFIG_TCG_TPM=y

CONFIG_HW_RANDOM_TPM=y

# CONFIG_TCG_VTPM_PROXY is not set

# CONFIG_DTPM is not set

# dmesg | grep -i rog

[    0.000000] DMI: System manufacturer System Product Name/ROG STRIX B450-F GAMING, BIOS 2901 10/16/2019

...

# dmesg | grep -i tpm

[    0.000000] efi: TPMFinalLog=0xdb3eb000 ACPI 2.0=0xdae51000 ACPI=0xdae51000 SMBIOS=0xdc393000 SMBIOS 3.0=0xdc392000 ESRT=0xd797fe18 MEMATTR=0xd70de018 

[    0.005741] ACPI: TPM2 0x00000000DAE6C658 000034 (v03 ALASKA A M I    00000001 AMI  00000000)

[    0.005772] ACPI: Reserving TPM2 table memory at [mem 0xdae6c658-0xdae6c68b]

[    0.977972] tpm_crb MSFT0101:00: [Firmware Bug]: ACPI region does not cover the entire command/response buffer. [mem 0xdae14000-0xdae14fff flags 0x200] vs dae14000 4000

[    0.977984] tpm_crb MSFT0101:00: [Firmware Bug]: ACPI region does not cover the entire command/response buffer. [mem 0xdae18000-0xdae18fff flags 0x200] vs dae18000 4000

# ls -l /dev/tpm*

crw------- 1 root root  10,   224 Dec  6 09:54 /dev/tpm0

crw------- 1 root root 253, 65536 Dec  6 09:54 /dev/tpmrm0

# tree -f /sys/class/tpm

/sys/class/tpm

└── /sys/class/tpm/tpm0 -> ../../devices/LNXSYSTM:00/LNXSYBUS:00/MSFT0101:00/tpm/tpm0

