vTPM state storage v0 #4730
vTPM state storage v0 #4730
Conversation
|
you probably want to cherry-pick |
edwintorok
force-pushed
the
private/edvint/vtpm-state-merged
branch
from
91fd976
to
62c491c
Compare
| @@ -0,0 +1,33 @@ | |||
| module Uuidm = struct | |||
There was a problem hiding this comment.
I recommend changing the number in the quality gate, maintaining the corresponding mli seems to much of a headache.
| Varstore_privileged_client.Client.vtpm_get_contents dbg vtpm_uuid | ||
| |> Base64.decode_exn | ||
| in | ||
| let chroot = Xenops_sandbox.Swtpm_guard.chroot ~domid ~vm_uuid in |
There was a problem hiding this comment.
This happens after creating the sandbox, it looks like the chroot object should be a parameter to this function (called in line 4236) instead of exposing the function to create chroot objects without having to create them in the filesystem.
There was a problem hiding this comment.
Yes, we probably want a way to check whether a file exists in the sandbox without necessarily creating the sandbox (which would create the file if it doesn't exist). I'll see whether I can plumb the Chroot.t parameter through.
|
Note that this assumes that the backend is always xapi-db. Once we have a 'backend' field again then this should be made more generic, to allow any backend (and to move the backend specific code into a module of its own with a clear signature, so it'll be obvious how to implement new backends). |
|
If I read the code correctly, writing the state filepath into a xenstore key containing the vtpm_uuid is done to support multiple vtpms per VM, but is currently unused. Is there a reason for using this mechanism instead of, let's say symlinks in the chroot to stablish this relationship off-band? |
|
Looks like it is used after all: in Using xenstore here was just a shortcut: this needs a proper VTPM_DB module in lib/xenops_server instead. Thanks for spotting this. |
1 similar comment
|
Looks like it is used after all: in Using xenstore here was just a shortcut: this needs a proper VTPM_DB module in lib/xenops_server instead. Thanks for spotting this. |
edwintorok
force-pushed
the
private/edvint/vtpm-state-merged
branch
from
ce55c02
to
1898475
Compare
| @@ -1745,12 +1755,30 @@ let write_varstored_record task ~xs domid main_fd = | |||
| Io.write main_fd varstored_record ; | |||
| return () | |||
|
|
|||
| let forall f l = | |||
| let open Suspend_image.M in | |||
There was a problem hiding this comment.
Is this a monadic iter? In that case I would find forall a bit misleading.
| @@ -95,3 +95,4 @@ let nonessentials = | |||
| @ Resources.hvm_guests | |||
| @ Resources.pv_guests | |||
| @ Resources.pvinpvh_guests | |||
| @ Resources.vtpm_guests | |||
There was a problem hiding this comment.
Moving to List.concat as this gets longer would be good.
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Needs to be moved to a separate module to avoid cycles in the build system, about to use this type from another module. Signed-off-by: Edwin Török <edvin.torok@citrix.com>
Signed-off-by: Edwin Török <edvin.torok@citrix.com>
Xenopsd needs to know not just whether a VM has a vTPM or not, but also its UUID (in case a XAPI DB storage backend is used). For now only 1 vTPM/VM is supported, as before. Signed-off-by: Edwin Török <edvin.torok@citrix.com>
Signed-off-by: Edwin Török <edvin.torok@citrix.com>
On VM start read the vTPM state from the XAPI DB and write it out to a file that is passed as argument to `swtpm-wrapper`. On VM stop read the vTPM state from the filesystem and save it back into the XAPI DB. Note: any updated to vTPM state inbetween start/stop are lost if the host running the VM crashes for now. To be addressed by other storage backends. Signed-off-by: Edwin Török <edvin.torok@citrix.com>
Write a new swtpm record (similar to varstore record) into the migration stream that contains the latest vTPM state (from the filesystem). When vTPM start is called on the other end there will be 2 sources of vTPM state: the migration state and the xapi DB. The data from the migration state is restored first and takes precedence: there is a check to guard against EEXIST when starting the vTPM: if it already exists then we must've been just migrated and we leave the state alone. This assumes that state would be stored in the filesystem (through either the file:// or dir:// backends of swtpm, currently the only 2 existing ones). If other backends are implemented in the future then we would need to retrieve the latest vTPM state via another mechanism. TBC: would qemu attempt to restore the device state as well? But we need to start swtpm with *some* state during migration... Signed-off-by: Edwin Török <edvin.torok@citrix.com>
Signed-off-by: Edwin Török <edvin.torok@citrix.com>
psafont
force-pushed
the
private/edvint/vtpm-state-merged
branch
from
1898475
to
cca5ac7
Compare
See the description in the commit messages.