← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #94033

[Bug 2052760] Re: libvirt: swtpm_setup and swtpm are BOTH required for vtpm support

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.opendev.org/c/openstack/nova/+/908541
Committed: https://opendev.org/openstack/nova/commit/5b505dede975db06df71fdf4719c322c9a1f911d
Submitter: "Zuul (22348)"
Branch:    master

commit 5b505dede975db06df71fdf4719c322c9a1f911d
Author: Takashi Kajinami <kajinamit@xxxxxxxxxxxxxxx>
Date:   Fri Feb 9 11:59:52 2024 +0900

    libvirt: Ensure both swtpm and swtpm_setup exist for vTPM support
    
    Libvirt requires both swtpm and swtpm_setup to launch instances with
    vTPM emulated by swtpm. However the driver now checks if "any" of
    these two binaries exist.
    
    This fixes the logic and ensure "both" of these two binaries exist,
    to meet the requirement by libvirt correctly.
    
    Closes-Bug: #2052760
    Change-Id: I44453e69c88115868cda192c9ca17b92ba7b6556


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2052760

Title:
  libvirt: swtpm_setup and swtpm are BOTH required for vtpm support

Status in OpenStack Compute (nova):
  Fix Released

Bug description:
  Description
  ===========
  Currently libvirt driver ensures ANY of swtpm_setup and swtpm is present for vTPM support.
  However libvirt requires BOTH of these for vTPM support. The swtpm is required to launch actual vTPM while the swtpm_setup binary is used to generate to set up vTPM.

  Steps to reproduce
  ==================
  * Deploy nova-compute with swtpm support
  * Ensure the resource provider contains TPM traits
   $ openstack resource provider trait list <id> | grep TPM
  * Remove swtpm_setup (or swtpm) from PATH
  * Restart nova-compute
  * Check whether TPM traits are still present
    $ openstack resource provider trait list <id> | grep TPM

  Expected result
  ===============
  nova-compute fails to start because of missing swtpm_setup (or swtpm)

  Actual result
  =============
  nova-compute succeeds to start and TPM traits are still present

  Environment
  ===========
  This issue was initially found in master, but would be present in stable branches.

  Logs & Configs
  ==============
  N/A

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2052760/+subscriptions

References

  Thread PreviousDate PreviousThread Next