# tree -f /sys/class/tpm/tpm0

/sys/class/tpm/tpm0

├── /sys/class/tpm/tpm0/dev

├── /sys/class/tpm/tpm0/device -> ../../../MSFT0101:00

├── /sys/class/tpm/tpm0/pcr-sha1

│   ├── /sys/class/tpm/tpm0/pcr-sha1/0

│   ├── /sys/class/tpm/tpm0/pcr-sha1/1

│   ├── /sys/class/tpm/tpm0/pcr-sha1/10

│   ├── /sys/class/tpm/tpm0/pcr-sha1/11

│   ├── /sys/class/tpm/tpm0/pcr-sha1/12

│   ├── /sys/class/tpm/tpm0/pcr-sha1/13

│   ├── /sys/class/tpm/tpm0/pcr-sha1/14

│   ├── /sys/class/tpm/tpm0/pcr-sha1/15

│   ├── /sys/class/tpm/tpm0/pcr-sha1/16

│   ├── /sys/class/tpm/tpm0/pcr-sha1/17

│   ├── /sys/class/tpm/tpm0/pcr-sha1/18

│   ├── /sys/class/tpm/tpm0/pcr-sha1/19

│   ├── /sys/class/tpm/tpm0/pcr-sha1/2

│   ├── /sys/class/tpm/tpm0/pcr-sha1/20

│   ├── /sys/class/tpm/tpm0/pcr-sha1/21

│   ├── /sys/class/tpm/tpm0/pcr-sha1/22

│   ├── /sys/class/tpm/tpm0/pcr-sha1/23

│   ├── /sys/class/tpm/tpm0/pcr-sha1/3

│   ├── /sys/class/tpm/tpm0/pcr-sha1/4

│   ├── /sys/class/tpm/tpm0/pcr-sha1/5

│   ├── /sys/class/tpm/tpm0/pcr-sha1/6

│   ├── /sys/class/tpm/tpm0/pcr-sha1/7

│   ├── /sys/class/tpm/tpm0/pcr-sha1/8

│   └── /sys/class/tpm/tpm0/pcr-sha1/9

├── /sys/class/tpm/tpm0/pcr-sha256

│   ├── /sys/class/tpm/tpm0/pcr-sha256/0

│   ├── /sys/class/tpm/tpm0/pcr-sha256/1

│   ├── /sys/class/tpm/tpm0/pcr-sha256/10

│   ├── /sys/class/tpm/tpm0/pcr-sha256/11

│   ├── /sys/class/tpm/tpm0/pcr-sha256/12

│   ├── /sys/class/tpm/tpm0/pcr-sha256/13

│   ├── /sys/class/tpm/tpm0/pcr-sha256/14

│   ├── /sys/class/tpm/tpm0/pcr-sha256/15

│   ├── /sys/class/tpm/tpm0/pcr-sha256/16

│   ├── /sys/class/tpm/tpm0/pcr-sha256/17

│   ├── /sys/class/tpm/tpm0/pcr-sha256/18

│   ├── /sys/class/tpm/tpm0/pcr-sha256/19

│   ├── /sys/class/tpm/tpm0/pcr-sha256/2

│   ├── /sys/class/tpm/tpm0/pcr-sha256/20

│   ├── /sys/class/tpm/tpm0/pcr-sha256/21

│   ├── /sys/class/tpm/tpm0/pcr-sha256/22

│   ├── /sys/class/tpm/tpm0/pcr-sha256/23

│   ├── /sys/class/tpm/tpm0/pcr-sha256/3

│   ├── /sys/class/tpm/tpm0/pcr-sha256/4

│   ├── /sys/class/tpm/tpm0/pcr-sha256/5

│   ├── /sys/class/tpm/tpm0/pcr-sha256/6

│   ├── /sys/class/tpm/tpm0/pcr-sha256/7

│   ├── /sys/class/tpm/tpm0/pcr-sha256/8

│   └── /sys/class/tpm/tpm0/pcr-sha256/9

├── /sys/class/tpm/tpm0/power

│   ├── /sys/class/tpm/tpm0/power/autosuspend_delay_ms

│   ├── /sys/class/tpm/tpm0/power/control

│   ├── /sys/class/tpm/tpm0/power/runtime_active_time

│   ├── /sys/class/tpm/tpm0/power/runtime_status

│   └── /sys/class/tpm/tpm0/power/runtime_suspended_time

├── /sys/class/tpm/tpm0/ppi

│   ├── /sys/class/tpm/tpm0/ppi/request

│   ├── /sys/class/tpm/tpm0/ppi/response

│   ├── /sys/class/tpm/tpm0/ppi/tcg_operations

│   ├── /sys/class/tpm/tpm0/ppi/transition_action

│   ├── /sys/class/tpm/tpm0/ppi/version

│   └── /sys/class/tpm/tpm0/ppi/vs_operations

├── /sys/class/tpm/tpm0/subsystem -> ../../../../../../class/tpm

├── /sys/class/tpm/tpm0/tpm_version_major

└── /sys/class/tpm/tpm0/uevent

6 directories, 62 files

# cat /sys/class/tpm/tpm*/tpm_version_major

2

```

From what information I can find, I think this means that the motherboard TPM module has been detected, devices have been created, and the version is TPM2.

2) Install the TPM2 software:

```

>>> Emerging (1 of 3) acct-group/tss-0-r1::gentoo

>>> Installing (1 of 3) acct-group/tss-0-r1::gentoo

>>> Emerging (2 of 3) acct-user/tss-0-r1::gentoo

>>> Installing (2 of 3) acct-user/tss-0-r1::gentoo

>>> Emerging (1 of 2) app-crypt/tpm2-tss-3.1.0::gentoo

>>> Installing (1 of 2) app-crypt/tpm2-tss-3.1.0::gentoo

>>> Emerging (2 of 2) app-crypt/tpm2-tools-5.2::gentoo

>>> Installing (2 of 2) app-crypt/tpm2-tools-5.2::gentoo

>>> Emerging (1 of 1) app-crypt/tpm2-abrmd-2.4.0::gentoo

>>> Installing (1 of 1) app-crypt/tpm2-abrmd-2.4.0::gentoo

```

What I *think* needs to be done now is to start the TPM broker service - as provided by tpm2-abrmd.

When I do this, I get (in syslog):

```

Dec  6 13:03:23 ian2 /etc/init.d/tpm2-abrmd[28778]: You have to create an init script for each container:

Dec  6 13:03:23 ian2 /etc/init.d/tpm2-abrmd[28781]:  ln -s lxc /etc/init.d/lxc.container

