On Thu, Jul 09, 2020 at 14:14:32 +0200, Milan Zamazal wrote:> Milan Zamazal <mzamazal@redhat.com> writes: > > > Hi, > > > > I would like to clarify how to make snapshots of running VMs with > > emulated TPM devices. As far as I understand QEMU documentation, it's > > possible to make snapshots of running VMs with TPM, but it's important > > to retain the state of swtpm. Does libvirt assist with that in any way > > or is it completely user's responsibility? libvirt pauses the VM > > internally when making a snapshot, which should be the right moment to > > copy the swtpm data, but the user doesn't have control over it. Is > > there a way to make a copy of swtpm data that is guaranteed to be > > consistent with the snapshot? > > No idea?I can comment only on the fact that libvirt doesn't do anything regarding snapshots on a VM with TPM.
Peter Krempa <pkrempa@redhat.com> writes:> On Thu, Jul 09, 2020 at 14:14:32 +0200, Milan Zamazal wrote: >> Milan Zamazal <mzamazal@redhat.com> writes: >> > >> > Hi, >> > >> > I would like to clarify how to make snapshots of running VMs with >> > emulated TPM devices. As far as I understand QEMU documentation, it's >> > possible to make snapshots of running VMs with TPM, but it's important >> > to retain the state of swtpm. Does libvirt assist with that in any way >> > or is it completely user's responsibility? libvirt pauses the VM >> > internally when making a snapshot, which should be the right moment to >> > copy the swtpm data, but the user doesn't have control over it. Is >> > there a way to make a copy of swtpm data that is guaranteed to be >> > consistent with the snapshot? >> >> No idea? > > I can comment only on the fact that libvirt doesn't do anything > regarding snapshots on a VM with TPM.Thank you for the confirmation. Can anybody confirm there is no way to perform custom actions while a VM is frozen by libvirt when making a memory snapshot, before we start thinking about workarounds and/or filing a RFE? Thanks, Milan
On Thu, Jul 09, 2020 at 17:54:23 +0200, Milan Zamazal wrote:> Peter Krempa <pkrempa@redhat.com> writes: > > > On Thu, Jul 09, 2020 at 14:14:32 +0200, Milan Zamazal wrote: > >> Milan Zamazal <mzamazal@redhat.com> writes: > >> > > > >> > Hi, > >> > > >> > I would like to clarify how to make snapshots of running VMs with > >> > emulated TPM devices. As far as I understand QEMU documentation, it's > >> > possible to make snapshots of running VMs with TPM, but it's important > >> > to retain the state of swtpm. Does libvirt assist with that in any way > >> > or is it completely user's responsibility? libvirt pauses the VM > >> > internally when making a snapshot, which should be the right moment to > >> > copy the swtpm data, but the user doesn't have control over it. Is > >> > there a way to make a copy of swtpm data that is guaranteed to be > >> > consistent with the snapshot? > >> > >> No idea? > > > > I can comment only on the fact that libvirt doesn't do anything > > regarding snapshots on a VM with TPM. > > Thank you for the confirmation. > > Can anybody confirm there is no way to perform custom actions while a VM > is frozen by libvirt when making a memory snapshot, before we start > thinking about workarounds and/or filing a RFE?No, currently we don't support any custom actions at the point when the external memory snapshot is finalized prior to continuing the VM. Please file a generic RFE for snapshoting including TPM rather than a partial one where you'll request a way to do your hack.