[PATCH 0/7] qemu: tpm: Add support for migration across shared storage

Stefan Berger stefanb at linux.ibm.com
Mon Aug 22 12:05:47 UTC 2022 

This series of patches adds support for migrating vTPMs across hosts whose
storage has been set up to share the directory structure holding the state
of the TPM (swtpm). The domain XML is extended with a shared_storage
attribute that must be set to 'yes' when shared storage is used. It
influences the management of the directory structure holding the TPM state,
which for example is only to be removed when a domain is undefined (virsh
undefine) and not when a VM is removed on the migration source host.
Further, when shared storage is used security labeling on the destination
side is skipped assuming that the labeling was already done on the source
side.

I have tested this with an NFS setup where I had to turn SELinux off on
the hosts since the SELinux MLS range labeling is not supported.

Share storage migration requires the upcoming swtpm v0.8 with the PR
for shared storage merged: https://github.com/stefanberger/swtpm/pull/732

   Stefan

Stefan Berger (7):
  qemu: tpm: Pass parameter indicating reason for domain removal
  util: Add parsing support for swtpm's cmdarg-migration capability
  qemu: tpm: Conditionally create storage on incoming migration
  qemu: tpm: Pass --migration option to swtpm when using shared storage
  qemu: tpm: Avoid security labels on incoming migration with shared
    storage
  qemu: tpm: Remove TPM state files and directory only when undefining a
    VM
  qemu: config: Extend TPM domain XML with shared storage support

 docs/formatdomain.rst             | 16 ++++++++
 src/conf/domain_conf.c            | 13 +++++++
 src/conf/domain_conf.h            |  1 +
 src/conf/schemas/domaincommon.rng |  5 +++
 src/qemu/qemu_domain.c            | 12 +++---
 src/qemu/qemu_domain.h            |  8 +++-
 src/qemu/qemu_driver.c            | 20 +++++-----
 src/qemu/qemu_extdevice.c         |  5 ++-
 src/qemu/qemu_extdevice.h         |  3 +-
 src/qemu/qemu_migration.c         | 13 ++++---
 src/qemu/qemu_process.c           |  4 +-
 src/qemu/qemu_snapshot.c          |  4 +-
 src/qemu/qemu_tpm.c               | 61 ++++++++++++++++++++++++++-----
 src/qemu/qemu_tpm.h               |  3 +-
 src/util/virtpm.c                 |  1 +
 src/util/virtpm.h                 |  1 +
 16 files changed, 131 insertions(+), 39 deletions(-)

-- 
2.37.1

More information about the libvir-list mailing list