Dec  6 13:03:23 ian2 start-stop-daemon[28974]: pam_unix(start-stop-daemon:session): session opened for user tss(uid=59) by (uid=0)

Dec  6 13:03:23 ian2 tpm2-abrmd[28974]: tcti_conf after: "device:/dev/tpm0"

Dec  6 13:03:23 ian2 tpm2-abrmd[28974]: init_thread_func: failed to create TCTI with conf "device:/dev/tpm0", got RC: 0xa000a

```

... and the daemon exits.

At this point I am stumped.

I can see some articles suggesting I need to "take ownership" of the TPM module, and say this is done using  tpm2_takeownership. Since this command is not provided by tpm2_tools, it would appear to be out of date.

I've searched for the error code (0xa000a) but can't find anything that tells me what the issue is.

So, stumped.

I would be grateful for any advice.Last edited by ipic on Wed Dec 08, 2021 4:35 pm; edited 1 time in total

----------

## ipic

Spotted my first mistake, I installed the tpm2 software *after* the tpm devices were created.

tpm2-tss drops a udev rules file for the devices, so after reboot they look like this:

```
# ls -lh /dev/tpm*

crw-rw---- 1 tss root  10,   224 Dec  6 15:21 /dev/tpm0

crw-rw---- 1 tss tss  253, 65536 Dec  6 15:21 /dev/tpmrm0
```

..and tpm2-abrmd runs as tss user. So the service now starts..

```
Dec  6 15:25:35 ian2 start-stop-daemon[9234]: pam_unix(start-stop-daemon:session): session opened for user tss(uid=59) by (uid=0)

Dec  6 15:25:35 ian2 tpm2-abrmd[9234]: tcti_conf after: "device:/dev/tpm0"
```

The specific error in the title is thus "permissions error", should anyone else see this.

I'm not going to mark this as solved yet, since I still think I need to take ownership of the TPM - and finding anything on that is proving elusive.

----------

## alamahant

Apparently you have to install

```

app-crypt/swtpm

```

in the host.

and also when creating your vm plz choose UEFI with

```

OVMF_CODE.secboot.fd

```

Have you installed

```

edk2-ovmf

```

?

You also need to edit VM xml file to enable tpm.

Plz see

https://getlabsdone.com/how-to-enable-tpm-and-secure-boot-on-kvm/[/code]

----------

## ipic

 *alamahant wrote:*   

> Apparently you have to install
> 
> ```
> 
> app-crypt/swtpm
> ...

 

Many thanks for your response.

I have sys-firmware/edk2-ovmf installed, and I can see it supplies the file /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd

However I am puzzled by the need for app-crypt/swtpm. From its description:

```
Libtpms-based TPM emulator
```

Why do I need to emulate a TPM when I have one in the host hardware?

I can see in the article this xml:

```
<backend type='emulator' version='2.0'/>
```

 but that makes me think that there are other options besides 'emulator'.

Is there a place where the XML options are be documented?

----------

## ipic

https://libvirt.org/formatdomain.html#tpm-device Found this that describes the tpm xml structure.

It seems that using the hardware is complicated  :Sad: 

----------

## alamahant

If you want to "passthrough" host tpm chip to guest you should use

```

intel_iommu=on

or

amd_iommu=on

```

as a kernel parameter and create a file

/etc/modprobe.d/vfio.conf

```

options vfio-pci ids=xxxx:yyyy

```

You can get the tpm chip id by

lspci -nnk

hopefully.

----------

## ipic

Going down the swtpm route, I got the UEFI boot working, but when I look at the BIOS page for setting secure boot, the option to enable secure boot cannot be selected.

It shows "disabled", and selecting it just moves to the next option.

My OS XML section looks like this:

```

  <os>

    <type arch="x86_64" machine="pc-q35-4.2">hvm</type>

    <loader readonly="yes" secure="yes" type="pflash">/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd</loader>

    <nvram>/usr/share/edk2-ovmf/OVMF_VARS.fd</nvram>

    <boot dev="hd"/>

    <bootmenu enable="yes"/>

  </os>

```

The presentation of the TPM2 device is working, since the guest VM can see it - and claims to see a working TPM2 security device.

Changing pc-q35-4.2 to pc-i440fx-4.2 clashes with all the PCI settings (pcie-root to pci-root required). Would that make the difference?

I'm well outside my knowledge zone here  :Sad: 

Not sure if it helps, but here is the full qemu command for the running VM:

