On onsdag 29 augusti 2018 kl. 15:37:47 EEST Alvin Starr wrote:> You could try using Xen. > A quick search implies that Xen from 4.3 onward will virtualize TPM. > I am not sure if the libvirt drivers for xen will support the feature > but some work around may be possible.Nice attitude and helpfulness in this list! Just had a look and it doesn't seem to be that an intrusive change going from QEMU to XEN. pacemaker,corosync and libvirt all seem to isolate the engine and most settings should work as is. Anyone here with an experience in transitioning QEMU -> XEN ? Best Dag
On Wed, 29 Aug 2018 at 10:25, Dag Nygren <dag at newtech.fi> wrote:> > On onsdag 29 augusti 2018 kl. 15:37:47 EEST Alvin Starr wrote: > > > You could try using Xen. > > A quick search implies that Xen from 4.3 onward will virtualize TPM. > > I am not sure if the libvirt drivers for xen will support the feature > > but some work around may be possible. > > Nice attitude and helpfulness in this list! > > Just had a look and it doesn't seem to be that an intrusive > change going from QEMU to XEN. > > pacemaker,corosync and libvirt all seem to isolate > the engine and most settings should work as is. > > Anyone here with an experience in transitioning QEMU -> XEN ? >That is a major change. Xen uses a model of [Hardware] <- [Xen MK] -> [Domain0] -> [Domain1] ... and Qemu [Hardware] <- [Linux] -> [Qemu] -> [Domain1] -> [Domain2] This isn't earth shattering and the other tools you mentioned are passive about using one or the other. In either case though access to the TPM is not easy. http://www.cse.psu.edu/~pdm12/cse544/slides/cse544-schiffman-vTPM.pdf goes through some of the problems. You need to be aware of the limitations of the specific TPM your hardware has, and what you are giving up in the trust model with any vTPM [aka your virtual machine can't move from its server, your TPM isn't real and can possibly looked at by other guests, etc etc.]> Best > Dag > > > _______________________________________________ > CentOS-virt mailing list > CentOS-virt at centos.org > https://lists.centos.org/mailman/listinfo/centos-virt-- Stephen J Smoogen. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20180829/343106eb/attachment.html>
On onsdag 29 augusti 2018 kl. 17:39:18 EEST Stephen John Smoogen wrote:> On Wed, 29 Aug 2018 at 10:25, Dag Nygren <dag at newtech.fi> wrote:> > Anyone here with an experience in transitioning QEMU -> XEN ?> http://www.cse.psu.edu/~pdm12/cse544/slides/cse544-schiffman-vTPM.pdf goes > through some of the problems.Yes, I had a look at that earlier and it seems XEN has solved most of the problems> You need to be aware of the limitations of > the specific TPM your hardware has, and what you are giving up in the trust > model with any vTPM [aka your virtual machine can't move from its server, > your TPM isn't real and can possibly looked at by other guests, etc etc.]Couldn't find anything on the issue of migration of the VM, but I thought that Xen has that one also taken care of? (Exporting and importing keys) Am I completely wrong here? Best Dag