Ako povoliť TPM a secure boot na KVM

Ako povoliť TPM a secure boot na KVM

Installation of TPM on Ubuntu KVM.

To emulate the TPM, we are going to install a software called swtpm-tools. And it works great with the KVM.

Since it is not available to download from the default ubuntu repository, you must add the below repository to Ubuntu.

http://ppa.launchpad.net/stefanberger/swtpm-focal/ubuntu

You must find the Ubuntu version before you proceed.

To check the version of Ubuntu, you can enter the below command.

lsb_release -a

saif@saif-KVM:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.3 LTS
Release:        20.04
Codename:       focal

As I am using the Ubuntu version 20.04, my Ubuntu codename is focal, so you must use the version’s codename.

To add the repository, go to sudo nano /etc/apt/sources.list and add the below line.

deb [trusted=yes] http://ppa.launchpad.net/stefanberger/swtpm-focal/ubuntu focal main
 

And update the repository using the command sudo apt-get update.

Now that we have added the repository, let’s go ahead and install the swtpm on our machine. To install, enter the below command.

sudo apt-get install swtpm-tools -y

 

That’s it, you have successfully installed Software TPM binary for your KVM host.

You can check the version that you have installed by typing the command swtpm –version.

saif@saif-KVM:~$ swtpm --version
TPM emulator version 0.6.1, Copyright (c) 2014-2021 IBM Corp.
saif@saif-KVM:~$

To add the TPM via the command line.

Shut down the VM with the below command.

virsh shutdown <vmname>

or

virsh destroy <vmname>

Edit the VM configuration using the command virsh edit <vmname>

This will let you edit the XML file of your VM, add the below line.

<tpm model='tpm-tis'>
      <backend type='emulator' version='2.0'/>
      <alias name='tpm0'/>
    </tpm>

Alright, we have enabled the TPM on the KVM. Let’s go ahead and enable secure boot as well.

Enable secure-boot/UEFI on KVM.

The secure boot/UEFI is available by default when you have installed the KVM program on your machine. If it is not available by any chance, you may enter the command below to install it.

sudo apt install ovmf

To enable Secure boot or UEFI boot, click on the Overview option during the VM installation and change the following settings.

  • Chipset – i440FX
  • Firmware – UEFI x86_64:/usr/share/OVMF/OVMF_CODE.fd

And click on Apply.

Marek Mihók

Vyhľadávanie

Kategórie

Posledné príspevky

pmbootstrap

pmbootstrap

Phosh nastavenie pozadia

Phosh nastavenie pozadia

Porovnanie mobile linux distribucii

Porovnanie mobile linux distribucii

Zmena pozadia Mobian

Zmena pozadia Mobian

Waydroid

Waydroid

Tagy