```

/usr/bin/qemu-system-x86_64 -name guest=garmin-updater-64,debug-threads=on

 -S -object {"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain-14-garmin-updater-64/master-key.aes"}

 -blockdev {"driver":"file","filename":"/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}

 -blockdev {"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"} 

 -blockdev {"driver":"file","filename":"/usr/share/edk2-ovmf/OVMF_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"} 

 -blockdev {"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"} 

 -machine pc-q35-4.2,accel=kvm,usb=off,vmport=off,smm=on,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,memory-backend=pc.ram 

 -cpu EPYC-Rome,x2apic=on,tsc-deadline=on,hypervisor=on,tsc-adjust=on,arch-capabilities=on,xsaves=on,cmp-legacy=on,virt-ssbd=on,svme-addr-chk=on,rdctl-no=on,skip-l1dfl-vmentry=on,mds-no=on,pschange-mc-no=on,clwb=off,umip=off,rdpid=off,wbnoinvd=off,amd-stibp=off,hv-time,hv-relaxed,hv-vapic,hv-spinlocks=0x1fff,hv-vpindex,hv-runtime,hv-synic,hv-stimer,hv-stimer-direct,hv-tlbflush 

 -global driver=cfi.pflash01,property=secure,value=on -m 4096 

 -object {"qom-type":"memory-backend-ram","id":"pc.ram","size":4294967296} 

 -overcommit mem-lock=off 

 -smp 4,sockets=1,dies=1,cores=4,threads=1 

 -uuid 4680420d-a4c7-4c5f-9355-d498d041f3fa 

 -no-user-config -nodefaults 

 -chardev socket,id=charmonitor,fd=43,server=on,wait=off 

 -mon chardev=charmonitor,id=monitor,mode=control 

 -rtc base=localtime,driftfix=slew 

 -global kvm-pit.lost_tick_policy=delay -no-shutdown 

 -global ICH9-LPC.disable_s3=1 

 -global ICH9-LPC.disable_s4=1 

 -boot menu=on,strict=on 

 -device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2 

 -device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1 

 -device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2 

 -device pcie-root-port,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3 

 -device pcie-root-port,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4 

 -device pcie-root-port,port=0x15,chassis=6,id=pci.6,bus=pcie.0,addr=0x2.0x5 

 -device pcie-root-port,port=0x16,chassis=7,id=pci.7,bus=pcie.0,addr=0x2.0x6 

 -device pcie-root-port,port=0x17,chassis=8,id=pci.8,bus=pcie.0,addr=0x2.0x7 

 -device pcie-pci-bridge,id=pci.9,bus=pci.8,addr=0x0 

 -device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.2,addr=0x0 

 -device virtio-serial-pci,id=virtio-serial0,bus=pci.3,addr=0x0 

 -blockdev {"driver":"host_device","filename":"/dev/vg00/vbox-garmin-updater","aio":"native","node-name":"libvirt-2-storage","cache":{"direct":true,"no-flush":false},"auto-read-only":true,"discard":"unmap"} 

 -blockdev {"node-name":"libvirt-2-format","read-only":false,"cache":{"direct":true,"no-flush":false},"driver":"raw","file":"libvirt-2-storage"} 

 -device virtio-blk-pci,bus=pci.6,addr=0x0,drive=libvirt-2-format,id=virtio-disk1,bootindex=1,write-cache=on 

 -blockdev {"driver":"file","filename":"/share/gentoo_downloads/vm-livecd-amd64-2020-06-20.iso","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"} 

 -blockdev {"node-name":"libvirt-1-format","read-only":true,"driver":"raw","file":"libvirt-1-storage"} -device ide-cd,bus=ide.1,drive=libvirt-1-format,id=sata0-0-1 -netdev tap,fd=45,id=hostnet0,vhost=on,vhostfd=46 

 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:96:47:02,bus=pci.1,addr=0x0 -netdev tap,fd=47,id=hostnet1,vhost=on,vhostfd=49 

 -device virtio-net-pci,netdev=hostnet1,id=net1,mac=52:54:00:67:99:e5,bus=pci.7,addr=0x0 -chardev pty,id=charserial0 

