oVirt is an open source virtualization solution based on kvm, QEMU and libvirt. Trusted Platform Module (TPM) device support, which brings new security capabilities that modern operating systems utilize or even require, was added to oVirt recently. In theory, adding TPM support should be as easy as just adding a TPM device to the virtual machine libvirt XML. But features built on top of a lower-level virtualization platform are not always as easy to implement as they may initially seem to be. This talk will present the challenges experienced when adding TPM support to oVirt. The talk will explain that a supposedly complete feature support in libvirt/QEMU may still require challenging design considerations. What can be used easily in a simple virtual machine running on a desktop computer may not be enough to get the things working well and reliably in a virtual machine management running across many hosts. Some of the challenges experienced with TPM support have been sorted out while other ones still wait for a good solution. Although focusing on TPM, the lessons presented in this talk can apply to a wide range of features. Whatever we work on, we cannot be just passive consumers of features but we must look for the right ways of using them and be proactive in avoiding pitfalls.