one icon indicating copy to clipboard operation
one copied to clipboard
verified publisher icon OpenNebula

Virtual TPM Support

Open tinova opened this issue 3 years ago • 4 comments

Description

Trusted Platform Module is available in qemu through the swtpm package, and can b supported in OpenNebula

Additional Context

swtpm data needs to be moved with the VM on hypervisor host change

  • [ ] Support vTPM in VM with snapshots. Can vTPM reside on the snapshot / backup?

Progress Status

  • [x] Code committed
  • [x] Testing - QA
  • [x] Documentation (Release notes - resolved issues, compatibility, known issues)

tinova avatar Jun 30 '22 14:06 tinova

I found the way to make it working on my Debian bookworm servers with ONE 6.10.

It only miss the move of the data during migration etc.

baby-gnu avatar Nov 20 '24 18:11 baby-gnu

Some customers that want to run Windows 11 need this feature. The workarounds that have worked in the past don't work anymore. Microsoft recently (~ August 2024) released a patch to disable this. Maybe increase the priority of this issue?

hydro-b avatar Feb 26 '25 13:02 hydro-b

Hi @hydro-b, yes, this feature is next on our priority list and we hope to be able to have it in time for release 7.0.

Anyway, please don't hesitate in providing any more context that you think could be relevant (such as the previous workarounds that you mentioned, or any raw data you were passing to the template if that was the case)... any real world experience will be valuable for us to keep in mind during implementation. Thanks!

1gramos avatar Feb 26 '25 14:02 1gramos

swtpm data needs to be moved with the VM on hypervisor host change

Probably we should also cover using the same method to transfer nvram files to particular HV while hot/cold migration. Also, it requires additional testing, as it hasn't been tested yet.

ryatsyshyn avatar Jun 11 '25 13:06 ryatsyshyn