bashNinja Posted August 9, 2017 Share Posted August 9, 2017 I would like to request that you enable TPM features within UnRAID. This will allow me to run secure and fully encrypted VMs without fear that a stolen system will leak important data. Use case: Use TPM enabled Bitlocker for a Windows 10 UnRAID virtual machine. Use case 2: At some future point, maybe unRaid would like to run encrypted. This would allow a secure method of encrypting the filesystem. In my specific case, I would like to enable BitLocker for a Windows 10 UnRAID vm. 1) Virtual machines in UnRAID use KVM. Source: http://lime-technology.com/unraid-6-virtualization-update/ 2) TPM passthrough is possible in KVM. Source: http://wiki.qemu.org/Features/TPM 3) It's fairly simple to add TPM to the XML Source: https://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/Virtualization_Deployment_and_Administration_Guide/section-libvirt-dom-xml-tpm-device.html I have run this within my proxmox server (KVM based) and it works quite well. Can you enable TPM support to UnRAID? CONFIG_TCG_TPM=y Thank you. Quote Link to comment
CHBMB Posted August 13, 2017 Share Posted August 13, 2017 @bashNinja If you want to create a test version of Unraid with this activated in the kernel then you can use my scripts. For v6.4 (Hash out line 44 or it will pull a .config for the DVB builds) Then you'll need to rename bzmodules-new and bzfirmware-new and replace your existing ones. This should work as long as the TPM features only install into either modules or firmware. For v6.3 (Has out line 44 or it will pull a .config for the DVB builds) then run this script (hashing out lines 22-26). Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.