search for: swtpm

Hi, I would like to clarify how to make snapshots of running VMs with emulated TPM devices. As far as I understand QEMU documentation, it's possible to make snapshots of running VMs with TPM, but it's important to retain the state of swtpm. Does libvirt assist with that in any way or is it completely user's responsibility? libvirt pauses the VM internally when making a snapshot, which should be the right moment to copy the swtpm data, but the user doesn't have control over it. Is there a way to make a copy of swtpm data th...

...interested in the security properties a totally open TPM can give our users? - its use as a universal smartcard to protect all types of keys. When adding the virtual 1.2 or 2.0 TPM I get the vague error below. OS is Debian stable with standard packages. Error starting domain: Unable to find 'swtpm' binary in $PATH: No such file or directory Traceback (most recent call last): ? File "/usr/share/virt-manager/virtManager/asyncjob.py", line 75, in cb_wrapper ??? callback(asyncjob, *args, **kwargs) ? File "/usr/share/virt-manager/virtManager/asyncjob.py", line 111, in tmp...

...; > Hi, > > > > I would like to clarify how to make snapshots of running VMs with > > emulated TPM devices. As far as I understand QEMU documentation, it's > > possible to make snapshots of running VMs with TPM, but it's important > > to retain the state of swtpm. Does libvirt assist with that in any way > > or is it completely user's responsibility? libvirt pauses the VM > > internally when making a snapshot, which should be the right moment to > > copy the swtpm data, but the user doesn't have control over it. Is > > the...

...gt; I would like to clarify how to make snapshots of running VMs with > >> > emulated TPM devices. As far as I understand QEMU documentation, it's > >> > possible to make snapshots of running VMs with TPM, but it's important > >> > to retain the state of swtpm. Does libvirt assist with that in any way > >> > or is it completely user's responsibility? libvirt pauses the VM > >> > internally when making a snapshot, which should be the right moment to > >> > copy the swtpm data, but the user doesn't have control...

...rt at least passthrough. No luck - Same error message. Downloaded the source for th rpm and found a line: "--disable-tpm" in build_configure.sh. Guess that the maintainers has some reason to turn tpm off. Can somone confirm this? 3. And now what next? The setup would really need swtpm, which should be available in 2.11.0. Can someone confirm that tpm will be enabled here? Would also be nice having a libvirt that will accept the swtpm configuration. the current don't like it. Could of course recompile qemu myself, but really wouldn't like going that route. The s...

...ity properties a totally open TPM >can give our users  - its use as a universal smartcard to protect all >types of keys. When adding the virtual 1.2 or 2.0 TPM I get the vague >error below. OS is Debian stable with standard packages. > > >Error starting domain: Unable to find 'swtpm' binary in $PATH: No such >file or directory > >Traceback (most recent call last): >  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 75, in >cb_wrapper >    callback(asyncjob, *args, **kwargs) >  File "/usr/share/virt-manager/virtManager/asyncjo...

...aded qemu 2.12.0 and tried to very optimistically just throw it in the rpmbuild. And got a heap of patch fails already at the first patch. Expected of course... So no such luck. Now looking further it also seems like even 2.12.0 will not solve our problem as it only gives multiple VM access to the swtpm emulator. We need access to the hardware TPM... Can you make swtpm use the hardware ? Any advice would/will be valuable! Best Dag

...operties a totally open TPM > can give our users - its use as a universal smartcard to protect all > types of keys. When adding the virtual 1.2 or 2.0 TPM I get the vague > error below. OS is Debian stable with standard packages. > > > Error starting domain: Unable to find 'swtpm' binary in $PATH: No such > file or directory I wouldn't call this error message vague at all: it tells you exactly what the problem is, namely that libvirt needs the 'swtpm' command for your configuration but the latter is not available :) Unfortunately it looks like swtpm it&...

...s - its use as a universal smartcard to protect all > > > types of keys. When adding the virtual 1.2 or 2.0 TPM I get the vague > > > error below. OS is Debian stable with standard packages. > > > > > > > > > Error starting domain: Unable to find 'swtpm' binary in $PATH: No such > > > file or directory > > > > I wouldn't call this error message vague at all: it tells you exactly > > what the problem is, namely that libvirt needs the 'swtpm' command > > for your configuration but the latter is not a...

...al@redhat.com> writes: > Hi, > > I would like to clarify how to make snapshots of running VMs with > emulated TPM devices. As far as I understand QEMU documentation, it's > possible to make snapshots of running VMs with TPM, but it's important > to retain the state of swtpm. Does libvirt assist with that in any way > or is it completely user's responsibility? libvirt pauses the VM > internally when making a snapshot, which should be the right moment to > copy the swtpm data, but the user doesn't have control over it. Is > there a way to make a c...

...> >> > I would like to clarify how to make snapshots of running VMs with >> > emulated TPM devices. As far as I understand QEMU documentation, it's >> > possible to make snapshots of running VMs with TPM, but it's important >> > to retain the state of swtpm. Does libvirt assist with that in any way >> > or is it completely user's responsibility? libvirt pauses the VM >> > internally when making a snapshot, which should be the right moment to >> > copy the swtpm data, but the user doesn't have control over it. Is &...

...s that the maintainers has some reason > to turn tpm off. Can somone confirm this? > Not sure about reasons for turning off, but request to enable it has been closed wontfix: https://bugzilla.redhat.com/show_bug.cgi?id=1327947 > > 3. And now what next? The setup would really need swtpm, which > should be available in 2.11.0. Can someone confirm that tpm > will be enabled here? Would also be nice having a libvirt that > will accept the swtpm configuration. the current don't like it. > Adding Miroslav > > Could of course recompile qemu myself, but...

...ed to very optimistically just > throw it in the rpmbuild. And got a heap of patch fails already > at the first patch. Expected of course... So no such luck. > > Now looking further it also seems like even 2.12.0 will not solve > our problem as it only gives multiple VM access to the swtpm emulator. > We need access to the hardware TPM... > > Can you make swtpm use the hardware ? > > Any advice would/will be valuable! > You could try using Xen. A quick search implies that Xen from 4.3 onward will virtualize TPM. I am not sure if the libvirt drivers for xen will supp...

...just > > throw it in the rpmbuild. And got a heap of patch fails already > > at the first patch. Expected of course... So no such luck. > > > > Now looking further it also seems like even 2.12.0 will not solve > > our problem as it only gives multiple VM access to the swtpm emulator. > > We need access to the hardware TPM... > > > > Can you make swtpm use the hardware ? > > > > Any advice would/will be valuable! > > > You could try using Xen. > A quick search implies that Xen from 4.3 onward will virtualize TPM. > I am not...