docs: Remove duplicate TPM extra spec info
We have a perfectly good TPM guide. Enhance that, allowing us to remove the special section dedicated to this from the generic flavor docs. Change-Id: If484074c01595f747f9201b5ec12164779195b61 Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This commit is contained in:
parent
777c02485f
commit
94c03e8d66
@ -22,10 +22,6 @@ feature:
|
|||||||
* A `key manager service`__, such as `barbican`__, must be configured to store
|
* A `key manager service`__, such as `barbican`__, must be configured to store
|
||||||
secrets used to encrypt the virtual device files at rest.
|
secrets used to encrypt the virtual device files at rest.
|
||||||
|
|
||||||
* QEMU version >= 2.11 (>= 2.12 is recommended)
|
|
||||||
|
|
||||||
* Libvirt version >= 5.6.0
|
|
||||||
|
|
||||||
* The swtpm__ binary and associated libraries__.
|
* The swtpm__ binary and associated libraries__.
|
||||||
|
|
||||||
* Set the :oslo.config:option:`libvirt.swtpm_enabled` config option to
|
* Set the :oslo.config:option:`libvirt.swtpm_enabled` config option to
|
||||||
@ -50,8 +46,10 @@ traits on the compute node's resource provider:
|
|||||||
Configuring a flavor or image
|
Configuring a flavor or image
|
||||||
-----------------------------
|
-----------------------------
|
||||||
|
|
||||||
A vTPM can be requested on a server via :ref:`flavor extra_specs <vtpm-flavor>`
|
A vTPM can be requested on a server via flavor extra specs or image metadata
|
||||||
or image metadata properties.
|
properties. There are two versions supported - 1.2 and 2.0 - and two models -
|
||||||
|
TPM Interface Specification (TIS) and Command-Response Buffer (CRB). The CRB
|
||||||
|
model is only supported with version 2.0.
|
||||||
|
|
||||||
.. list-table::
|
.. list-table::
|
||||||
:header-rows: 1
|
:header-rows: 1
|
||||||
@ -68,6 +66,14 @@ or image metadata properties.
|
|||||||
- Specify the TPM model, ``tpm-tis`` (the default) or ``tpm-crb`` (only
|
- Specify the TPM model, ``tpm-tis`` (the default) or ``tpm-crb`` (only
|
||||||
valid with version ``2.0``.
|
valid with version ``2.0``.
|
||||||
|
|
||||||
|
For example, to configure a flavor to use the TPM 2.0 with the CRB model:
|
||||||
|
|
||||||
|
.. code-block:: console
|
||||||
|
|
||||||
|
$ openstack flavor set $FLAVOR \
|
||||||
|
--property hw:tpm_version=2.0 \
|
||||||
|
--property hw:tpm_model=tpm-crb
|
||||||
|
|
||||||
Scheduling will fail if flavor and image supply conflicting values, or if model
|
Scheduling will fail if flavor and image supply conflicting values, or if model
|
||||||
``tpm-crb`` is requested with version ``1.2``.
|
``tpm-crb`` is requested with version ``1.2``.
|
||||||
|
|
||||||
@ -112,10 +118,14 @@ beyond the scope of this document.
|
|||||||
References
|
References
|
||||||
----------
|
----------
|
||||||
|
|
||||||
|
* `TCG PC Client Specific TPM Interface Specification (TIS)`__
|
||||||
|
* `TCG PC Client Platform TPM Profile (PTP) Specification`__
|
||||||
* `QEMU docs on tpm`__
|
* `QEMU docs on tpm`__
|
||||||
* `Libvirt XML to request emulated TPM device`__
|
* `Libvirt XML to request emulated TPM device`__
|
||||||
* `Libvirt secret for usage type ``vtpm```__
|
* `Libvirt secret for usage type ``vtpm```__
|
||||||
|
|
||||||
.. __: https://github.com/qemu/qemu/blob/stable-2.12/docs/specs/tpm.txt
|
.. __: https://trustedcomputinggroup.org/resource/pc-client-work-group-pc-client-specific-tpm-interface-specification-tis/
|
||||||
|
.. __: https://trustedcomputinggroup.org/resource/pc-client-platform-tpm-profile-ptp-specification/
|
||||||
|
.. __: https://qemu.readthedocs.io/en/latest/specs/tpm.html
|
||||||
.. __: https://libvirt.org/formatdomain.html#elementsTpm
|
.. __: https://libvirt.org/formatdomain.html#elementsTpm
|
||||||
.. __: https://libvirt.org/formatsecret.html#vTPMUsageType
|
.. __: https://libvirt.org/formatsecret.html#vTPMUsageType
|
||||||
|
@ -454,26 +454,3 @@ Numbered groupings of resource classes and traits
|
|||||||
__ https://specs.openstack.org/openstack/nova-specs/specs/rocky/implemented/granular-resource-requests.html
|
__ https://specs.openstack.org/openstack/nova-specs/specs/rocky/implemented/granular-resource-requests.html
|
||||||
|
|
||||||
.. versionadded:: 18.0.0 (Rocky)
|
.. versionadded:: 18.0.0 (Rocky)
|
||||||
|
|
||||||
.. _vtpm-flavor:
|
|
||||||
|
|
||||||
Emulated Virtual TPM
|
|
||||||
If supported by the compute host, you can add an :doc:`emulated trusted
|
|
||||||
platform module (TPM) </admin/emulated-tpm>` to the guest OS.
|
|
||||||
|
|
||||||
.. code:: console
|
|
||||||
|
|
||||||
$ openstack flavor set FLAVOR-NAME \
|
|
||||||
--property hw:tpm_version=$VERSION \
|
|
||||||
--property hw:tpm_model=$MODEL
|
|
||||||
|
|
||||||
``hw:tpm_version`` is required to enable support. Valid ``$VERSION`` values
|
|
||||||
are:
|
|
||||||
|
|
||||||
- ``1.2`` : Selects TPM version 1.2 support.
|
|
||||||
- ``2.0`` : Selects TPM version 2.0 support.
|
|
||||||
|
|
||||||
``hw:tpm_model`` is optional. Valid ``$MODEL`` values are:
|
|
||||||
|
|
||||||
- ``tpm-tis``: Selects TIS device model. This is the default value.
|
|
||||||
- ``tpm-crb``: Selects CRB device model. Only valid for TPM version 2.0.
|
|
||||||
|
Loading…
Reference in New Issue
Block a user