From 94c03e8d6689d3d80100f2f7fc1f5a127787409a Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Mon, 22 Feb 2021 15:44:45 +0000 Subject: [PATCH] docs: Remove duplicate TPM extra spec info We have a perfectly good TPM guide. Enhance that, allowing us to remove the special section dedicated to this from the generic flavor docs. Change-Id: If484074c01595f747f9201b5ec12164779195b61 Signed-off-by: Stephen Finucane --- doc/source/admin/emulated-tpm.rst | 24 +++++++++++++++++------- doc/source/user/flavors.rst | 23 ----------------------- 2 files changed, 17 insertions(+), 30 deletions(-) diff --git a/doc/source/admin/emulated-tpm.rst b/doc/source/admin/emulated-tpm.rst index f1145c697487..5a1830e1a1ff 100644 --- a/doc/source/admin/emulated-tpm.rst +++ b/doc/source/admin/emulated-tpm.rst @@ -22,10 +22,6 @@ feature: * A `key manager service`__, such as `barbican`__, must be configured to store secrets used to encrypt the virtual device files at rest. -* QEMU version >= 2.11 (>= 2.12 is recommended) - -* Libvirt version >= 5.6.0 - * The swtpm__ binary and associated libraries__. * Set the :oslo.config:option:`libvirt.swtpm_enabled` config option to @@ -50,8 +46,10 @@ traits on the compute node's resource provider: Configuring a flavor or image ----------------------------- -A vTPM can be requested on a server via :ref:`flavor extra_specs ` -or image metadata properties. +A vTPM can be requested on a server via flavor extra specs or image metadata +properties. There are two versions supported - 1.2 and 2.0 - and two models - +TPM Interface Specification (TIS) and Command-Response Buffer (CRB). The CRB +model is only supported with version 2.0. .. list-table:: :header-rows: 1 @@ -68,6 +66,14 @@ or image metadata properties. - Specify the TPM model, ``tpm-tis`` (the default) or ``tpm-crb`` (only valid with version ``2.0``. +For example, to configure a flavor to use the TPM 2.0 with the CRB model: + +.. code-block:: console + + $ openstack flavor set $FLAVOR \ + --property hw:tpm_version=2.0 \ + --property hw:tpm_model=tpm-crb + Scheduling will fail if flavor and image supply conflicting values, or if model ``tpm-crb`` is requested with version ``1.2``. @@ -112,10 +118,14 @@ beyond the scope of this document. References ---------- +* `TCG PC Client Specific TPM Interface Specification (TIS)`__ +* `TCG PC Client Platform TPM Profile (PTP) Specification`__ * `QEMU docs on tpm`__ * `Libvirt XML to request emulated TPM device`__ * `Libvirt secret for usage type ``vtpm```__ -.. __: https://github.com/qemu/qemu/blob/stable-2.12/docs/specs/tpm.txt +.. __: https://trustedcomputinggroup.org/resource/pc-client-work-group-pc-client-specific-tpm-interface-specification-tis/ +.. __: https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/ +.. __: https://qemu.readthedocs.io/en/latest/specs/tpm.html .. __: https://libvirt.org/formatdomain.html#elementsTpm .. __: https://libvirt.org/formatsecret.html#vTPMUsageType diff --git a/doc/source/user/flavors.rst b/doc/source/user/flavors.rst index 7eb243478d78..7aa5b3889178 100644 --- a/doc/source/user/flavors.rst +++ b/doc/source/user/flavors.rst @@ -454,26 +454,3 @@ Numbered groupings of resource classes and traits __ https://specs.openstack.org/openstack/nova-specs/specs/rocky/implemented/granular-resource-requests.html .. versionadded:: 18.0.0 (Rocky) - -.. _vtpm-flavor: - -Emulated Virtual TPM - If supported by the compute host, you can add an :doc:`emulated trusted - platform module (TPM) ` to the guest OS. - - .. code:: console - - $ openstack flavor set FLAVOR-NAME \ - --property hw:tpm_version=$VERSION \ - --property hw:tpm_model=$MODEL - - ``hw:tpm_version`` is required to enable support. Valid ``$VERSION`` values - are: - - - ``1.2`` : Selects TPM version 1.2 support. - - ``2.0`` : Selects TPM version 2.0 support. - - ``hw:tpm_model`` is optional. Valid ``$MODEL`` values are: - - - ``tpm-tis``: Selects TIS device model. This is the default value. - - ``tpm-crb``: Selects CRB device model. Only valid for TPM version 2.0.