tpm support

[doubleddav]

Since FreeBSD 14 release, bhyve now supports TPM passthrough and emulation, which is handy for recent versions of Windows.

Just wondering if this has or will be implemented into vm-bhyve?

Thanks

[yaroslav-gwit]

I am interested in trying this out too. Could you please point me to a man page, or a patch that shows more info on the bhyve TPM emulation? I couldn't find anything so far on this subject.

Once you know the raw bhyve flags, you can pass them in as a custom VM start string in vm-bhyve.

[nunotexbsd]

Hello,

I'm running vm-bhyve-devel with success with win11 using tpm.
Don't forget to kldload tpm first.

loader="uefi"
graphics="yes"
graphics_res="1920x1080"
xhci_mouse="yes"
cpu=4
memory=4G

# put up to 8 disks on a single ahci controller.
# without this, adding a disk pushes the following network devices onto higher slot numbers,
# which causes windows to see them as a new interface
ahci_device_limit="8"

# ideally this should be changed to virtio-net and drivers installed in the guest
# e1000 works out-of-the-box

#network0_type="e1000"
network0_type="virtio-net"
network0_switch="public"

#disk0_type="ahci-hd"
#disk0_type="virtio-blk"
#disk0_type="virtio-scsi"

disk0_type="nvme"
disk0_name="disk0.img"

#disk1_type="ahci-cd"
#disk1_dev="custom"
#disk1_name="/home/nunotex/Downloads/virtio-win-0.1.240.iso"

# windows expects the host to expose localtime by default, not UTC
utctime="no"

# sound, tpm
bhyve_options="-s 1,hda,play=/dev/dsp -l tpm,passthru,/dev/tpm0"

#bhyve_options="-s 5:0,passthru,1/0/0" # sample

# nvidia passthru
#passthru0="1/0/0"
#passthru1="1/0/1"

uuid="af2a6d8d-9c0c-11ee-9989-002b67dfc673"
network0_mac="58:9c:fc:07:8e:fd"

[nunotexbsd]

(...)
How I did install virtio drivers without setup from cd and how to install win11 with nvme:
https://forums.FreeBSD.org/threads/bhyve-tpm-emulation.91254/post-633892

[yaroslav-gwit]

Doesn't the passthru mean that you can only use the tpm on a single VM exclusively?

[nunotexbsd]

Doesn't the passthu mean that you can only use the tpm on a single VM exclusively?

From https://wiki.freebsd.org/bhyve it supports passthru and emulation.
Didn't try emulation. Since its not used by freebsd OS, I'm using it passthru.

For my way of thinking, since tpm is a hardware device we can use it in any vm (if computer has it).
If system doesn't have it, emulation will be an option. (?)

[yaroslav-gwit]

Yeah that's the thing, Wiki page mentions the emulation but the man page says only passthru mode is supported. Which is a problem, if you want to use the TPM on multiple VMs at the same time.

[GogoFC]

I am interested in trying this out too. Could you please point me to a man page, or a patch that shows more info on the bhyve TPM emulation? I couldn't find anything so far on this subject.

Once you know the raw bhyve flags, you can pass them in as a custom VM start string in vm-bhyve.

I just use this on Bhyve and old Computers. It bypasses TPM and let's you install Win 11. https://github.com/AveYo/MediaCreationTool.bat
I create a Windows 11 ISO file using that and it works on bhyve as well.