yahoo-eng-team team mailing list archive

Thread
Date
[Bug 2052761] [NEW] libvirt: swtpm_ioctl is required for vTPM support

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Takashi Kajinami <2052761@xxxxxxxxxxxxxxxxxx>
Date: Fri, 09 Feb 2024 03:12:57 -0000
Reply-to: Bug 2052761 <2052761@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Description
===========
Libvirt uses swtpm_ioctl to shutdown the swtpm process at VM termination, because QEMU does not send shutdown command.
However the binary is not included in the required binaries (swtpm and swtpm_setup, at the time of writing) checked by libvirt driver. So users can use vTPM support without binaries, which leaves swtpm processes kept running.

Steps to reproduce
==================
* Deploy nova-compute with vTPM support
* Move swtpm_ioctl from PATH
* Restart nova-compute
* Check capabilities reported by nova-compute

Expected result
===============
The report shows no swtpm support

Actual result
=============
The report shows swtpm support

Environment
===========
This issue was initially found in master, but would be present in stable branches.

Logs & Configs
==============
N/A

** Affects: nova
     Importance: Undecided
     Assignee: Takashi Kajinami (kajinamit)
         Status: In Progress

** Changed in: nova
     Assignee: (unassigned) => Takashi Kajinami (kajinamit)

** Description changed:

  Description
  ===========
- 
  Libvirt uses swtpm_ioctl to shutdown the swtpm process at VM termination, because QEMU does not send shutdown command.
  However the binary is not included in the required binaries (swtpm and swtpm_setup, at the time of writing) checked by libvirt driver. So users can use vTPM support without binaries, which leaves swtpm processes kept running.
  
  Steps to reproduce
  ==================
  * Deploy nova-compute with vTPM support
  * Move swtpm_ioctl from PATH
  * Restart nova-compute
  * Check capabilities reported by nova-compute
  
  Expected result
  ===============
  The report shows no swtpm support
  
  Actual result
  =============
  The report shows swtpm support
  
  Environment
  ===========
  This issue was initially found in master, but would be present in stable branches.
  
  Logs & Configs
  ==============
  N/A

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2052761

Title:
  libvirt: swtpm_ioctl is required for vTPM support

Status in OpenStack Compute (nova):
  In Progress

Bug description:
  Description
  ===========
  Libvirt uses swtpm_ioctl to shutdown the swtpm process at VM termination, because QEMU does not send shutdown command.
  However the binary is not included in the required binaries (swtpm and swtpm_setup, at the time of writing) checked by libvirt driver. So users can use vTPM support without binaries, which leaves swtpm processes kept running.

  Steps to reproduce
  ==================
  * Deploy nova-compute with vTPM support
  * Move swtpm_ioctl from PATH
  * Restart nova-compute
  * Check capabilities reported by nova-compute

  Expected result
  ===============
  The report shows no swtpm support

  Actual result
  =============
  The report shows swtpm support

  Environment
  ===========
  This issue was initially found in master, but would be present in stable branches.

  Logs & Configs
  ==============
  N/A

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2052761/+subscriptions