How to use swtpm_cert for QEMU to mock another PCs TPM EK Cert? #834
-
|
Title says it all |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
You can run swtpm_cert via swtpm_setup: https://github.com/stefanberger/swtpm/wiki/Certificates-created-by-swtpm_setup#tpm-2-certificates |
Beta Was this translation helpful? Give feedback.
-
|
I don't think I worded it correctly so let me explain what I am trying to do: I am trying to clone/dump a existing TPM chip into QEMU so that I can show QEMU it is running a HP ProBook, so I can see if I can get Autopilot to catch it, it seems the TPM is one of the things it needs. However, it seems to do that I need a private key (signkey.pem) in /var/lib/swtpm-localca/ which is where I am lost. I already changed everything else, its just TPM. |
Beta Was this translation helpful? Give feedback.
-
|
Since you don't have access to the CA of the TPM manufacturer you will not be able to create an EK cert with the signature of the manufacturer's (well known) CA. Also, you cannot just reuse the EK cert of the hardware TPM because you would be missing the corresponding EK private key. |
Beta Was this translation helpful? Give feedback.
Since you don't have access to the CA of the TPM manufacturer you will not be able to create an EK cert with the signature of the manufacturer's (well known) CA. Also, you cannot just reuse the EK cert of the hardware TPM because you would be missing the corresponding EK private key.