Running VirtualBox with own swtpm instance

[akorb]

My overall goal is to sniff on TPM communication of a guest OS to the software TPM.

In cygwin I launch the swtpm with:

swtpm socket --tpmstate dir=. --tpm2 --ctrl type=tcp,port=2321 --server type=tcp,port=2322 --log fd=1,level=20

and I tell the guest about this swtpm process with:

.\VBoxManage.exe modifyvm "Ubuntu 24.04" --tpm-type=swtpm --tpm-location=127.0.0.1:2321

Ubuntu boots fine, but in dmesg it is logging:

[    0.866860] ima: No TPM chip found, activating TPM-bypass!

However, this control communication to the swtpm works. Output of swtpm process:

 Ctrl Cmd: length 4
 00 00 00 01
 Ctrl Rsp: length 8
 00 00 00 00 00 01 EF FF
 Ctrl Cmd: length 20
 00 00 00 12 00 00 00 00 00 00 00 01 00 00 00 00
 00 00 00 00
 Ctrl Rsp: length 75
 00 00 00 00 00 00 00 3F 00 00 00 3F 7B 22 54 50
 4D 53 70 65 63 69 66 69 63 61 74 69 6F 6E 22 3A
 7B 22 66 61 6D 69 6C 79 22 3A 22 32 2E 30 22 2C
 22 6C 65 76 65 6C 22 3A 30 2C 22 72 65 76 69 73
 69 6F 6E 22 3A 31 38 33 7D 7D 00
 Ctrl Cmd: length 8
 00 00 00 11 00 00 00 00
 Ctrl Rsp: length 16
 00 00 00 00 00 00 10 00 00 00 0A F8 00 00 10 00
 Ctrl Cmd: length 8
 00 00 00 11 00 00 0F 80
 Ctrl Rsp: length 16
 00 00 00 00 00 00 0F 80 00 00 0A F8 00 00 10 00
 Ctrl Cmd: length 8
 00 00 00 02 00 00 00 00
 Tested: RSA-1024-sign(SHA1, pkcs1-pss)
 Tested: RSA-1024-sign(SHA1, pkcs1)
 Tested: RSA-2048-sign(SHA1, pkcs1-pss)
 Tested: RSA-2048-sign(SHA1, pkcs1)
 Tested: camellia-128
 Tested: camellia-256
 Tested: tdes
 Ctrl Rsp: length 4
 00 00 00 00
 Ctrl Cmd: length 4
 00 00 00 04
 Ctrl Rsp: length 8
 00 00 00 00 00 00 00 00

When I set the Ubuntu guest in VirtualBox to EFI, the machine doesn't boot with

BdsDxe: No bootable option or device was found.
BdsDxe: Press any key to enter the Boot Manager Menu.

But I guess that is unrelated. Nevertheless, with EFI enabled, there happens command communication, not only control communication. A part from the start of the logs of swtpm:

