The story of adding TPM support to oVirt

00:00

Cite

Related Material

FOSDEM VZW

Zamazal, Milan

Formal Metadata

Title

The story of adding TPM support to oVirt

Title of Series

FOSDEM 2022

Number of Parts

287

Author

Zamazal, Milan

License

CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/57043 (DOI)

Publisher

FOSDEM VZW

Release Date

2022

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

oVirt is an open source virtualization solution based on kvm, QEMU and libvirt. Trusted Platform Module (TPM) device support, which brings new security capabilities that modern operating systems utilize or even require, was added to oVirt recently. In theory, adding TPM support should be as easy as just adding a TPM device to the virtual machine libvirt XML. But features built on top of a lower-level virtualization platform are not always as easy to implement as they may initially seem to be. This talk will present the challenges experienced when adding TPM support to oVirt. The talk will explain that a supposedly complete feature support in libvirt/QEMU may still require challenging design considerations. What can be used easily in a simple virtual machine running on a desktop computer may not be enough to get the things working well and reliably in a virtual machine management running across many hosts. Some of the challenges experienced with TPM support have been sorted out while other ones still wait for a good solution. Although focusing on TPM, the lessons presented in this talk can apply to a wide range of features. Whatever we work on, we cannot be just passive consumers of features but we must look for the right ways of using them and be proactive in avoiding pitfalls.

Speech

Text

Image

00:00

Software developerPresentation of a groupOpen setFunctional (mathematics)SpeicherschutzInformation securityEndliche ModelltheorieComputer hardwareXML

00:26

Module (mathematics)Computer hardwareRead-only memoryVirtualizationVirtual realityVirtual machineOpen sourceSoftwareSoftware developerKolmogorov complexityDefault (computer science)Front and back endsCalculusConsistencyKernel (computing)InformationEmulatorFirmwarePower (physics)ArchitectureThread (computing)EmulationRevision controlComputer configurationData modelComputer iconTask (computing)Marginal distributionFunction (mathematics)Game controllerSystem callTime domainMetadataData storage deviceEvent horizonVariable (mathematics)Ideal (ethics)DatabaseParameter (computer programming)ImplementationBackupBlock (periodic table)EmulatorProper mapDifferent (Kate Ryan album)Open setCASE <Informatik>TelecommunicationAdditionComputer architectureRevision controlSoftwarePartial derivativeModule (mathematics)Streaming mediaComputing platformError messageKey (cryptography)Endliche ModelltheorieNeuroinformatikComputer iconSpeicherschutzComplete metric spaceDatabaseMechanism designVirtual machineData storage deviceMultiplication signImplementationContingency tableMathematicsDecision theoryTheorySoftware developerNumberCentralizer and normalizerData managementShared memoryUser interfaceVirtualizationCodeFile systemConnectivity (graph theory)Information securityBootingSoftware bugCoprocessorOpen sourceEvent horizonWindowMiniDiscNatural numberFunctional (mathematics)Computer hardwareInformation retrievalCalculusComputer configurationDiagonalInteger1 (number)Goodness of fitLink (knot theory)Descriptive statisticsParameter (computer programming)MultilaterationProcess (computing)Data conversionSystem callQueue (abstract data type)Moment (mathematics)Directed graphWebsiteForcing (mathematics)TouchscreenOrder (biology)CausalityReal numberMetreResultantPower (physics)Closed setQuicksortConfidence intervalView (database)Series (mathematics)Graphic designLabour Party (Malta)VotingPhysical systemArithmetic meanComputer animation

09:36

VirtualizationBackupBlock (periodic table)Computer hardwarePower (physics)Military operationImplementationKeyboard shortcutMathematicsSystem callCausalityGroup actionInformation retrievalHeat transferMiniDiscData storage deviceSoftware developerDependent and independent variablesNon-volatile memoryBootingPhysical systemRead-only memoryCloningParameter (computer programming)Mechanism designBlogFront and back endsEncryptionDatabaseInternet service providerDirectory serviceLibrary (computing)Template (C++)Data typeSimilarity (geometry)CodeComputer fileSoftwareEmulationComputing platformInformation securityComputer configurationProduct (business)Software bugPower (physics)Semiconductor memoryTraffic reportingOperator (mathematics)Mechanism designMathematicsMoment (mathematics)Computer hardwareOpen sourceSystem callElectronic mailing listEmailOrder (biology)Hash functionShared memoryMultilaterationOpen setImplementationDataflowKeyboard shortcutCrash (computing)BackupOcean currentServer (computing)Product (business)Software developerCASE <Informatik>SpacetimeRevision controlSoftwarePhysical systemBootingLoginMereologyInstance (computer science)Dependent and independent variablesLibrary (computing)Parameter (computer programming)CausalityState of matterProper mapData storage deviceDifferent (Kate Ryan album)Directory serviceTheoryFile formatCodeAdditionMeasurementLocal ringConnectivity (graph theory)AuthenticationContext awarenessEmulatorPatch (Unix)Error messageFlow separationFile systemVirtualizationSpeicherschutzBitInformation securityOperating systemData transmissionWeb 2.0Wave packetVideo gameRight angleView (database)Boss CorporationTask (computing)Rule of inferenceMultiplication signCategory of beingQuarkForestUser interfaceFirst-order logicAcoustic shadowReading (process)BlogGoodness of fitSpeech synthesisNetwork topologyTorusTrail

18:46

Computer animation

Transcript: English(auto-generated)