On Thu, Jun 20, 2019 at 10:40 AM Jim Rollenhagen <jim@jimrollenhagen.com> wrote:
>
> Hey y'all,
>
> We have an internal use case which requires a VM with a TPM, to be used to
> store a private key. Libvirt has two ways to present a TPM to a VM: passthrough
> or emulated. Per kashyap and the #qemu IRC channel, libvirt stores the TPM's
> state on disk, unencrypted. Our risk profile includes "someone walks away with
> a disk", so this won't work for our use case.
>
> The QEMU devs have asked for RFEs to implement vTPMs where the state never
> touches the disk, so I have hopes that this will be done eventually.
>
> However, I suspect that this will still take some time, especially as nobody
> has volunteered to actually do the work yet. So, I'd like to propose we
> implement TPM passthrough in Nova. My team is happy to do the work, but I'd
> love some guidance as to the best way to implement this so we can get a spec
> done (I assume it's "just another resource class"?).
https://wiki.qemu.org/Features/TPM
Would it be using this? I'm just trying to gauge out what TPM passthrough
involves out of personal curiosity.
Yes, though I think those notes are from before it was implemented.
Here's the libvirt XML to make it work:
https://libvirt.org/formatdomain.html#elementsTpmI assume we'd just translate a TPM resource class in the flavor to this XML,
but I'm hoping a nova developer can confirm this. :)
// jim