Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a warning and support for TPM #665

Merged
merged 5 commits into from
Dec 27, 2023
Merged

Add a warning and support for TPM #665

merged 5 commits into from
Dec 27, 2023

Conversation

liranr23
Copy link
Member

@liranr23 liranr23 commented Nov 27, 2023
edited
Loading

When having a TPM device from the source(oVirt - based on having windows 2022 or windows 11 OS),
create it also for the destination VM.
The data is persist in oVirt. Therefore, if supported by kubevirt the TPM will be persistent TPM,
otherwise the TPM without persistent data.

A warning will be shown as the data will be lost during the migration

In order to have the TPM persistent it is required to have kubvirt
v1.0.0 and adding configuration manually as described in:
https://kubevirt.io/user-guide/virtual_machines/persistent_tpm_and_uefi_state/

It is also supported in CNV running on OCP 4.14, and you need to follow:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.14/html/virtualization/virtual-machines#virt-using-vtpm-devices

https://issues.redhat.com/browse/MTV-378

@liranr23 liranr23 requested a review from ahadas as a code owner November 27, 2023 16:51
@liranr23
Copy link
Member Author

vsphere needs to be verified(mainly the inventory). Also the warning might change to use luks(future?).
I didn't find a real answer if the data is persistent on vsphere, my guts says yes, and based on their docs i think it does.

@liranr23 liranr23 requested review from bennyz and bkhizgiy November 27, 2023 18:22
@ahadas
Copy link
Member

ahadas commented Nov 28, 2023

Also the warning might change to use luks(future?).

the warning would still hold as we won't be able to transfer the data but yeah, we can then extend the warning by saying that luks can be specified as part of the plan when we do that

I didn't find a real answer if the data is persistent on vsphere, my guts says yes, and based on their docs i think it does.

they support windows 11 so it needs to be persistent

@ahadas
Copy link
Member

ahadas commented Dec 24, 2023

@liranr23 I summarized our offline discussion about determining whether the VM has TPM in oVirt here

@ahadas ahadas self-requested a review December 25, 2023 16:41
@liranr23 @ahadas
Validate TPM device
6b924d4 
If the source VM is set with windows 2022 or windows 11 that must have a
TPM warn about it.

Signed-off-by: Liran Rotenberg <[email protected]>
@liranr23 @ahadas
Create TPM device based on ovirt source
1b10a66 
When having Windows 2k22 or Windows 11 OS, a TPM device is a must. Therefore,
we will create it also for the destination VM. The data is persist in
ovirt. If supported by kubevirt the TPM will be persistent TPM, otherwise
the TPM is without persistent data.

In order to have the TPM persistent it is required to have kubvirt
v1.0.0 and adding configuration manually as described in:
https://kubevirt.io/user-guide/virtual_machines/persistent_tpm_and_uefi_state/

It is also supported in CNV running on OCP 4.14, and you need to follow:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.14/html/virtualization/virtual-machines#virt-using-vtpm-devices

Signed-off-by: Liran Rotenberg <[email protected]>
@liranr23 @ahadas
Introduce TPM to vsphere inventory
ea54600 
Signed-off-by: Liran Rotenberg <[email protected]>
@liranr23 @ahadas
Validate TPM on vsphere
addc13c 
Warn in case TPM device is detected on a VM.

Signed-off-by: Liran Rotenberg <[email protected]>
@liranr23 @ahadas
Add TPM to vsphere builder
2e9c8fb 
When having TPM device from the source, create it also for the
destination VM. The data is persist in ovirt. If supported by kubevirt
the TPM will be persistent TPM, otherwise the TPM without persistent
data.

Signed-off-by: Liran Rotenberg <[email protected]>
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Dec 26, 2023

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
7.0% Duplication on New Code

See analysis details on SonarCloud

@ahadas ahadas merged commit 1ae4d54 into kubev2v:main Dec 27, 2023
10 checks passed
@liranr23 liranr23 deleted the warn_tpm branch December 27, 2023 12:07
@ahadas ahadas mentioned this pull request Jan 2, 2024
Merged
@ahadas ahadas changed the title Add a warning and support of TPM Add a warning and support for TPM Jan 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahadas ahadas ahadas approved these changes

@bennyz bennyz Awaiting requested review from bennyz

@bkhizgiy bkhizgiy Awaiting requested review from bkhizgiy

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@liranr23 @ahadas