Re: Emulated TPM devices and snapshots of running VMs

On Thu, Jul 09, 2020 at 17:54:23 +0200, Milan Zamazal wrote: > Peter Krempa <pkrempa(a)redhat.com&gt; writes: > > > On Thu, Jul 09, 2020 at 14:14:32 +0200, Milan Zamazal wrote: > >> Milan Zamazal <mzamazal(a)redhat.com&gt; writes: > >> > > > >> > Hi, > >> > > >> > I would like to clarify how to make snapshots of running VMs with > >> > emulated TPM devices. As far as I understand QEMU documentation, it's > >> > possible to make snapshots of running VMs with TPM, but it's important > >> > to retain the state of swtpm. Does libvirt assist with that in any way > >> > or is it completely user's responsibility? libvirt pauses the VM > >> > internally when making a snapshot, which should be the right moment to > >> > copy the swtpm data, but the user doesn't have control over it. Is > >> > there a way to make a copy of swtpm data that is guaranteed to be > >> > consistent with the snapshot? > >> > >> No idea? > > > > I can comment only on the fact that libvirt doesn't do anything > > regarding snapshots on a VM with TPM. > > Thank you for the confirmation. > > Can anybody confirm there is no way to perform custom actions while a VM > is frozen by libvirt when making a memory snapshot, before we start > thinking about workarounds and/or filing a RFE? No, currently we don't support any custom actions at the point when the external memory snapshot is finalized prior to continuing the VM. Please file a generic RFE for snapshoting including TPM rather than a partial one where you'll request a way to do your hack.