 -device isa-serial,chardev=charserial0,id=serial0 

 -chardev pty,id=charchannel0 

 -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 

 -tpmdev emulator,id=tpm-tpm0,chardev=chrtpm 

 -chardev socket,id=chrtpm,path=/run/libvirt/qemu/swtpm/14-garmin-updater-64-swtpm.sock 

 -device tpm-tis,tpmdev=tpm-tpm0,id=tpm0 

 -device usb-tablet,id=input2,bus=usb.0,port=3 

 -audiodev id=audio1,driver=spice -spice port=5906,addr=127.0.0.1,disable-ticketing=on,image-compression=off,seamless-migration=on 

 -vnc 127.0.0.1:7,audiodev=audio1 

 -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pcie.0,addr=0x1 

 -device intel-hda,id=sound0,bus=pci.9,addr=0x1 

 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0,audiodev=audio1 

 -chardev spicevmc,id=charredir0,name=usbredir 

 -device usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=2 

 -chardev spicevmc,id=charredir1,name=usbredir 

 -device usb-redir,chardev=charredir1,id=redir1,bus=usb.0,port=1 

 -device virtio-balloon-pci,id=balloon0,bus=pci.4,addr=0x0,deflate-on-oom=on 

 -object {"qom-type":"rng-random","id":"objrng0","filename":"/dev/urandom"} 

 -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pci.5,addr=0x0 

 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny 

 -msg timestamp=on

```

----------

## salahx

Underneath the "Current Secure Boot" state there should be another option: Attempt Secure Boot. Check it (or X it, rather). save the changes then reboot. That should enable Secure Boot.

----------

## ipic

 *salahx wrote:*   

> Underneath the "Current Secure Boot" state there should be another option: Attempt Secure Boot. Check it (or X it, rather). save the changes then reboot. That should enable Secure Boot.

 

The "Attempt secure boot" is there, but it's greyed out, and can't be selected (cursor just flips over it to the custom setup option).

----------

## salahx

This look suspicious: 

```

 -blockdev {"driver":"file","filename":"/usr/share/edk2-ovmf/OVMF_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"} 

```

On mine, it point to a COPY of that file:

```

 -blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/win10_VARS.fd" ,"node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}

```

Perhaps that's the issue, as it cannot save the secure boot vars into the virtualized flash.

----------

## alamahant

Plz try with 

```

OVMF_CODE.fd

```

also

----------

## ipic

 *salahx wrote:*   

> This look suspicious: 
> 
> ```
> 
>  -blockdev {"driver":"file","filename":"/usr/share/edk2-ovmf/OVMF_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"} 
> ...

 

I made a copy of /usr/share/edk2-ovmf/OVMF_VARS.fd in /var/lib/libvirt/qemu/nvram/garmin-updater-64_VARS.fd and gave that file qemu:qemu ownership.

Changed the XML to this:

```
<nvram>/var/lib/libvirt/qemu/nvram/garmin-updater-64_VARS.fd</nvram>
```

The command line shows the change:

```
-blockdev {"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/garmin-updater-64_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}
```

Unfortunately the problem remains - secure boot or try secure boot cannot be selected.

----------

## ipic

 *alamahant wrote:*   

> Plz try with 
> 
> ```
> 
> OVMF_CODE.fd
> ...

 

I tried OVMF_CODE.fd.

The option for secure boot is not displayed at all in the menu with this.

----------

## salahx

I think you have the permission wrong on /var/lib/libvirt/qemu/nvram/garmin-updater-64_VARS.fd

On my machine is created as follows: 

```

File: /var/lib/libvirt/qemu/nvram/garmin-updater-64_VARS.fd

Size: 131072       Blocks: 256        IO Block: 4096   regular file

Device: fd0ch/64780d   Inode: 393266      Links: 1

Access: (0600/-rw-------)  Uid: (    0/    root)   Gid: (    0/    root)

```

On the parent directory though:

```

File: /var/lib/libvirt/qemu/nvram

Size: 4096         Blocks: 8          IO Block: 4096   directory

Device: fd0ch/64780d   Inode: 393264      Links: 2

Access: (0755/drwxr-xr-x)  Uid: (   77/    qemu)   Gid: (   77/    qemu)

```

----------

## salahx

Actually, maybe i'm not quite on the right track but close. After playing with a VM on my own I'm not in the same predicament as you. But I think I know's wrong now.

There's a hint tin the ebuild:

