Bug 287326 - bhyve: Ubuntu guest doesn't boot with TPM emulation enabled
Summary: bhyve: Ubuntu guest doesn't boot with TPM emulation enabled
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bhyve (show other bugs)
Version: 15.0-CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-virtualization (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-06-05 18:49 UTC by Roman Bogorodskiy
Modified: 2025-09-15 16:55 UTC (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Roman Bogorodskiy freebsd_committer freebsd_triage 2025-06-05 18:49:41 UTC 
As mentioned in https://reviews.freebsd.org/D46373, I run swtpm like that:

sudo swtpm socket --tpmstate backend-uri=file:////var/run/swtpm/tpm.state --tpm2 --server type=unixio,path=/var/run/swtpm/tpm --log file=/tmp/swtmp.log --flags not-need-init --daemon

I'm trying to start an Ubuntu guest like that:

bhyve -c 2 -m 4096 -A -I -u -H -P -s 0:0,hostbridge -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd -s 2:0,xhci,tablet -s 1:0,lpc -s 3:0,ahci,hd:/data/img/ubuntu.img -s 4:0,virtio-net,tap2,mac=52:54:00:d2:8b:41 -s 5:0,fbuf,tcp=127.0.0.1:5905 -l com1,/dev/nmdm1A -l tpm,swtpm,/var/run/swtpm/tpm ubuntu

In stdout I see:

/tmp/bhyve.2Vm0B4f    873:         OperationRegion(TPP1, SystemMemory, Add(0xfed45000, Arg0), One)
Remark   2173 -                                      ^ Creation of named objects within a method is highly inefficient, use globals or method local variables instead (\_SB.TPM.TPFN)

/tmp/bhyve.2Vm0B4f    895:       Method(_DSM, 4, Serialized)
Warning  3115 -                           ^ Not all control paths return a value (\_SB.TPM._DSM)

/tmp/bhyve.2Vm0B4f    895:       Method(_DSM, 4, Serialized)
Warning  3107 -                           ^ Reserved method must return a value (Integer/String/Buffer/Package/Reference required for _DSM)

/tmp/bhyve.2Vm0B4f    985:         If(LEqual(Arg0, ToUUID("376054ED-CC13-4675-901C-4756D7F2D45D"))) /* UUID */
Remark   2184 -    

In the VM console I see it's cycling through:

BdsDxe: loading Boot0001 "UEFI BHYVE SATA DISK BHYVE-3609-D803-384E" from PciRoot(0x0)/Pci(0x3,0x0)/Sata(0x0,0xFFFF,0x0)                                                                                                                                        [0/4935]
BdsDxe: starting Boot0001 "UEFI BHYVE SATA DISK BHYVE-3609-D803-384E" from PciRoot(0x0)/Pci(0x3,0x0)/Sata(0x0,0xFFFF,0x0)
Reset System

When I start it with:

bhyve -c 2 -m 4096 -A -I -u -H -P -s 0:0,hostbridge -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd -s 2:0,xhci,tablet -s 1:0,lpc -s 3:0,ahci,hd:/data/img/ubuntu.img -s 4:0,virtio-net,tap2,mac=52:54:00:d2:8b:41 -s 5:0,fbuf,tcp=127.0.0.1:5905 -l com1,/dev/nmdm1A ubuntu

It boots fine.

Also, I've tried FreeBSD guest instead of Ubuntu, and it boots fine with TPM:

bhyve -c 2 -m 4096 -A -I -u -H -P -s 0:0,hostbridge -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,/var/lib/libvirt/bhyve/nvram/freebsd_VARS.fd -s 2:0,xhci,tablet -s 1:0,lpc -s 3:0,ahci,hd:/data/img/freebsd.img -s 4:0,virtio-net,tap2,mac=52:54:00:13:fa:59 -s 5:0,fbuf,tcp=127.0.0.1:5920 -l com1,/dev/nmdm5A -l tpm,swtpm,/var/run/swtpm/tpm freebsd

And a brief check shows that TPM works in this configuration. Is that a bug in bhyve, firmware, or Ubutnu, or something else?

BTW, running -CURRENT as of May 31th with edk2-bhyve-g202505.
Comment 1 Kyle Evans freebsd_committer freebsd_triage 2025-09-12 18:31:24 UTC 
Corvin might have more insight here, so CC'ing.  I suspect, based on briefly perusing the relevant bits of tpm_ppi_qemu.c, that the output shown is a red herring / side effect of whatever's actually causing the problem, though.
Comment 2 Corvin Köhne freebsd_committer freebsd_triage 2025-09-15 11:27:56 UTC 
The warnings on stdout are generated by iasl when converting ASL, created by bhyve, into AML. The ASL generated by bhyve was copied from QEMU and at least some of those issues are intended to workaround Windows bugs, e.g. [1].

If I get it correctly, a FreeBSD guest works fine while an Ubuntu guest fails to boot? I would try the following:

1. Enable boot logs of the Ubuntu guest and check them.
2. Use a hardware TPM if possible to make sure it's not swtpm related.

[1] https://elixir.bootlin.com/qemu/v10.1.0/source/hw/acpi/tpm.c#L66-L69
Comment 3 Roman Bogorodskiy freebsd_committer freebsd_triage 2025-09-15 16:55:08 UTC 
(In reply to Corvin Köhne from comment #2)

> If I get it correctly, a FreeBSD guest works fine while an Ubuntu guest fails to boot? I would try the following:

Yes, that's correct.

> 1. Enable boot logs of the Ubuntu guest and check them.

Any specifics on what could I enable?

In the meantime, I've been experimenting with that for a bit, and I think I get new details.

What I do:

1. sudo swtpm socket --tpmstate backend-uri=file:////var/run/swtpm/tpm.state --tpm2 --server type=unixio,path=/var/run/swtpm/tpm --log file=/tmp/swtmp.log --flags not-need-init --daemon
2. sudo bhyve -c 2 -m 4096 -A -I -u -H -P -s 0:0,hostbridge -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd -s 1:0,lpc -s 3:0,ahci,hd:/data/img/ubuntu.img -s 5:0,fbuf,tcp=127.0.0.1:5905 -l com1,stdio -l tpm,swtpm,/var/run/swtpm/tpm ubuntu

I get:

---
BdsDxe: loading Boot0001 "UEFI BHYVE SATA DISK BHYVE-3609-D803-384E" from PciRoot(0x0)/Pci(0x3,0x0)/Sata(0x0,0xFFFF,0x0)
BdsDxe: starting Boot0001 "UEFI BHYVE SATA DISK BHYVE-3609-D803-384E" from PciRoot(0x0)/Pci(0x3,0x0)/Sata(0x0,0xFFFF,0x0)
Reset System
---

Exit code is 0.

3. I run exactly the same command for the second time:

sudo bhyve -c 2 -m 4096 -A -I -u -H -P -s 0:0,hostbridge -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd -s 1:0,lpc -s 3:0,ahci,hd:/data/img/ubuntu.img -s 5:0,fbuf,tcp=127.0.0.1:5905 -l com1,stdio -l tpm,swtpm,/var/run/swtpm/tpm ubuntu

System boots fine. TPM device is visible inside of the VM. 

> 2. Use a hardware TPM if possible to make sure it's not swtpm related.

Unfortunately, I don't have hardware TPM.