From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 7F6AC717E8 for ; Mon, 4 Oct 2021 17:29:59 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 7455D1E07B for ; Mon, 4 Oct 2021 17:29:29 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 49B2B1E065 for ; Mon, 4 Oct 2021 17:29:28 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 214F3454D2 for ; Mon, 4 Oct 2021 17:29:28 +0200 (CEST) From: Stefan Reiter To: pve-devel@lists.proxmox.com Date: Mon, 4 Oct 2021 17:29:18 +0200 Message-Id: <20211004152921.2839809-1-s.reiter@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.541 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH v3 0/3] Initial TPM support for VMs X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Oct 2021 15:29:59 -0000 Makes Windows 11 (test build) happy: https://i.imgur.com/kZ0Mpnr.jpeg Tested under Linux as well, works with (updated) OVMF and SeaBIOS, though SeaBIOS requires clearing via the BIOS setup screen and may not support all features it seems (e.g. Windows shows the TPM, but doesn't allow BitLocker, presumably because it requires UEFI). Requires patched swtpm with my PRs applied: https://github.com/stefanberger/swtpm/pull/513 https://github.com/stefanberger/swtpm/pull/570 Can also be found as 'swtpm' in my staff repos. RFC v2 -> v3: * support backups by attaching the TPM as a drive to QEMU temporarily * swtpm_setup now has support for file backend, so use it * Ceph is now supported by forcing krbd and mapping the block device * drop applied OVMF patch RFC v1 -> RFC v2: * with the above PR, we can store state in a single file/block device, thus we can treat it similar to an efidisk - this eliminates any concerns about storing on pmxcfs * always allocate the state as 4 MiB (on directory storage it might auto-shrink) * fixes migration, since source and destination are now different * add GUI patch storage: Stefan Reiter (1): import: don't check for 1K aligned size PVE/Storage/Plugin.pm | 1 - 1 file changed, 1 deletion(-) qemu-server: Stefan Reiter (1): fix #3075: add TPM v1.2 and v2.0 support via swtpm PVE/API2/Qemu.pm | 5 ++ PVE/QemuMigrate.pm | 14 +++- PVE/QemuServer.pm | 137 +++++++++++++++++++++++++++++++++++++-- PVE/QemuServer/Drive.pm | 63 ++++++++++++++---- PVE/VZDump/QemuServer.pm | 43 ++++++++++-- 5 files changed, 238 insertions(+), 24 deletions(-) manager: Stefan Reiter (1): ui: add support for adding TPM devices www/manager6/Makefile | 1 + www/manager6/Utils.js | 2 +- www/manager6/form/DiskStorageSelector.js | 5 +- www/manager6/qemu/HDMove.js | 1 + www/manager6/qemu/HDTPM.js | 88 ++++++++++++++++++++++++ www/manager6/qemu/HardwareView.js | 25 ++++++- 6 files changed, 119 insertions(+), 3 deletions(-) create mode 100644 www/manager6/qemu/HDTPM.js -- 2.30.2