UTM
UTM copied to clipboard
utmapp
TPM module emulation
Perhaps this swtpm can be incorporated https://github.com/stefanberger/swtpm
TPM seems to be already in QEMU:
In case an Arm virt machine is emulated, use the following command line:
qemu-system-aarch64 -machine virt,gic-version=3,accel=kvm
-cpu host -m 4G
-nographic -no-acpi
-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock
-tpmdev emulator,id=tpm0,chardev=chrtpm
-device tpm-tis-device,tpmdev=tpm0
-device virtio-blk-pci,drive=drv0
-drive format=qcow2,file=hda.qcow2,if=none,id=drv0
-drive if=pflash,format=raw,file=flash0.img,readonly=on
-drive if=pflash,format=raw,file=flash1.img
This is the latest as far as I can tell https://github.com/stefanberger/swtpm/issues/493
Anybody know what I'm supposed to do about this?
qemu-aarch64-softmmu: -chardev socket,id=chrtpm,path=/tmp/win11tpm/swtpm-sock: Failed to connect to '/tmp/win11tpm/swtpm-sock': Operation not permitted
FYI, this may be useful to you.
brew tap spikespaz/jacob
brew install swtpm
how to use this?
24 dec. 2021 kl. 07:34 skrev Jacob Birkett @.***>:
Anybody know what I'm supposed to do about this?
qemu-aarch64-softmmu: -chardev socket,id=chrtpm,path=/tmp/win11tpm/swtpm-sock: Failed to connect to '/tmp/win11tpm/swtpm-sock': Operation not permitted FYI, this may be useful to you.
brew tap spikespaz/jacob brew install swtpm — Reply to this email directly, view it on GitHub https://github.com/utmapp/UTM/issues/3082#issuecomment-1000680962, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGEUP5IQP26EKTG3JKOX3W3USQH7RANCNFSM5DOP7ZIA. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you are subscribed to this thread.
I have the same issue (Failed to connect to). Got swtpm running, and socket present. Since UTM runs in a sandbox, I even tried to create the socket inside the sandbox (~/Library/Containers/com.utmapp.UTM/Data/Documents/...), with same result.
I can initiate connection to the socket from my terminal though, and swtpm replies.
I can add some more details. I've started swtpm with:
/opt/homebrew/bin/swtpm socket --tpmstate dir=/Users/myuser/Documents/UTM-VMs/Windows11.utm/Images --ctrl type=unixio,path=/Users/myuser/Documents/UTM-VMs/Windows11.utm/Images/swtpm-sock --log file=/Users/myuser/swtpm.log,level=20 --tpm2
(I moved the Windows 11 VM to the Documents folder, and I am using a space-free name)
When starting QEMU with the switches:
-chardev socket,id=chrtpm,path=/Users/myuser/Documents/UTM-VMs/Windows11.utm/Images/swtpm-sock
-tpmdev emulator,id=tpm0,chardev=chrtpm
-device tpm-tis,tpmdev=tpm0
...I get the same error as @dxlr8r (I suppose):
Neither logging on the swtpm nor on the qemu side yields any result, so I investigated a bit more in the system logs (Console.app with admin privileges), and I found out that...
Sandbox: QEMULauncher(58414) deny(1) network-outbound /Users/myuser/Documents/UTM-VMs/Windows11.utm/Images/swtpm-sock
...and this probably causes...
QEMUHelper: Could not open() the item: [102: Operation not supported on socket]
UTM: nw_socket_handle_socket_event <private> Socket SO_ERROR [61: Connection refused]
I hope this can be of use to solve the issue, let me know if you want me to attempt something else.
Hi All, I have followed TPM 2.0 module installation and configuration with QEmu according to this site Software TPM Emulator For QEMU.
