RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1855367 - [RFE] Support for TPM in memory snapshots
Summary: [RFE] Support for TPM in memory snapshots
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: libvirt
Version: 9.1
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: pre-dev-freeze
: ---
Assignee: Virtualization Maintenance
QA Contact: Yanqiu Zhang
URL:
Whiteboard:
: 1855364 (view as bug list)
Depends On:
Blocks: 1956115
TreeView+ depends on / blocked
 
Reported: 2020-07-09 16:47 UTC by Milan Zamazal
Modified: 2023-02-23 07:27 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-02-23 07:27:41 UTC
Type: Feature Request
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Milan Zamazal 2020-07-09 16:47:06 UTC 
Emulated TPM devices, including TPM data storage, are handled with the external help of swtpm. When a memory snapshot is created, TPM state and data from swtpm must be stored as well and then provided when the VM is restored from the snapshot. To my knowledge, libvirt currently doesn't handle TPM data in memory snapshots and it doesn't provide a mechanism to copy swtpm data manually while ensuring their consistency with the snapshot.

In order to be able to make memory snapshots of VMs containing emulated TPM devices without risking errors, mismatches or data loss, libvirt support for TPM data in snapshots is needed.
Comment 1 Jaroslav Suchanek 2020-07-10 09:05:17 UTC 
*** Bug 1855364 has been marked as a duplicate of this bug. ***
Comment 3 John Ferlan 2021-09-08 13:19:40 UTC 
Bulk update - Move RHEL-AV bugs to RHEL
Comment 6 RHEL Program Management 2022-01-09 07:26:57 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.
Comment 7 zhoujunqin 2022-08-19 08:11:21 UTC 
The bug issue still exists.

Steps:
Red Hat Virtualization Manager Web Administration
Software Version:4.5.2.1-0.1.el8ev

RHV node:
vdsm-4.50.1.4-1.el8ev.x86_64
libvirt-8.0.0-10.module+el8.7.0+16047+746a126c.x86_64
kernel-4.18.0-416.el8.x86_64
qemu-kvm-6.2.0-18.module+el8.7.0+15999+d24f860e.x86_64

1. Prepare a running VM with TPM device enabled.
2. Left-click the VM and then right-click and select 'Create Snapshot'
3. Keep the default setting in the popup 'Create Snapshot' window, and fill the name into the 'Description', then click 'OK'.

Test result: Failed to create snapshot with checking 'Saving memory'.
"""
Operation Canceled
Error while executing action:

test-tpm:
Cannot create Snapshot. VM has a TPM device attached.
"""


And I have noticed that this bug has been closed automatically, and do you plan to fix it, thanks.
Comment 8 Milan Zamazal 2022-08-19 08:24:45 UTC 
As this RFE hasn't been implemented by the platform, RHV won't support this feature.
Comment 9 zhoujunqin 2022-08-19 09:53:32 UTC 
Hi Peter, 
Could you help have a look at the previous comments, thanks?

BR,
juzhou.
Comment 10 Yanqiu Zhang 2022-08-22 08:50:11 UTC 
Hi junqin,
I asked Jaroslav and Michal for helping evaluating.
RHV won't use it, CNV might not be interested in memory snapshots yet. And for migration: live-migration is about having the swtpm state on a shared disk and there are some issues with locking the state files.

So no need to fix it currently.
Please just regard the error you encountered as expected. Thank you!
Comment 11 Arik 2022-08-22 09:41:51 UTC 
(In reply to yanqzhan from comment #10)
> And for migration: live-migration is about having the swtpm state on a shared
> disk and there are some issues with locking the state files.

Milan, we migrate VMs with TPM while the swtpm state is not placed on a shared disk, no?
Comment 13 Milan Zamazal 2022-08-31 07:34:54 UTC 
(In reply to Arik from comment #11)
> (In reply to yanqzhan from comment #10)
> > And for migration: live-migration is about having the swtpm state on a shared
> > disk and there are some issues with locking the state files.
> 
> Milan, we migrate VMs with TPM while the swtpm state is not placed on a
> shared disk, no?

Yes, swtpm data is stored on a local file system and the transfer is handled transparently by libvirt.
Comment 17 RHEL Program Management 2023-02-23 07:27:41 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.
Note You need to log in before you can comment on or make changes to this bug.