vTPM state storage v0 #4730
Merged
vTPM state storage v0 #4730
Commits on Jun 17, 2022
-
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
-
xapi-idl: move Uuidm type to separate module
Needs to be moved to a separate module to avoid cycles in the build system, about to use this type from another module. Signed-off-by: Edwin Török <edvin.torok@citrix.com>
-
xapi-idl: add sexp converter to Uuidm type
Signed-off-by: Edwin Török <edvin.torok@citrix.com>
-
Xenopsd needs to know not just whether a VM has a vTPM or not, but also its UUID (in case a XAPI DB storage backend is used). For now only 1 vTPM/VM is supported, as before. Signed-off-by: Edwin Török <edvin.torok@citrix.com>
-
varstore-guard: add filtering for vTPM.{set,get}_contents API
Signed-off-by: Edwin Török <edvin.torok@citrix.com>
-
vTPM: add minimal support for saving/restoring state through the XAPI DB
On VM start read the vTPM state from the XAPI DB and write it out to a file that is passed as argument to `swtpm-wrapper`. On VM stop read the vTPM state from the filesystem and save it back into the XAPI DB. Note: any updated to vTPM state inbetween start/stop are lost if the host running the VM crashes for now. To be addressed by other storage backends. Signed-off-by: Edwin Török <edvin.torok@citrix.com>
-
vTPM: add minimal migration support
Write a new swtpm record (similar to varstore record) into the migration stream that contains the latest vTPM state (from the filesystem). When vTPM start is called on the other end there will be 2 sources of vTPM state: the migration state and the xapi DB. The data from the migration state is restored first and takes precedence: there is a check to guard against EEXIST when starting the vTPM: if it already exists then we must've been just migrated and we leave the state alone. This assumes that state would be stored in the filesystem (through either the file:// or dir:// backends of swtpm, currently the only 2 existing ones). If other backends are implemented in the future then we would need to retrieve the latest vTPM state via another mechanism. TBC: would qemu attempt to restore the device state as well? But we need to start swtpm with *some* state during migration... Signed-off-by: Edwin Török <edvin.torok@citrix.com>
-
vTPM: do not hardcode swtpm-wrapper path
Signed-off-by: Edwin Török <edvin.torok@citrix.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.