Appendix C: Installing vTPM package on KVM and adding vTPM to FortiPAM-VM
For added security when installing FortiPAM on KVM, vTPM package must be installed, and vTPM added to the FortiPAM-VM.
To install vTPM package on KVM (Ubuntu):
-
In the command line, enter the following commands:
mkdir TPM_WorkSpace
cd TPM_WorkSpace/
git clone https://git.seabios.org/seabios.git
git clone https://github.com/stefanberger/libtpms.git
ls
cd libtpms
sudo apt-get -y install automake autoconf libtool gcc build-essential libssl-dev dh-exec pkg-config gawk
./autogen.sh --with-openssl --with-tpm2
make dist
dpkg-buildpackage -us -uc -j$(nproc)
cd ..
ls
sudo dpkg -i libtpms0_0.10.0~dev1_amd64.deb libtpms-dev_0.10.0~dev1_amd64.deb
git clone https://github.com/stefanberger/swtpm.git
cd swtpm
sudo su
ln -s /dev/null /etc/systemd/system/trousers.service
exit
sudo apt-get -y install libfuse-dev libglib2.0-dev libgmp-dev expect libtasn1-dev socat tpm-tools python3-twisted gnutls-dev gnutls-bin softhsm2 libseccomp-dev dh-apparmor libjson-glib-dev
dpkg-buildpackage -us -uc -j$(nproc)
dpkg -i swtpm_0.8.0~dev1_amd64.deb swtpm-dev_0.8.0~dev1_amd64.deb swtpm-libs_0.8.0~dev1_amd64.deb swtpm-tools_0.8.0~dev1_amd64.deb
To add vTPM when creating a FortiPAM-VM:
- Deploy FortiPAM, see Appendix A: Installation on KVM.
- Before opening the virtual machine for the first time, in the Virt-manager application, click Add Hardware.
- From the menu, select TPM.
- In the Details tab:
- In Model, select CRB.
- In Backend, select Emulated device.
- In Version, select 2.0.
- Click Finish.
This adds TPM v2.0 to the list of hardware devices on the left.