```

# TODO: the binary 202105 package currently lacks the preseeded

#       OVMF_VARS.secboot.fd file (that we typically get from fedora)

```

The problem is without that file we have to get it from  a distribution the ships like (lie Fedora) or create it yourself. You find it in the edk2-ovmf nosrc RPM (which requires some work to find) 

If you can own certificate or Fedora. Fedora's certificate is as follows (it can be found the EDK source RPM). It's called "RedHatSecureBootPkKek1.pem"

```
-----BEGIN CERTIFICATE-----

MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV

BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG

9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx

MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L

RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB

IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw

+d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31

huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B

bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr

3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x

y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID

AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy

YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww

HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD

ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c

3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N

1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol

qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw

NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL

R+SqIs/vdWGA40O3SFdzET14m2k=

-----END CERTIFICATE-----
```

Now comes the tricky part. The tool we need to run expects PEM the certificate in the SMBIOS data as an OEM (type 11) key with a certain GUID (4e32566d-8e9e-4f52-81d3-5bb9715f9727). IF you are using libvirt, you'll need to add the following:

```
<os>

  ...

  <smbios mode='sysinfo'/>

</os>

 <sysinfo type='smbios'>

    <oemStrings>

        <entry>4e32566d-8e9e-4f52-81d3-5bb9715f9727:MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNVBAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcxMDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9LRUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw+d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2BbajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7xy+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuwwHwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQADggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQolqXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRwNuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrLR+SqIs/vdWGA40O3SFdzET14m2k</entry>

    </oemStrings>

  </sysinfo>
```

(libvirt doesn't care about whitespace, so its OK if the entry is split on multiple lines)

You can also pass it directly to QEMU the options is 

```
-smbios type=11,file=RedHatSecureBootPkKek1.pem
```

.

Now have the VM boot from the CD image located in /usr/share/edk2-ovmf/UefiShell.img. Run the EnrollDefaultKeys.efi and it should enable secure boot. IT should succeed!

The smbios entry is only needed for the provisioning. You can remove it afterwards if you wish.

----------

## ipic

Many thanks for the comprehensive reply. It has really helped me understand what is going on.

I should have guessed of course - its cryptographic black magic   :Confused: 

Your explanation lead me to the git repository: https://github.com/rhuefi/qemu-ovmf-secureboot

I had a go following the process described there, but I couldn't get past a qemu instance that just looped forever.

So I decided to have a go at your RPM suggestion: 

 *salahx wrote:*   

> 
> 
> The problem is without that file we have to get it from  a distribution the ships like (lie Fedora) or create it yourself. You find it in the edk2-ovmf nosrc RPM (which requires some work to find) 
> 
> 

 

I found this page for RPM downloads: https://rpmfind.net/linux/rpm2html/search.php?query=edk2-ovmf

I downloaded the CentOS one (top of the list basically) and extracted the two secboot.fd files to the /var/lib/libvirt/qemu/nvram directory.

I then made a copy of the VARS file, called it <machine-name>_VARS.secboot.fd

Adjusted the VM's XML to point to the two new files, and on boot the bios settings now showed secure boot enabled and the attempt secure boot option checked.

Boot into Windows VM confirms that Windows thinks secure boot is enabled, and also (from earlier in the thread) that a TPM2 module is available.

Just for completeness, the XML for the TPM2 emulation module is this:

```

<devices>

.....

    <tpm model="tpm-tis">

      <backend type="emulator" version="2.0"/>

    </tpm>

.....

</devices>

```

If this is present, a copy of app-crypt/swtpm is started automatically, so you have to have that installed.

This is where I was hoping to get to, so many thanks again for your help, without which I would not have had a clue.

For anyone reading this thread and trying something similar - it is VERY important that you use a matching pair of CODE and VARS files. I suspect they are signed as a pair. I tried just replacing the VARS file, and the loader displayed a black screen and went no further.

Also, the ownership of the VARS file can start as root:root. After the machine has booted, it changes ownership to what it wants (qemu:qemu in my case).

I'm going to mark this as SOLVED now - even though my hardware TPM2 module is still a total mystery to me.

----------

