We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

The story of adding TPM support to oVirt

Formal Metadata

Title
The story of adding TPM support to oVirt
Title of Series
Number of Parts
287
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
oVirt is an open source virtualization solution based on kvm, QEMU and libvirt. Trusted Platform Module (TPM) device support, which brings new security capabilities that modern operating systems utilize or even require, was added to oVirt recently. In theory, adding TPM support should be as easy as just adding a TPM device to the virtual machine libvirt XML. But features built on top of a lower-level virtualization platform are not always as easy to implement as they may initially seem to be. This talk will present the challenges experienced when adding TPM support to oVirt. The talk will explain that a supposedly complete feature support in libvirt/QEMU may still require challenging design considerations. What can be used easily in a simple virtual machine running on a desktop computer may not be enough to get the things working well and reliably in a virtual machine management running across many hosts. Some of the challenges experienced with TPM support have been sorted out while other ones still wait for a good solution. Although focusing on TPM, the lessons presented in this talk can apply to a wide range of features. Whatever we work on, we cannot be just passive consumers of features but we must look for the right ways of using them and be proactive in avoiding pitfalls.