NuKVM/vagrant-libvirt
3
0
Fork 0
mirror of https://github.com/vagrant-libvirt/vagrant-libvirt.git synced 2025-02-25 18:55:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add ability to use emulated tpm (#1166)

Browse Source 
Qemu has supported tpm 2 and the ability to start swtpm. Additionally 
it expands the tests for the tpm configuration to ensure that only when 
the options cause a change to the domain XML will the domain be updated 
on a subsequent start. This change just allows passing through the 
necessary config.

Vagrant.configure("2") do |config|
  config.vm.provider :libvirt do |libvirt|
    libvirt.tpm_model = "tpm-crb"
    libvirt.tpm_type = "emulator"
    libvirt.tpm_version = "2.0"
  end
end

closes #965
This commit is contained in:
Jason Tarasovic
2020-12-15 06:43:46 -06:00
committed by GitHub
parent 20067be0d2
commit 1251189145
10 changed files with 333 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@@ -504,6 +504,7 @@ end
* `tpm_model` - The model of the TPM to which you wish to connect.
* `tpm_type` - The type of TPM device to which you are connecting.
* `tpm_path` - The path to the TPM device on the host system.
* `tpm_version` - The TPM version to use.
* `dtb` - The device tree blob file, mostly used for non-x86 platforms. In case
the device tree isn't added in-line to the kernel, it can be manually
specified here.
@@ -579,6 +580,7 @@ defined domain:
* `tpm_model` - Updated
* `tpm_type` - Updated
* `tpm_path` - Updated
* `tpm_version` - Updated
## Networks
@@ -1408,13 +1410,14 @@ Modern versions of Libvirt support connecting to TPM devices on the host
system. This allows you to enable Trusted Boot Extensions, among other
features, on your guest VMs.
In general, you will only need to modify the `tpm_path` variable in your guest
configuration. However, advanced usage, such as the application of a Software
TPM, may require modifying the `tpm_model` and `tpm_type` variables.
To passthrough a hardware TPM, you will generally only need to modify the
`tpm_path` variable in your guest configuration. However, advanced usage,
such as the application of a Software TPM, may require modifying the
`tpm_model`, `tpm_type` and `tpm_version` variables.
The TPM options will only be used if you specify a TPM path. Declarations of
any TPM options without specifying a path will result in those options being
ignored.
The TPM options will only be used if you specify a TPM path or version.
Declarations of any TPM options without specifying a path or version will
result in those options being ignored.
Here is an example of using the TPM options:
@@ -1428,6 +1431,19 @@ Vagrant.configure("2") do |config|
end
```
It's also possible for Libvirt to start an emulated TPM device on the host.
Requires `swtpm` and `swtpm-tools`
```ruby
Vagrant.configure("2") do |config|
config.vm.provider :libvirt do |libvirt|
libvirt.tpm_model = "tpm-crb"
libvirt.tpm_type = "emulator"
libvirt.tpm_version = "2.0"
end
end
```
## Libvirt communication channels
For certain functionality to be available within a guest, a private