On Mon, Aug 12, 2019 at 14:15:22 -0400, Stefan Berger wrote:
On 8/12/19 2:11 PM, Peter Krempa wrote:
> On Mon, Aug 12, 2019 at 13:57:40 -0400, Stefan Berger wrote:
> > On 8/9/19 6:15 AM, Ján Tomko wrote:
> > > Redefining a domain via virDomainDefineXML should not give different
results
> > > based on an already existing definition.
> >
> > I added this patch so that users don't try to change a VM from encrypted
to
> > unencrypted on the level of the domain XML and assume it will start. It will
> > not start anymore.
> It is pointless to even try to protect from this as user can undefine
> the domain and then define it again. Since at that point there's nothing
> to compare against you'd get into the same situation.
Not quite. We would deleted the state directories of the (encrypted) TPMs
upon VM undefinition. So the user would start with no existing TPM state.
Well, that is okay. If the user changes configuration such as that the
wrong state is reused it's a configuration problem. It's the same
situation as if the user changes from UEFI to bios but provides the
wrong/old path to the bios image.
We just must make sure that once the original configuration is restored
(including the disk images (if the guest would e.g. record that the
state has changed and refuse to work)) everything works as if nothing
happened. This is the snapshot revert scenario (but this requires some
management level trickery to e.g. also revert the state of the TPM (as I
doubt that the code is more clever than in the case of the UEFI variable
store which we don't snapshot currently properly))