Set up a virtual TPM for use in qemu/libvirt on Fedora 23+

Owned by Nick Miller
Last updated: Aug 04, 2016
1 min read

Step-by-step guide

  1. Install the @virtualization package group in fedora to install libvirt
  2. If you want to use the packages already compiled, skip to Step 4.

  3. a. Initialize a clean mock chroot: 

    mock -r fedora-24-x86_64 --init


    b. Install the following dependencies, taken from https://github.com/stefanberger/swtpm/blob/master/INSTALL

    mock -r fedora-24-x86_64 --install sudo dnf install -y automake autoconf bash coreutils expect libtool sed libtpms libtpms-devel fuse fuse-devel glib2 glib2-devel gmp gmp-devel nss-devel net-tools selinux-policy-devel gnutls gnutls-devel libtasn1 libtasn1-tools libtasn1-devel rpm-build socat kernel-modules-extra tpm-tools

     

    c. Enter the chroot and clone the swtpm repo:

    mock -r fedora-24-x86_64 --shell
cd /
git clone https://github.com/stefanberger/swtpm.git
cd swtpm

     

    d. Compile and install swtpm:

    ./bootstrap.sh
./configure --prefix=/usr
make
make check 			# This might not work :(

     

    e. If everything succeeded thusfar, create the srpm and rpm and install:

    make dist
cp *.tar.gz /builddir/build/SOURCES
# Remove the %check lines from the .spec file if make check did not succeed.
rpmbuild -bs dist/swtpm.spec
rpmuild -ba dist/swtpm.spec
 
# As root, outside of the mock chroot:
cp /var/lib/mock/fedora-24-x86_64/root/builddir/build/RPMS/* <some_desirable_location>
dnf install <some_desireable_location>*.rpm

  4. To install our pre-compiled rpms:

    sudo dnf copr enable jeefberkey/swtpm
sudo dnf install swtpm

  5. To install our pre-compiled qemu:

    sudo dnf copr enable jeefberkey/qemu-tpm
sudo dnf update

  6. Run the swtpm setup script (sudo or as root) to initialize and create a virtual TPM device.  Note default parameters will create /dev/vtpm0.  You must run this script and load a TPM every time you use it in libvirt, because it self-destructs after it detects that it isn't being used anymore. You may also have to disable SElinux for now until a workaround is found.

     

  7. Add the generated XML from step 6 to your virtual machine's XML file and create it!

     

    Use start_tpm_vm.sh
    sudo virsh create your_tmp_vm.xml