February 6, 201610 yr Wanted to sanity check my theory that one could successfully passthrough a TPM module to a virtual machine inside the UnRAID environment before I went ahead and bought one. I am brand new to UnRAID (about to buy a license in a couple days once I set up my VM and my extra drives come in), so please forgive me if this is a dumb question. Use case: Use TPM enabled Bitlocker for a Windows 10 UnRAID virtual machine. Assumptions: 1) Virtual machines in UnRAID use KVM. Source: http://lime-technology.com/unraid-6-virtualization-update/ 2) TPM passthrough is possible in KVM. Source: https://devopsjedi.com/index.php/2015/09/02/trusted-platform-module-pass-through-for-windows-guest-on-kvm/ I would really appreciate confirmation that my logic is sound and that TPM passthrough is possible. Also, if anyone could provide some guidance as to how to do it (tested or untested) I would be eternally grateful. I will happily post back results when/if I get it working.
October 30, 20169 yr Hello, I search also for this why no one answer ? no solution for unraid to use TPM ? Greetings
November 1, 20169 yr Hi guys, I've not looked into this before and I'm not sure that many of our users would have a use-case for it, which is why no one has replied yet. That being said, unRAID does use both KVM and QEMU and according to the QEMU project, there is support for TPM pass through (http://wiki.qemu.org/Features/TPM). Further research suggests there were issues with this in QEMU that existing up until recently (https://bugzilla.redhat.com/show_bug.cgi?id=1281413) but at this point, it seems those issues have been resolved. As far as how to do it, the first step is to identify the XML code required to pass through the TPM: http://libvirt.org/formatdomain.html#elementsTpm You'll need to insert that code into your VM's XML configuration manually (from the VMs tab, edit your VM in XML mode).
November 17, 20169 yr Hi guys, I've not looked into this before and I'm not sure that many of our users would have a use-case for it, which is why no one has replied yet. That being said, unRAID does use both KVM and QEMU and according to the QEMU project, there is support for TPM pass through (http://wiki.qemu.org/Features/TPM). Further research suggests there were issues with this in QEMU that existing up until recently (https://bugzilla.redhat.com/show_bug.cgi?id=1281413) but at this point, it seems those issues have been resolved. As far as how to do it, the first step is to identify the XML code required to pass through the TPM: http://libvirt.org/formatdomain.html#elementsTpm You'll need to insert that code into your VM's XML configuration manually (from the VMs tab, edit your VM in XML mode). Hello, Thanks i tryed with XML also with qemu XML command line etc but not work. Often say in the VM log tpm not accessable or with XML <tpm> the VM not start at start in VM Log say after click at start that shutting down ..... Where i can see bette rlog because also at unraid system logs etc no error about TPM or whats wrong because VM not start only say shutting down Can post error if it help. Regards
September 6, 20178 yr Hello, I gave a shot myself editing the XML code however with little luck. What would be a suitable location to ask someone to take a look at this issue? Thanks in advance for a reply.
February 14, 20188 yr I also am getting this error, unRaid 6.4.1 appears to not add the TPM to the dev folder, and so there is nothing to pass through into the VM...
February 14, 20188 yr Note that a huge number of TPM are affected by a big security issue which have made Microsoft introduce software-based solutions instead of relying on the insecure TPM hardware.
February 21, 20188 yr I see that, mine is for an Asus board, they apparently use Infineon TPM chips... Throwing these links here for those interested: https://www.asus.com/us/supportonly/TPM/HelpDesk_Download/ https://www.infineon.com/cms/en/product/promopages/tpm-update/ https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012
Archived
This topic is now archived and is closed to further replies.