Re: bhyve + swtpm + W11
- Reply: Andrea Venturoli : "Re: bhyve + swtpm + W11"
- In reply to: Andrea Venturoli : "bhyve + swtpm + W11"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 27 Nov 2025 22:57:46 UTC
Hi,
I could not get it to work on an already installed windows VM - I am not
sure this is a FreeBSD/swtpm issue.
On a fresh install I have had no issue.
my config:
bhyve_options="-l tpm,swtpm,/tmp/.bhyve.tpm.win11.sock"
prestart="tpm.sh"
and with tpm.sh:
#!/bin/sh
SOCKET="/tmp/.bhyve.tpm.win11.sock"
if [ ! -S "$SOCKET" ]; then
nohup swtpm socket --tpmstate
backend-uri=file:///evo/vms/win11/tpm.state --server
type=unixio,path="$SOCKET" --tpm2 --flags not-need-init &
fi
hth,
Robert
On 27.11.25 15:30, Andrea Venturoli wrote:
> Hello.
>
> I'm hitting my head on this, but cannot make it work.
>
> Is it expected to work or am I just wasting my time?
>
>
> FreeBSD 14.3/amd64
> edk2-bhyve-g202308_5
> vm-bhyve-1.6.2_1
>
> bye & Thanks
> av.
>
>
> P.S.
> In case someone is interested in the details:
> vmbhyve starts bhyve with:
>> bhyve options: -c 3,sockets=1,cores=3,threads=1 -m 4G -AHPw -l
>> bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd -l tpm,swtpm,/
>> var/run/swtpm/tpm -k /zroot/vm/eserver/bhyve.conf -U f753439f-
>> bffa-11e8-b279-a4bf0142162f]
>> bhyve devices: -s 0,hostbridge -s 31,lpc -s 4:0,virtio-blk,/dev/zvol/
>> zroot/vm/eserver/disk0,sectorsize=512 -s 5:0,virtio-
>> net,tap0,mac=58:9c:fc:00:11:65
>> -s 6:0,fbuf,tcp=192.168.XXX.1:25900 -s 7:0,xhci,tablet]
>
> Windows sees the TPM device but says it cannot be started (code 10) due
> to a protocol error.
>
> In bhyve.log I see:
>> /tmp/bhyve.z4HOkg5 873: OperationRegion(TPP1, SystemMemory,
>> Add(0xfed45000, Arg0), One)
>> Remark 2173 - ^ Creation of
>> named objects within a method is highly inefficient, use globals or
>> method local variables instead (\_S
>> B.TPM.TPFN)
>>
>> /tmp/bhyve.z4HOkg5 895: Method(_DSM, 4, Serialized)
>> Warning 3115 - ^ Not all control paths
>> return a value (\_SB.TPM._DSM)
>>
>> /tmp/bhyve.z4HOkg5 895: Method(_DSM, 4, Serialized)
>> Warning 3107 - ^ Reserved method must
>> return a value (Integer/String/Buffer/Package/Reference required for
>> _DSM)
>>
>> /tmp/bhyve.z4HOkg5 985: If(LEqual(Arg0, ToUUID("376054ED-
>> CC13-4675-901C-4756D7F2D45D"))) /* UUID */
>> Remark 2184 -
>> Unknown
>> UUID string ^
>> bhyve: tpm_swtpm_execute_cmd: rsp read failed (bytes read: 4 / 3968):
>> No error: 0
>> bhyve: tpm_crb_mem_handler: cancelling a TPM command is not
>> implemented yet
>> bhyve: tpm_swtpm_execute_cmd: rsp read failed (bytes read: 4 / 3968):
>> No error: 0
>> bhyve: tpm_crb_mem_handler: cancelling a TPM command is not
>> implemented yet
>> bhyve: tpm_swtpm_execute_cmd: rsp read failed (bytes read: 4 / 3968):
>> No error: 0
>
> In swtpm logs:
>> Ctrl Cmd: length 12
>> 80 01 00 00 00 0C 00 00 01 44 00 00 Error: Unknown command: 0x80010000
>> Ctrl Rsp: length 4
>> 00 00 00 0A Ctrl Cmd: length 22
>> 80 01 00 00 00 16 00 00 01 7A 00 00 00 06 00 00 01 00 00 00 00 2A
>> Error: Unknown command: 0x80010000
>> Ctrl Rsp: length 4
>> 00 00 00 0A Ctrl Cmd: length 22
>> 80 01 00 00 00 16 00 00 01 7A 00 00 00 06 00 00 01 00 00 00 00 2A
>> Error: Unknown command: 0x80010000
>> Ctrl Rsp: length 4
>> 00 00 00 0A
>
>
>
>
> This looks possibly like:
>> https://github.com/stefanberger/swtpm/issues/1069
>
> That's for a different platform however and I have no idea how to "port"
> those info to bhyve.
>
>
>
> I have no previous experiences with swtpm (and I find it hard to get a
> good howto/tutorial); TPM passthrough works for me (but obviously not on
> machines without TPM).
>
>