)]}'
{"specs/train/approved/physical-tpm-passthrough.rst":[{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"44e28bbd81c0ec3a1e7183cf7deffee3d66c6de7","unresolved":false,"context_lines":[{"line_number":43,"context_line":"add the necessary domain XML elements to effect passthrough of the/a TPM device"},{"line_number":44,"context_line":"to the guest."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"Migration of a guest with a TPM device is not allowed and will be blocked."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":".. todo:: How are devices discovered on the host? How can we tell which ones"},{"line_number":49,"context_line":"          are assigned, and to which guests? (So that we know which ones are"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9fb8cfa7_333e3db8","line":46,"updated":"2019-06-27 13:57:40.000000000","message":"This is a pretty big red flag to me of adding an incomplete feature to nova from the start which will just be technical debt later. Someone will be using PTPM flavors with their pet and really need it to be migrated.","commit_id":"ae9fc6726a55db3058afc3c8f6c5c9e783773eb2"},{"author":{"_account_id":14070,"name":"Eric Fried","email":"openstack@fried.cc","username":"efried"},"change_message_id":"e0e85ba905097c27a578f2ac83cdc0e8c55b3751","unresolved":false,"context_lines":[{"line_number":43,"context_line":"add the necessary domain XML elements to effect passthrough of the/a TPM device"},{"line_number":44,"context_line":"to the guest."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"Migration of a guest with a TPM device is not allowed and will be blocked."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":".. todo:: How are devices discovered on the host? How can we tell which ones"},{"line_number":49,"context_line":"          are assigned, and to which guests? (So that we know which ones are"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9fb8cfa7_5f0093ab","line":46,"in_reply_to":"9fb8cfa7_333e3db8","updated":"2019-06-27 14:44:18.000000000","message":"They tell me it\u0027s because the device contains data (secrets) that can\u0027t be brought along.","commit_id":"ae9fc6726a55db3058afc3c8f6c5c9e783773eb2"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"0c2d8a0574289dee27dfe255b3fcd0923e1ecf9a","unresolved":false,"context_lines":[{"line_number":43,"context_line":"add the necessary domain XML elements to effect passthrough of the/a TPM device"},{"line_number":44,"context_line":"to the guest."},{"line_number":45,"context_line":""},{"line_number":46,"context_line":"Migration of a guest with a TPM device is not allowed and will be blocked."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":".. todo:: How are devices discovered on the host? How can we tell which ones"},{"line_number":49,"context_line":"          are assigned, and to which guests? (So that we know which ones are"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9fb8cfa7_d969fb24","line":46,"in_reply_to":"9fb8cfa7_5f0093ab","updated":"2019-06-27 19:24:03.000000000","message":"OK, so more like a baremetal scenario (somewhere in between). Firmware!","commit_id":"ae9fc6726a55db3058afc3c8f6c5c9e783773eb2"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"0c2d8a0574289dee27dfe255b3fcd0923e1ecf9a","unresolved":false,"context_lines":[{"line_number":45,"context_line":""},{"line_number":46,"context_line":"Migration of a guest with a TPM device is not allowed and will be blocked."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":".. todo:: How are devices discovered on the host? How can we tell which ones"},{"line_number":49,"context_line":"          are assigned, and to which guests? (So that we know which ones are"},{"line_number":50,"context_line":"          okay to assign on a new spawn etc.)"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Alternatives"},{"line_number":53,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9fb8cfa7_3964d749","line":50,"range":{"start_line":48,"start_character":50,"end_line":50,"end_character":45},"updated":"2019-06-27 19:24:03.000000000","message":"This goes with Dan\u0027s point below.","commit_id":"ae9fc6726a55db3058afc3c8f6c5c9e783773eb2"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"982f53ecdc4fa88273b615d05d67558ee5d45ffd","unresolved":false,"context_lines":[{"line_number":45,"context_line":""},{"line_number":46,"context_line":"Migration of a guest with a TPM device is not allowed and will be blocked."