Re: [PATCH 0/7] qemu: tpm: Add support for migration across shared storage

On Mon, Aug 22, 2022 at 02:52:26PM -0400, Stefan Berger wrote: > On 8/22/22 12:35, Daniel P. Berrangé wrote: >> On Mon, Aug 22, 2022 at 08:05:47AM -0400, Stefan Berger wrote: >>> This series of patches adds support for migrating vTPMs across hosts whose >>> storage has been set up to share the directory structure holding the state >>> of the TPM (swtpm). The domain XML is extended with a shared_storage >>> attribute that must be set to 'yes' when shared storage is used. It >> >> We don't require any 'shared_storage' attribute for disk images - we just >> aim to "do the right thing" automatically. If we want to support shared >> storage for TPM, then IMHO it should likewise be made transparent. >> >> What's the thinking behind putting the TPM on shared storage though ? > > It's drive by swtpm user(s): > > https://github.com/stefanberger/swtpm/pull/732 > > The driving force is having the state available on the destination to > restart a VM there if the original host failed. Allegedly all hosts in their > setup would share the necessary storage to be able to do that with TPM state > but then presumably also with the disk image(s). Ok, so use case is resilience rather than specifically live migration.

>> The state is tiny so you're not going to notice it being transferred > > Tiny is relative to disk sizes. It can become ~260kb or so, depending on how > much is stored in the NVRAM areas, but yes, it's comparably small. I meant 'tiny' in the sense that the time required to live migration it is not measureably significant. Compared with say migrating disk storage, which could add hours to a live migration if it wasn't on shared storage.