[PATCH v2 0/9] qemu: tpm: Add support for migration across shared storage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This series of patches adds support for migrating vTPMs across hosts whose
storage has been set up to share the directory structure holding the state
of the TPM (swtpm). A new migration flag VIR_MIGRATE_TPM_SHARED_STORAGE is
added to enable this. This flag influences the management of the directory
structure holding the TPM state, which for example is only removed when a
domain is undefined and not when a VM is removed on the migration source
host. Further, when shared storage is used then security labeling on the
destination side is skipped assuming that the labeling was already done on
the source side.

I have tested this with an NFS setup where I had to turn SELinux off on
the hosts since the SELinux MLS range labeling is not supported by NFS.

Shared storage migration requires (upcoming) swtpm v0.8.

   Stefan

Stefan Berger (9):
  util: Add parsing support for swtpm's cmdarg-migration capability
  qemu: Introduced VIR_MIGRATE_TPM_SHARED_STORAGE for TPM migration
  qemu: tpm: Conditionally create storage on incoming migration
  qemu: tpm: Pass --migration option to swtpm if supported
  qemu: tpm: Avoid security labels on incoming migration with shared
    storage
  qemu: tpm: Require UNDEFINE_TPM to be set to remove TPM state
  qemu: tpm: Determine whether to remove TPM state during migration
  qemu: tpm: Enable migration with VIR_MIGRATE_TPM_SHARED_STORAGE
  virsh: Add support for --tpm-shared-storage flag for migration

 docs/manpages/virsh.rst          |  6 +++
 include/libvirt/libvirt-domain.h |  8 +++
 src/conf/domain_conf.h           |  1 +
 src/qemu/qemu_driver.c           |  4 +-
 src/qemu/qemu_extdevice.c        |  5 +-
 src/qemu/qemu_extdevice.h        |  3 +-
 src/qemu/qemu_migration.c        | 23 +++++++--
 src/qemu/qemu_migration.h        |  1 +
 src/qemu/qemu_process.c          | 10 ++--
 src/qemu/qemu_process.h          |  6 ++-
 src/qemu/qemu_saveimage.c        |  2 +-
 src/qemu/qemu_snapshot.c         |  4 +-
 src/qemu/qemu_tpm.c              | 87 ++++++++++++++++++++++++++++----
 src/qemu/qemu_tpm.h              | 24 ++++++++-
 src/util/virtpm.c                |  1 +
 src/util/virtpm.h                |  1 +
 tools/virsh-domain.c             |  7 +++
 17 files changed, 164 insertions(+), 29 deletions(-)

-- 
2.37.3
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux