Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

As a user, I'd like to acquire system providing TPM #1191

Closed
happz opened this issue May 17, 2022 · 8 comments · Fixed by #1644
Closed

As a user, I'd like to acquire system providing TPM #1191

happz opened this issue May 17, 2022 · 8 comments · Fixed by #1644
Assignees
@psss
Labels
area | hardware Implementation of hardware requirements specification Metadata specification (core, tests, plans, stories)
Milestone
1.19

Comments

@happz
Copy link
Collaborator

happz commented May 17, 2022

As mentioned by @kkaarreell today, this is yet another HW requirement out there. See e.g. https://aws.amazon.com/blogs/aws/amazon-ec2-now-supports-nitrotpm-and-uefi-secure-boot/ for AWS, and there might be ways how to set up VMs accordingly (or request them) for other possible sources.

In any case, adding "requires TPM" should be documented as a HW requirement.
@happz happz added specification Metadata specification (core, tests, plans, stories) area | hardware Implementation of hardware requirements labels May 17, 2022
@kkaarreell
Copy link
Collaborator

Beaker currently implements TPM key/value pair, allowing me to filter relevant systems.
In particular I am using

  • TPM=2 to get any system with TPM v2 device
  • TPM=2 and hypervisor==KVM in order to get system with TPM v2 emulated and served through QEMU/KVM
  • TPM=2 and hypervisor!=KVM or hypervisor=='' in order to get bare-metal system with HW TPM v2

I would like to be able to specify similar requirements in Testing Farm so I can run my gating/regression tests without TCMS and wow

@happz
Copy link
Collaborator Author

happz commented Sep 1, 2022

FTR, there are TPM and TPM v2 available in AWS (https://aws.amazon.com/blogs/aws/amazon-ec2-now-supports-nitrotpm-and-uefi-secure-boot/), in theory available to Testing farm requests, therefore a generic specification would be valuable to support more than one pool in Artemis (and later tmt as well).

@kkaarreell
Copy link
Collaborator

kkaarreell commented Sep 1, 2022
edited
Loading

Also, one can emulate TPM in qemu using swtpm so maybe tmt provision -h virtual could prepare such a system.. however that would be rather another tmt feature.

@happz
Copy link
Collaborator Author

happz commented Sep 1, 2022

Also, one can emulate TPM in qemu using swtpm so maybe tmt provision -h virtual could prepare such a system.. however that would be rather another tmt feature.

Yeah, that's how it should work, in the ideal world: different provision plugins might support this tmt: 2 requirement, and deliver (artemis+AWS would pick fitting instance type, virtual would throw in a qemu option or two, etc.).

@psss psss added this to the 1.19 milestone Oct 25, 2022
@qcheng-redhat
Copy link
Contributor

FYI: Here is libvirt parameters for TPM device: https://libvirt.org/formatdomain.html#tpm-device

@happz
Copy link
Collaborator Author

happz commented Oct 26, 2022

FYI: Here is libvirt parameters for TPM device: https://libvirt.org/formatdomain.html#tpm-device

Nice! Thanks for the link, this is exactly what I knew must exist somewhere.

@psss psss self-assigned this Oct 27, 2022
psss added a commit that referenced this issue Oct 27, 2022
@psss
Add tpm as a new hardware specification key
5bea259 
Let's start with a simple implementation allowing to specify the
desired version, use extra dictionary level to allow future
extensions if needed.

Fix #1191.
@psss psss mentioned this issue Oct 27, 2022
Merged
@psss psss linked a pull request Oct 27, 2022 that will close this issue
Add tpm as a new hardware specification key #1644
Merged
psss added a commit that referenced this issue Oct 31, 2022
@psss
Add tpm as a new hardware specification key
cccf703 
Let's start with a simple implementation allowing to specify the
desired version, use extra dictionary level to allow future
extensions if needed.

Fix #1191.
psss added a commit that referenced this issue Oct 31, 2022
@psss
Add tpm as a new hardware specification key
44fc03d 
Let's start with a simple implementation allowing to specify the
desired version, use extra dictionary level to allow future
extensions if needed.

Fix #1191.
psss added a commit that referenced this issue Oct 31, 2022
@psss
Add tpm as a new hardware specification key
3e07806 
Let's start with a simple implementation allowing to specify the
desired version, use extra dictionary level to allow future
extensions if needed.

Fix #1191.
happz pushed a commit that referenced this issue Nov 2, 2022
@psss @happz
Add tpm as a new hardware specification key
1945539 
Let's start with a simple implementation allowing to specify the
desired version, use extra dictionary level to allow future
extensions if needed.

Fix #1191.
@psss psss closed this as completed in 2cc013b Nov 3, 2022
@kkaarreell
Copy link
Collaborator

@happz Hi, may I ask what is the status of TPM support filtering on the Artemis side?

@happz
Copy link
Collaborator Author

happz commented Dec 6, 2022

@happz Hi, may I ask what is the status of TPM support filtering on the Artemis side?

I'm afraid I forgot to look into it, sorry :( I'll try to get it to our staging instance this week.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@psss psss

Labels
area | hardware Implementation of hardware requirements specification Metadata specification (core, tests, plans, stories)
Projects
None yet
Milestone
1.19
Development

Successfully merging a pull request may close this issue.

Add tpm as a new hardware specification key teemtee/tmt
4 participants
@happz @psss @kkaarreell @qcheng-redhat