bhyve + swtpm + W11

Reply: Jonathan Vasquez : "Re: bhyve + swtpm + W11"
Reply: infoomatic : "Re: bhyve + swtpm + W11"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Andrea Venturoli <ml_at_netfence.it>
Date: Thu, 27 Nov 2025 14:30:58 UTC
Hello.

I'm hitting my head on this, but cannot make it work.

Is it expected to work or am I just wasting my time?


FreeBSD 14.3/amd64
edk2-bhyve-g202308_5
vm-bhyve-1.6.2_1

  bye & Thanks
	av.


P.S.
In case someone is interested in the details:
vmbhyve starts bhyve with:
> bhyve options: -c 3,sockets=1,cores=3,threads=1 -m 4G -AHPw -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd -l tpm,swtpm,/var/run/swtpm/tpm -k 
> /zroot/vm/eserver/bhyve.conf -U f753439f-bffa-11e8-b279-a4bf0142162f]
> bhyve devices: -s 0,hostbridge -s 31,lpc -s 4:0,virtio-blk,/dev/zvol/zroot/vm/eserver/disk0,sectorsize=512 -s 5:0,virtio-net,tap0,mac=58:9c:fc:00:11:65
>  -s 6:0,fbuf,tcp=192.168.XXX.1:25900 -s 7:0,xhci,tablet]

Windows sees the TPM device but says it cannot be started (code 10) due 
to a protocol error.

In bhyve.log I see:
> /tmp/bhyve.z4HOkg5    873:         OperationRegion(TPP1, SystemMemory, Add(0xfed45000, Arg0), One)
> Remark   2173 -                                      ^ Creation of named objects within a method is highly inefficient, use globals or method local variables instead (\_S
> B.TPM.TPFN)
> 
> /tmp/bhyve.z4HOkg5    895:       Method(_DSM, 4, Serialized)
> Warning  3115 -                           ^ Not all control paths return a value (\_SB.TPM._DSM)
> 
> /tmp/bhyve.z4HOkg5    895:       Method(_DSM, 4, Serialized)
> Warning  3107 -                           ^ Reserved method must return a value (Integer/String/Buffer/Package/Reference required for _DSM)
> 
> /tmp/bhyve.z4HOkg5    985:         If(LEqual(Arg0, ToUUID("376054ED-CC13-4675-901C-4756D7F2D45D"))) /* UUID */
> Remark   2184 -                                                           Unknown UUID string ^ 
> 
> bhyve: tpm_swtpm_execute_cmd: rsp read failed (bytes read: 4 / 3968): No error: 0
> bhyve: tpm_crb_mem_handler: cancelling a TPM command is not implemented yet
> bhyve: tpm_swtpm_execute_cmd: rsp read failed (bytes read: 4 / 3968): No error: 0
> bhyve: tpm_crb_mem_handler: cancelling a TPM command is not implemented yet
> bhyve: tpm_swtpm_execute_cmd: rsp read failed (bytes read: 4 / 3968): No error: 0

In swtpm logs:
>  Ctrl Cmd: length 12
>  80 01 00 00 00 0C 00 00 01 44 00 00 
> Error: Unknown command: 0x80010000
>  Ctrl Rsp: length 4
>  00 00 00 0A 
>  Ctrl Cmd: length 22
>  80 01 00 00 00 16 00 00 01 7A 00 00 00 06 00 00 
>  01 00 00 00 00 2A 
> Error: Unknown command: 0x80010000
>  Ctrl Rsp: length 4
>  00 00 00 0A 
>  Ctrl Cmd: length 22
>  80 01 00 00 00 16 00 00 01 7A 00 00 00 06 00 00 
>  01 00 00 00 00 2A 
> Error: Unknown command: 0x80010000
>  Ctrl Rsp: length 4
>  00 00 00 0A 




This looks possibly like:
> https://github.com/stefanberger/swtpm/issues/1069

That's for a different platform however and I have no idea how to "port" 
those info to bhyve.



I have no previous experiences with swtpm (and I find it hard to get a 
good howto/tutorial); TPM passthrough works for me (but obviously not on 
machines without TPM).