},{"line_number":47,"context_line":""},{"line_number":48,"context_line":".. todo:: How are devices discovered on the host? How can we tell which ones"},{"line_number":49,"context_line":"          are assigned, and to which guests? (So that we know which ones are"},{"line_number":50,"context_line":"          okay to assign on a new spawn etc.)"},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"Alternatives"},{"line_number":53,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9fb8cfa7_08e89e79","line":50,"range":{"start_line":48,"start_character":50,"end_line":50,"end_character":45},"in_reply_to":"9fb8cfa7_3964d749","updated":"2019-06-27 21:27:45.000000000","message":"Yeah I read this as \"when trying to assign one\", but my point was more specifically about the coming-back-from-reboot case where we\u0027re like \"so, um, which TPM went with which guest?\". If they have a uuid or serial number then that\u0027s cool, but my point about persistence of that mapping is important. If they\u0027re always discoverable in the same order, we need to (a) make sure that damn well holds for every possible system and hardware arrangement and (b) that we handle the case where I add in a card of TPMs (if that\u0027s a thing) or transplant disks into a new system with more TPMS (or in a different topology).\n\nThis kind of thing, especially when related to the extreme security aspect, makes this very much less trivial than just making sure we get the right nic attached to a guest. I would say that giving the wrong nic to a guest is massively less concerning (even with the Coke network access it might grant to Pepsi) than giving a VM someone else\u0027s populated TPM.","commit_id":"ae9fc6726a55db3058afc3c8f6c5c9e783773eb2"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"9806332f6106dba67c261647bd42bc2e5df8f75e","unresolved":false,"context_lines":[{"line_number":122,"context_line":"  the compute node root provider"},{"line_number":123,"context_line":"* Enhance `LibvirtDriver.spawn`_ to inspect ``allocations`` and, upon"},{"line_number":124,"context_line":"  discovering an allocation of ``PTPM``, augment the guest\u0027s domain XML to"},{"line_number":125,"context_line":"  effect the passthrough of a TPM device."},{"line_number":126,"context_line":""},{"line_number":127,"context_line":".. todo:: Enumerate lifecycle methods and what happens. E.g. resize should be"},{"line_number":128,"context_line":"          fine, but live \u0026 cold migrate should be blocked. What about evacuate"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9fb8cfa7_398cd734","line":125,"updated":"2019-06-27 19:05:10.000000000","message":"And we have to make sure that we hard-pin a given TPM to a guest and NEVER hand it to another one in between reboots. This isn\u0027t like a GPU where after reboot, we can hand them to guests in whatever order as long as the type is the same. I would think we\u0027d need some hard persistence to be absolutely sure we don\u0027t eff that up, right?\n\nAlso, how many systems actually have more than one TPM? I thought it was kinda supposed to be one per system in the early days. I know they can be partitioned to some degree now, but, can we get a read from people that know current hardware on this?","commit_id":"ae9fc6726a55db3058afc3c8f6c5c9e783773eb2"},{"author":{"_account_id":6873,"name":"Matt Riedemann","email":"mriedem.os@gmail.com","username":"mriedem"},"change_message_id":"44e28bbd81c0ec3a1e7183cf7deffee3d66c6de7","unresolved":false,"context_lines":[{"line_number":124,"context_line":"  discovering an allocation of ``PTPM``, augment the guest\u0027s domain XML to"},{"line_number":125,"context_line":"  effect the passthrough of a TPM device."