I setup swtpm startup procedure in terminal
Createf folder inside my UTM image
mkdir /Users/dariusz/Library/Containers/com.utmapp.UTM/Data/Documents/Windows_11_ARM.utm/mytpm0
Create TPM start file (with content below) and started
touch tpm
nano tpm
chmod +x tpm
./tpm
Content of tpm file:
swtpm socket --tpm2 --tpmstate dir=/Users/dariusz/Library/Containers/com.utmapp.UTM/Data/Documents/Windows_11_ARM.utm/mytpm0 --ctrl type=unixio,path=/Users/dariusz/Library/Containers/com.utmapp.UTM/Data/Documents/Windows_11_ARM.utm/mytpm0/swtpm-sock --log file=/Users/dariusz/tpm.log,level=20
then added the following in UTM/QEmu:
-chardev
socket,id=chrtpm,path=/Users/dariusz/Library/Containers/com.utmapp.QEMUHelper/Data/Documents/mytpm0/swtpm-sock
-tpmdev
emulator,id=tpm0,chardev=chrtpm
-device
tpm-tis-device,tpmdev=tpm0
I need to rename my system in UTM to be without spaces, as in another case I got information about operations not permitted as posted above.
When running Windows in UTM it starts spinning on the Gray screen. This is expected and as advised that will take a minute to generate keys and load Windows further. However in my instance after a short while, I received An error has occurred instead.
There is some progress but not sure where to go from there. The terminal did not show any logs and the specified log file do not show anything.
ps. after messing around I not longer have
An error has occurredbut I am back to the error reported earlierFailed to connect toandOperation not permitted.
Its highly likely that macOS/Sandbox itself blocking connection as per log from Console
Sandbox: QEMULauncher(2487) deny(1) network-outbound /Users/dariusz/Library/Containers/com.utmapp.UTM/Data/Documents/Windows_11_ARM.utm/mytpm0/swtpm-sock
Change the path for swtpm-sock to "com.utmapp.QEMUHelper" instead and create the mytpm0 folder and the tpm file(with the new path) there:
/Users/
the QEMULauncher executes the socket-sock file inside its own container and no more sandbox network-outbound error; now the VM boots OK and Windows11 recognizes the TPM 2.0 (you can verify it under the device manager)
However, the Windows driver or some missing config could not start the device...yet
Testing with the following:
-chardev
socket,id=chrtpm,path=/Users/dariusz/Library/Containers/com.utmapp.QEMUHelper/Data/Documents/mytpm0/swtpm-sock
-tpmdev
emulator,id=tpm0,chardev=chrtpm
-device
tpm-tis-device,tpmdev=tpm0
Starting TPM prior to UTM with
swtpm socket --tpm2 --tpmstate dir=/Users/dariusz/Library/Containers/com.utmapp.QEMUHelper/Data/Documents/mytpm0 --ctrl type=unixio,path=/Users/dariusz/Library/Containers/com.utmapp.QEMUHelper/Data/Documents/mytpm0/swtpm-sock --log file=/Users/dariusz/tpm.log,level=5
Can confirm that is working. Great! Now the matter of drivers to sort out :)
Relace
/dariusz/with your username
I can confirm that @idarek and @gvaldezd parameters are working on my setup, too. I'm now stuck at the same point you are (TPM detected by Win11, but not started).
Ok, doing some more tests:
If the --tpm2 option is removed (TPM 1.2 by default is used) from the swtpm setup, the tpm.log files shows a lot of activity (like everything is running fine before Windows boots), then under Device manager, listed under Memory Connections the TPM platform is OK but is not shown under Security Devices, then if you run CMD tmp.msc shows not valid TPM platform.
If we add the option --tpm2, the TPM2.0 device is not working (previous error) and the log shows less activity.
It seems there's something wrong in how Windows11Arm64 is identifying the TPM2.0 platform and the driver identified.
Would be great if there where an "out of the box" solution integrated into UTM or or a summarized "step by step" solution for Mac users. At the moment I don't really know how to realize what has been written, because it's quite messy.
