mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 17:34:18 +03:00
cc6c49f6cd
Currently, swtpm TPM state file is removed when a transient domain is
powered off or undefined. When we store TPM state on a shared storage
such as NFS and use transient domain, TPM states should be kept as it is.
Add per-TPM emulator option `persistent_sate` for keeping TPM state.
This option only works for the emulator type backend and looks as follows:
<tpm model='tpm-tis'>
<backend type='emulator' persistent_state='yes'/>
</tpm>
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
39 lines
1.2 KiB
Plaintext
39 lines
1.2 KiB
Plaintext
LC_ALL=C \
|
|
PATH=/bin \
|
|
HOME=/tmp/lib/domain--1-TPM-VM \
|
|
USER=test \
|
|
LOGNAME=test \
|
|
XDG_DATA_HOME=/tmp/lib/domain--1-TPM-VM/.local/share \
|
|
XDG_CACHE_HOME=/tmp/lib/domain--1-TPM-VM/.cache \
|
|
XDG_CONFIG_HOME=/tmp/lib/domain--1-TPM-VM/.config \
|
|
QEMU_AUDIO_DRV=none \
|
|
/usr/bin/qemu-system-x86_64 \
|
|
-name guest=TPM-VM,debug-threads=on \
|
|
-S \
|
|
-object secret,id=masterKey0,format=raw,\
|
|
file=/tmp/lib/domain--1-TPM-VM/master-key.aes \
|
|
-machine pc-i440fx-2.12,accel=tcg,usb=off,dump-guest-core=off,\
|
|
memory-backend=pc.ram \
|
|
-cpu qemu64 \
|
|
-m 2048 \
|
|
-object memory-backend-ram,id=pc.ram,size=2147483648 \
|
|
-overcommit mem-lock=off \
|
|
-smp 1,sockets=1,cores=1,threads=1 \
|
|
-uuid 11d7cd22-da89-3094-6212-079a48a309a1 \
|
|
-display none \
|
|
-no-user-config \
|
|
-nodefaults \
|
|
-chardev socket,id=charmonitor,fd=1729,server,nowait \
|
|
-mon chardev=charmonitor,id=monitor,mode=control \
|
|
-rtc base=utc \
|
|
-no-shutdown \
|
|
-boot menu=on,strict=on \
|
|
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
|
|
-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \
|
|
-chardev socket,id=chrtpm,path=/dev/test \
|
|
-device tpm-tis,tpmdev=tpm-tpm0,id=tpm0 \
|
|
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \
|
|
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
|
|
resourcecontrol=deny \
|
|
-msg timestamp=on
|