Detect vTPM support by libvirt API
Libvirt 8.0.0 introduced the field to tell availability of TPM support[1]. This feature internally checks availability of swtpm[1].
We can use this feature instead of implementing the own logic to detect availability within nova. The feature in libvirt relies on libvirt itself, so allows us to ensure the swtpm binaries are present in the PATH used by libvirt, not in one used by nova-compute.
One more benefit of using this libvirt feature is that libvirt can identify which TPM model (CRB, TIS and so on) is supported and we can use this to properly schedule an instance to the compute node with the requested TPM model available.
In addition, libvirt 8.6.0 introduced the additional field to expose available TPM versions[2], which can be used to report available TPM
versions.
<domainCapabili
<devices>
<tpm supported='yes'>
<enum name='model'>
</enum>
<enum name='backendMo
</enum>
<enum name='backendVe
</enum>
</tpm>
</devices>
</domainCapabil
[1] https:/
[2] https:/
Blueprint information
- Status:
- Complete
- Approver:
- Sylvain Bauza
- Priority:
- Undefined
- Drafter:
- Takashi Kajinami
- Direction:
- Approved
- Assignee:
- Takashi Kajinami
- Definition:
- Approved
- Series goal:
- Accepted for 2024.2
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Sylvain Bauza
- Completed by
- Sylvain Bauza
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
libvirt: Detect vtpm support by libvirt
Addressed by: https:/
libvirt: Report available TPM models
[20240410 bauzas] specless bp approved as part of the PTG discussion
Addressed by: https:/
libvirt: Ensure swtpm_ioctl is available for vTPM support