Would be great if there where an "out of the box" solution integrated into UTM or or a summarized "step by step" solution for Mac users. At the moment I don't really know how to realize what has been written, because it's quite messy.
There is a "step by step" here https://github.com/utmapp/UTM/issues/3082#issuecomment-1181356717 Simples as possible, but still we don't have drivers to make it work.
Hi, just to let you know, here's the TPM emulation using VW Fusion Tech Preview for OS (with M1), is working correctly under device manager, using the same MS 2006 Driver (default) with Windows11 ARM64, don't know what the differences are with swtpm.
Because they developed and provided their driver solution for it. Behind VM Fusion is a big company with larger funds. Behind UTM there is no so much. Unless we all work together to get this working, there is no golden solution for that.
I just want to show the memory range is different on VWF and is correctly recognized by the same driver on W11, the SWTPM uses C000000 and have conflicts.. UTM uses QEMU maybe the answer is modifying some code/driver there.
Looks like the issue with TPM2.0 might be a UEFI firmware issue, and the OVMF image edk2-aarch64-code.fd from upstream QEMU might need to be rebuilt with TPM2_ENABLE. https://groups.google.com/g/linux.debian.bugs.dist/c/KIARY7bL5RI
It seems the upstream EDK2 defaults for the ArmVirtQemu.dsc that AFAICT is the basis for the firmware in upstream QEMU does not include TPM2.0 support: https://github.com/tianocore/edk2/blob/b92298a/ArmVirtPkg/ArmVirtQemu.dsc#L32
It looks somewhat straightforward to build a custom UEFI image following Gerd Hoffman's instructions here: https://www.kraxel.org/blog/2022/05/edk2-virt-quickstart/
edit
Gave this a shot myself. With the updated EFI image (built with build -t GCC5 -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc -D TPM2_ENABLE -D SECURE_BOOT_ENABLE), I get a whole lot more chatter out of the swtpm log in --tpm2 mode, but I still see a code 10 error in Device Manager, so it looks like something's not entirely happy yet.
Are there any limitations in Windows11 without TPM2.0? I'm using windows11 2021H2 and wanna to upgrade to 2022H2 but failed because of missing TPM2.0 and SecureBoot. I don't want a clean setup, so I tried Rufus(https://rufus.ie/en/) and it has to create bootable u-disk from iso, and it has option to remove TPM2.0 and secure boot limitation of windows setup program. And then I used setup.exe in u-disk to upgrade windows. It works.
@ehntoo Thanks for your research! Just wondered if you've been able to get it work after all?
Since we can't update Windows 11 Arm automatically without TMP 2.0, does anyone know of another method that does not require wiping and reinstalling? The funny thing is I JUST downloaded the damn thing today FROM Microsoft, yet when I boot it up it tells me it is expired. WTF?
OK all. I found an article that explains how to force windows 11 arm into the dev channel. Tested and it is updating as I type.
https://winaero.com/how-to-enable-windows-11-dev-channel-on-unsupported-device/
EDIT: sorry, update fails.
does anyone know of another method that does not require wiping and reinstalling
@phirestalker Have you come up with an answer?
@phirestalker Have you come up with an answer?
I gave up and think I will wait for a real release of Windows 11 arm. I am just using my windows box with RDP for now.
Testing with the following:
-chardev socket,id=chrtpm,path=/Users/dariusz/Library/Containers/com.utmapp.QEMUHelper/Data/Documents/mytpm0/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis-device,tpmdev=tpm0Starting TPM prior to UTM with
swtpm socket --tpm2 --tpmstate dir=/Users/dariusz/Library/Containers/com.utmapp.QEMUHelper/Data/Documents/mytpm0 --ctrl type=unixio,path=/Users/dariusz/Library/Containers/com.utmapp.QEMUHelper/Data/Documents/mytpm0/swtpm-sock --log file=/Users/dariusz/tpm.log,level=5Can confirm that is working. Great! Now the matter of drivers to sort out :)
Relace
/dariusz/with your username
Where do I put this?
