Fortinet black logo

Administration Guide

Appendix C: Installing vTPM package on KVM and adding vTPM to FortiPAM-VM

Appendix C: Installing vTPM package on KVM and adding vTPM to FortiPAM-VM

For added security when installing FortiPAM on KVM, vTPM package must be installed, and vTPM added to the FortiPAM-VM.

To install vTPM package on KVM (Ubuntu):
  1. In the command line, enter the following commands:

    mkdir TPM_WorkSpace

    cd TPM_WorkSpace/

    git clone https://git.seabios.org/seabios.git

    git clone https://github.com/stefanberger/libtpms.git

    ls

    cd libtpms

    sudo apt-get -y install automake autoconf libtool gcc build-essential libssl-dev dh-exec pkg-config gawk

    ./autogen.sh --with-openssl --with-tpm2

    make dist

    dpkg-buildpackage -us -uc -j$(nproc)

    cd ..

    ls

    sudo dpkg -i libtpms0_0.10.0~dev1_amd64.deb libtpms-dev_0.10.0~dev1_amd64.deb

    git clone https://github.com/stefanberger/swtpm.git

    cd swtpm

    sudo su

    ln -s /dev/null /etc/systemd/system/trousers.service

    exit

    sudo apt-get -y install libfuse-dev libglib2.0-dev libgmp-dev expect libtasn1-dev socat tpm-tools python3-twisted gnutls-dev gnutls-bin softhsm2 libseccomp-dev dh-apparmor libjson-glib-dev

    dpkg-buildpackage -us -uc -j$(nproc)

    dpkg -i swtpm_0.8.0~dev1_amd64.deb swtpm-dev_0.8.0~dev1_amd64.deb swtpm-libs_0.8.0~dev1_amd64.deb swtpm-tools_0.8.0~dev1_amd64.deb

To add vTPM when creating a FortiPAM-VM:
  1. Deploy FortiPAM, see Appendix A: Installation on KVM.
  2. Before opening the virtual machine for the first time, in the Virt-manager application, click Add Hardware.
  3. From the menu, select TPM.
  4. In the Details tab:
    1. In Model, select CRB.
    2. In Backend, select Emulated device.
    3. In Version, select 2.0.
    4. Click Finish.

    5. This adds TPM v2.0 to the list of hardware devices on the left.

Appendix C: Installing vTPM package on KVM and adding vTPM to FortiPAM-VM

For added security when installing FortiPAM on KVM, vTPM package must be installed, and vTPM added to the FortiPAM-VM.

To install vTPM package on KVM (Ubuntu):
  1. In the command line, enter the following commands:

    mkdir TPM_WorkSpace

    cd TPM_WorkSpace/

    git clone https://git.seabios.org/seabios.git

    git clone https://github.com/stefanberger/libtpms.git

    ls

    cd libtpms

    sudo apt-get -y install automake autoconf libtool gcc build-essential libssl-dev dh-exec pkg-config gawk

    ./autogen.sh --with-openssl --with-tpm2

    make dist

    dpkg-buildpackage -us -uc -j$(nproc)

    cd ..

    ls

    sudo dpkg -i libtpms0_0.10.0~dev1_amd64.deb libtpms-dev_0.10.0~dev1_amd64.deb

    git clone https://github.com/stefanberger/swtpm.git

    cd swtpm

    sudo su

    ln -s /dev/null /etc/systemd/system/trousers.service

    exit

    sudo apt-get -y install libfuse-dev libglib2.0-dev libgmp-dev expect libtasn1-dev socat tpm-tools python3-twisted gnutls-dev gnutls-bin softhsm2 libseccomp-dev dh-apparmor libjson-glib-dev

    dpkg-buildpackage -us -uc -j$(nproc)

    dpkg -i swtpm_0.8.0~dev1_amd64.deb swtpm-dev_0.8.0~dev1_amd64.deb swtpm-libs_0.8.0~dev1_amd64.deb swtpm-tools_0.8.0~dev1_amd64.deb

To add vTPM when creating a FortiPAM-VM:
  1. Deploy FortiPAM, see Appendix A: Installation on KVM.
  2. Before opening the virtual machine for the first time, in the Virt-manager application, click Add Hardware.
  3. From the menu, select TPM.
  4. In the Details tab:
    1. In Model, select CRB.
    2. In Backend, select Emulated device.
    3. In Version, select 2.0.
    4. Click Finish.

    5. This adds TPM v2.0 to the list of hardware devices on the left.