Hi Melanie, Thanks for correcting this issue. René On Mon, Nov 3, 2025 at 9:26 PM melanie witt <melwittt@gmail.com> wrote:
On 11/3/25 07:09, Rene Ribaud wrote:
[...]
#### vTPM Live Migration ####
The team reviewed how to handle TPM secret security policies during instance operations. Changing the assigned policy during resize is not supported, as it adds complexity and can lead to image/flavor conflicts. Rebuilds are already blocked for vTPM instances, so once a policy is set via resize, it remains locked in. Existing instances from previous releases are unaffected.
✅ Do not allow changing the TPM secret security policy after assignment. ✅ Remove the option to select the policy from the image for simplicity. ✅ Default policy is “user”, but compute nodes support all policies by default. ✅ Document in the spec and release notes that deployers must define flavors with |hw:tpm_secret_security| if they want to enable this. ✅ Mention that |[libvirt]supported_tpm_secret_security = ['user', 'host', 'deployment']| can be adjusted by operators.
[...]
Just a small correction to the summary here.
We agreed to _enable_ changing the assigned TPM secret security policy via resize for both pre-existing and new instances. Removing the ability to select the policy from the image lets us avoid flavor/image conflict issues.
Cheers, -melwitt