 Ctrl Cmd: length 4
 00 00 00 01
 Ctrl Rsp: length 8
 00 00 00 00 00 01 EF FF
 Ctrl Cmd: length 20
 00 00 00 12 00 00 00 00 00 00 00 01 00 00 00 00
 00 00 00 00
 Ctrl Rsp: length 75
 00 00 00 00 00 00 00 3F 00 00 00 3F 7B 22 54 50
 4D 53 70 65 63 69 66 69 63 61 74 69 6F 6E 22 3A
 7B 22 66 61 6D 69 6C 79 22 3A 22 32 2E 30 22 2C
 22 6C 65 76 65 6C 22 3A 30 2C 22 72 65 76 69 73
 69 6F 6E 22 3A 31 38 33 7D 7D 00
 Ctrl Cmd: length 8
 00 00 00 11 00 00 00 00
 Ctrl Rsp: length 16
 00 00 00 00 00 00 10 00 00 00 0A F8 00 00 10 00
 Ctrl Cmd: length 8
 00 00 00 11 00 00 0F 80
 Ctrl Rsp: length 16
 00 00 00 00 00 00 0F 80 00 00 0A F8 00 00 10 00
 Ctrl Cmd: length 8
 00 00 00 02 00 00 00 00
 Tested: RSA-1024-sign(SHA1, pkcs1-pss)
 Tested: RSA-1024-sign(SHA1, pkcs1)
 Tested: RSA-2048-sign(SHA1, pkcs1-pss)
 Tested: RSA-2048-sign(SHA1, pkcs1)
 Tested: camellia-128
 Tested: camellia-256
 Tested: tdes
 Ctrl Rsp: length 4
 00 00 00 00
 Ctrl Cmd: length 4
 00 00 00 04
 Ctrl Rsp: length 8
 00 00 00 00 00 00 00 00
 Ctrl Cmd: length 5
 00 00 00 05 00
 Ctrl Rsp: length 4
 00 00 00 00
 SWTPM_IO_Read: length 10
 00 C1 00 00 00 0A 00 00 00 F1
 SWTPM_IO_Write: length 10
 80 01 00 00 00 0A 00 00 00 84
 SWTPM_IO_Read: length 12
 80 01 00 00 00 0C 00 00 01 44 00 00
    IsEnEnabled(0x144 = 'Startup'): 1
 SWTPM_IO_Write: length 10
 80 01 00 00 00 0A 00 00 00 00
 SWTPM_IO_Read: length 22
 80 01 00 00 00 16 00 00 01 7A 00 00 00 05 00 00
 00 00 00 00 00 01
    IsEnEnabled(0x17a = 'GetCapability'): 1
 SWTPM_IO_Write: length 43
 80 01 00 00 00 2B 00 00 00 00 00 00 00 00 05 00
 00 00 04 00 04 03 FF FF FF 00 0B 03 FF FF FF 00
 0C 03 FF FF FF 00 0D 03 FF FF FF
 SWTPM_IO_Read: length 11
 80 01 00 00 00 0B 00 00 01 43 00
    IsEnEnabled(0x143 = 'SelfTest'): 1
 SWTPM_IO_Write: length 10
 80 01 00 00 00 0A 00 00 00 00
 SWTPM_IO_Read: length 22
 80 01 00 00 00 16 00 00 01 7A 00 00 00 05 00 00
 00 00 00 00 00 01
    IsEnEnabled(0x17a = 'GetCapability'): 1
 SWTPM_IO_Write: length 43
 80 01 00 00 00 2B 00 00 00 00 00 00 00 00 05 00
 00 00 04 00 04 03 FF FF FF 00 0B 03 FF FF FF 00
 0C 03 FF FF FF 00 0D 03 FF FF FF

My gut feelings says that the firmware can access the TPM, but the operating system cannot do it anymore, somehow.
When I boot Windows 11 in VirtualBox with this swtpm setup, there happens much data TPM communication during launching the installation process, but eventually it says the system does not fit the system requirements of Win11 (Secure boot was activated, so that was not the problem).

I think it should work somehow, though. Since VirtualBox itself uses swtpm as well, and there it works. I pretty much just want to setup swtpm myself instead of letting VirtualBox doing it, such that I have full control about the logging process.

Am I missing something obvious?

[stefanberger]

I am unfortunately not familiar with VirtualBox and how they enable swtpm/vTPM. Inside the OS ACPI tables enable automatic activation of TPM drivers, so maybe something along those lines is missing there, but I am not sure. The TPM commands get all success responses, so that at least is good. I haven't heared complaints from VirtualBox so far so maybe something is amiss in your setup.

It looks like though I should indented the 'Tested' lines a bit further to not be at the same level as the Read/Write ones.

[akorb]

I figured it out! It indeed had to do with the configuration of VirtualBox and nothing with SWTPM itself. I wrote a bit more about it here: https://forums.virtualbox.org/viewtopic.php?p=552039#p552039

In short, you can get it working by telling VirtualBox to still announce the TPM via ACPI even if it is set to use an external SWTPM process with:

# Set VM to use an external SWTPM process
.\VBoxManage.exe modifyvm "VMname" --tpm-type=swtpm --tpm-location=127.0.0.1:2321
# Tell it to still announce it via ACPI
.\VBoxManage.exe setextradata "VMname" "VBoxInternal/Devices/acpi/0/Config/TpmMode" "fifo2.0"