},{"line_number":126,"context_line":""},{"line_number":127,"context_line":".. todo:: Enumerate lifecycle methods and what happens. E.g. resize should be"},{"line_number":128,"context_line":"          fine, but live \u0026 cold migrate should be blocked. What about evacuate"},{"line_number":129,"context_line":"          (how to clean up orphaned devices on a post-evacuated server?),"},{"line_number":130,"context_line":"          shelve, pause, etc.? What happens to the device during a (guest or"},{"line_number":131,"context_line":"          host) reboot?"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9fb8cfa7_b37b0d8a","line":128,"range":{"start_line":127,"start_character":56,"end_line":128,"end_character":14},"updated":"2019-06-27 13:57:40.000000000","message":"You said above that migration won\u0027t be supported. Remember that resize \u003d\u003d cold migrate with a new flavor (though resize may potentially not move the server to another host depending on configuration and capacity).","commit_id":"ae9fc6726a55db3058afc3c8f6c5c9e783773eb2"},{"author":{"_account_id":14070,"name":"Eric Fried","email":"openstack@fried.cc","username":"efried"},"change_message_id":"e0e85ba905097c27a578f2ac83cdc0e8c55b3751","unresolved":false,"context_lines":[{"line_number":124,"context_line":"  discovering an allocation of ``PTPM``, augment the guest\u0027s domain XML to"},{"line_number":125,"context_line":"  effect the passthrough of a TPM device."},{"line_number":126,"context_line":""},{"line_number":127,"context_line":".. todo:: Enumerate lifecycle methods and what happens. E.g. resize should be"},{"line_number":128,"context_line":"          fine, but live \u0026 cold migrate should be blocked. What about evacuate"},{"line_number":129,"context_line":"          (how to clean up orphaned devices on a post-evacuated server?),"},{"line_number":130,"context_line":"          shelve, pause, etc.? What happens to the device during a (guest or"},{"line_number":131,"context_line":"          host) reboot?"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9fb8cfa7_bf1e6f09","line":128,"range":{"start_line":127,"start_character":56,"end_line":128,"end_character":14},"in_reply_to":"9fb8cfa7_b37b0d8a","updated":"2019-06-27 14:44:18.000000000","message":"Yeah, I knew I would be using the terminology wrong. I meant \"same host resize\". How do we spell that?","commit_id":"ae9fc6726a55db3058afc3c8f6c5c9e783773eb2"},{"author":{"_account_id":4393,"name":"Dan Smith","email":"dms@danplanet.com","username":"danms"},"change_message_id":"982f53ecdc4fa88273b615d05d67558ee5d45ffd","unresolved":false,"context_lines":[{"line_number":124,"context_line":"  discovering an allocation of ``PTPM``, augment the guest\u0027s domain XML to"},{"line_number":125,"context_line":"  effect the passthrough of a TPM device."},{"line_number":126,"context_line":""},{"line_number":127,"context_line":".. todo:: Enumerate lifecycle methods and what happens. E.g. resize should be"},{"line_number":128,"context_line":"          fine, but live \u0026 cold migrate should be blocked. What about evacuate"},{"line_number":129,"context_line":"          (how to clean up orphaned devices on a post-evacuated server?),"},{"line_number":130,"context_line":"          shelve, pause, etc.? What happens to the device during a (guest or"},{"line_number":131,"context_line":"          host) reboot?"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9fb8cfa7_285d6278","line":128,"range":{"start_line":127,"start_character":56,"end_line":128,"end_character":14},"in_reply_to":"9fb8cfa7_bf1e6f09","updated":"2019-06-27 21:27:45.000000000","message":"Are you saying we\u0027ll need special handling in the scheduler to constrain what would otherwise be a normal schedule to the same host if a TPM is passed through? Because if so, holy crap tight coupling batman. If not, I think it\u0027s better to just say \"no migration of any kind\" otherwise it\u0027s hard to make sure that a system is configured to allow this properly.\n\nAlso, I\u0027m not sure about this, but I think that even the same-host resize might be a little tricky. We need to redefine the domain in libvirt with new characteristics, but the same TPM device. I always have to re-learn this, but I\u0027m not sure how special-cased-for-same-host the libvirt resize code is.","commit_id":"ae9fc6726a55db3058afc3c8f6c5c9e783773eb2"}]}