Stefan Berger
Stefan Berger
UPDATE: LIBVIRT WILL NEED TO BE MODIFIED. YOU CANNOT USE THIS PATCH. The patch to apply to this branch to **simulate** `--migration incoming,release-lock-outgoing` on the command line and use it...
This is a bit of a concern -- very difficult/almost impossible to test and trigger and verify in a real-world scenario: ``` When migrating a VM the migration may fail...
libvirt support for shared storage is here: https://github.com/stefanberger/libvirt-tpm/tree/master%2Bswtpm_shared_storage.v1 I'll post these patches on the libvirt mailing list soon.
> When invoking swtpm_setup to provision a new VTPM instance for a KVM guest, libvirt passes the --create-ek-cert and --create-platform-cert options. While they are on disk temporarily as output from...
So what is needed for this issue? At least when using keylime I think we wouldn't need anything.
> The `swtpm_setup --write-ek-cert-files` option can be used if provisioning a new VM, but what equivalent do we have if that's not the case ? For example, on an incoming...
> IIUC, in a common public cloud environment the CA cert used for signing the vTPM certs is going to common across every VM the cloud creates. IOW, different tenants...
> > > IIUC, in a common public cloud environment the CA cert used for signing the vTPM certs is going to common across every VM the cloud creates. IOW,...
SHA3: `grep -r SHA3_ /usr/include/openssl/ ` or `openssl dgst --list | grep sha3` SM2: `grep -r SM2 /usr/include/openssl/` SM3: `grep -r SM3 /usr/include/openssl/` or `openssl dgst --list | grep sm3`...
Thanks for the PR. I wonder whether a backport-able easy patch wouldn't just be ``` #ifdef printf #undef printf #endif ``` I would apply this one first before yours...