Detect vTPM support by libvirt API

Registered by Takashi Kajinami

Libvirt 8.0.0 introduced the field to tell availability of TPM support[1]. This feature internally checks availability of swtpm[1].

We can use this feature instead of implementing the own logic to detect availability within nova. The feature in libvirt relies on libvirt itself, so allows us to ensure the swtpm binaries are present in the PATH used by libvirt, not in one used by nova-compute.
One more benefit of using this libvirt feature is that libvirt can identify which TPM model (CRB, TIS and so on) is supported and we can use this to properly schedule an instance to the compute node with the requested TPM model available.

In addition, libvirt 8.6.0 introduced the additional field to expose available TPM versions[2], which can be used to report available TPM
versions.

<domainCapabilities>
  <devices>
    <tpm supported='yes'>
      <enum name='model'>
        <value>tpm-tis</value>
        <value>tpm-crb</value>
      </enum>
      <enum name='backendModel'>
        <value>passthrough</value>
        <value>emulator</value>
        <value>external</value>
      </enum>
      <enum name='backendVersion'>
        <value>1.2</value>
        <value>2.0</value>
      </enum>
    </tpm>
  </devices>
</domainCapabilities>

[1] https://github.com/libvirt/libvirt/commit/6f7fc0b54ad97e62e10cd6f9524fcc29b4bb4cc5
[2] https://github.com/libvirt/libvirt/commit/1277a9c884039e92765c977917420511f45e52e8

Blueprint information

Status:
Complete
Approver:
Sylvain Bauza
Priority:
Undefined
Drafter:
Takashi Kajinami
Direction:
Approved
Assignee:
Takashi Kajinami
Definition:
Approved
Series goal:
Accepted for 2024.2
Implementation:
Implemented
Milestone target:
None
Started by
Sylvain Bauza
Completed by
Sylvain Bauza

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.opendev.org/#/q/topic:bp/libvirt-detect-vtpm-support

Addressed by: https://review.opendev.org/c/openstack/nova/+/908508
    libvirt: Detect vtpm support by libvirt

Addressed by: https://review.opendev.org/c/openstack/nova/+/909183
    libvirt: Report available TPM models

[20240410 bauzas] specless bp approved as part of the PTG discussion

Addressed by: https://review.opendev.org/c/openstack/nova/+/908546
    libvirt: Ensure swtpm_ioctl is available for vTPM support

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.