Hi, I would like to clarify how to make snapshots of running VMs with emulated TPM devices. As far as I understand QEMU documentation, it's possible to make snapshots of running VMs with TPM, but it's important to retain the state of swtpm. Does libvirt assist with that in any way or is it completely user's responsibility? libvirt pauses the VM internally when making a snapshot, which should be the right moment to copy the swtpm data, but the user doesn't have control over it. Is there a way to make a copy of swtpm data that is guaranteed to be consistent with the snapshot? Thank you, Milan
Milan Zamazal <mzamazal@redhat.com> writes:> Hi, > > I would like to clarify how to make snapshots of running VMs with > emulated TPM devices. As far as I understand QEMU documentation, it's > possible to make snapshots of running VMs with TPM, but it's important > to retain the state of swtpm. Does libvirt assist with that in any way > or is it completely user's responsibility? libvirt pauses the VM > internally when making a snapshot, which should be the right moment to > copy the swtpm data, but the user doesn't have control over it. Is > there a way to make a copy of swtpm data that is guaranteed to be > consistent with the snapshot?No idea?> Thank you, > Milan
On Thu, Jul 09, 2020 at 14:14:32 +0200, Milan Zamazal wrote:> Milan Zamazal <mzamazal@redhat.com> writes: > > > Hi, > > > > I would like to clarify how to make snapshots of running VMs with > > emulated TPM devices. As far as I understand QEMU documentation, it's > > possible to make snapshots of running VMs with TPM, but it's important > > to retain the state of swtpm. Does libvirt assist with that in any way > > or is it completely user's responsibility? libvirt pauses the VM > > internally when making a snapshot, which should be the right moment to > > copy the swtpm data, but the user doesn't have control over it. Is > > there a way to make a copy of swtpm data that is guaranteed to be > > consistent with the snapshot? > > No idea?I can comment only on the fact that libvirt doesn't do anything regarding snapshots on a VM with TPM.