// jim
On Thu, Jun 20, 2019 at 10:44 AM Mohammed Naser mnaser@vexxhost.com wrote:
On Thu, Jun 20, 2019 at 10:40 AM Jim Rollenhagen jim@jimrollenhagen.com wrote:
Hey y'all,
We have an internal use case which requires a VM with a TPM, to be used
to
store a private key. Libvirt has two ways to present a TPM to a VM:
passthrough
or emulated. Per kashyap and the #qemu IRC channel, libvirt stores the
TPM's
state on disk, unencrypted. Our risk profile includes "someone walks
away with
a disk", so this won't work for our use case.
The QEMU devs have asked for RFEs to implement vTPMs where the state
never
touches the disk, so I have hopes that this will be done eventually.
However, I suspect that this will still take some time, especially as
nobody
has volunteered to actually do the work yet. So, I'd like to propose we implement TPM passthrough in Nova. My team is happy to do the work, but
I'd
love some guidance as to the best way to implement this so we can get a
spec
done (I assume it's "just another resource class"?).
https://wiki.qemu.org/Features/TPM
Would it be using this? I'm just trying to gauge out what TPM passthrough involves out of personal curiosity.
Yes, though I think those notes are from before it was implemented.
Here's the libvirt XML to make it work: https://libvirt.org/formatdomain.html#elementsTpm
I assume we'd just translate a TPM resource class in the flavor to this XML, but I'm hoping a nova developer can confirm this. :)
// jim