Re: [PR] vTPM: support KVM and VMware [cloudstack]

via GitHub Thu, 13 Mar 2025 06:39:08 -0700


DaanHoogland commented on code in PR #10543:
URL: https://github.com/apache/cloudstack/pull/10543#discussion_r1993538100



##########
plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/vmware/resource/VmwareResource.java:
##########
@@ -3203,6 +3209,50 @@ protected void 
configureSpecVideoCardNewVRamSize(VirtualMachineVideoCard videoCa
         vmConfigSpec.getDeviceChange().add(arrayVideoCardConfigSpecs);
     }
 
+    /**
+     * Add or Remove virtual TPM module
+     *
+     * @param vmMo         virtual machine mo
+     * @param vmSpec       virtual machine specs
+     * @param vmConfigSpec virtual machine config spec
+     * @throws Exception exception
+     */
+    protected void configureVirtualTPM(VirtualMachineMO vmMo, VirtualMachineTO 
vmSpec, VirtualMachineConfigSpec vmConfigSpec, String bootMode) throws 
Exception {
+        String bootType = 
vmSpec.getDetails().getOrDefault(ApiConstants.BootType.UEFI.toString(), null);
+        String virtualTPMEnabled = 
vmSpec.getDetails().getOrDefault(VmDetailConstants.VIRTUAL_TPM_ENABLED, null);
+        if (StringUtils.isNotBlank(bootMode) && 
!bootMode.equalsIgnoreCase("bios")
+                && "secure".equalsIgnoreCase(bootType)
+                && Boolean.parseBoolean(virtualTPMEnabled)) {
+            logger.debug("Adding Virtual TPM device");
+            for (VirtualDevice device : vmMo.getAllDeviceList()) {
+                if (device instanceof VirtualTPM) {
+                    return;
+                }
+            }
+            Description description = new Description();
+            description.setSummary("Trusted Platform Module");
+            description.setLabel("Trusted Platform Module");
+            VirtualTPM virtualTPM = new VirtualTPM();
+            virtualTPM.setDeviceInfo(description);
+            VirtualDeviceConfigSpec deviceConfigSpec = new 
VirtualDeviceConfigSpec();
+            deviceConfigSpec.setDevice(virtualTPM);
+            
deviceConfigSpec.setOperation(VirtualDeviceConfigSpecOperation.ADD);
+            vmConfigSpec.getDeviceChange().add(deviceConfigSpec);
+        } else {
+            logger.debug(String.format("Virtual TPM device is not enabled. It 
is only enabled when boot type is SECURE (actually %s) and vTPM is enabled 
(actually %s)", bootType, virtualTPMEnabled));
+            for (VirtualDevice device : vmMo.getAllDeviceList()) {
+                if (device instanceof VirtualTPM) {
+                    VirtualTPM virtualTPM = (VirtualTPM) device;
+                    VirtualDeviceConfigSpec virtualDeviceConfigSpec = new 
VirtualDeviceConfigSpec();
+                    virtualDeviceConfigSpec.setDevice(virtualTPM);
+                    
virtualDeviceConfigSpec.setOperation(VirtualDeviceConfigSpecOperation.REMOVE);
+                    
vmConfigSpec.getDeviceChange().add(virtualDeviceConfigSpec);
+                }
+            }

Review Comment:
   extra method



##########
plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/vmware/resource/VmwareResource.java:
##########
@@ -3203,6 +3209,50 @@ protected void 
configureSpecVideoCardNewVRamSize(VirtualMachineVideoCard videoCa
         vmConfigSpec.getDeviceChange().add(arrayVideoCardConfigSpecs);
     }
 
+    /**
+     * Add or Remove virtual TPM module
+     *
+     * @param vmMo         virtual machine mo
+     * @param vmSpec       virtual machine specs
+     * @param vmConfigSpec virtual machine config spec
+     * @throws Exception exception
+     */
+    protected void configureVirtualTPM(VirtualMachineMO vmMo, VirtualMachineTO 
vmSpec, VirtualMachineConfigSpec vmConfigSpec, String bootMode) throws 
Exception {
+        String bootType = 
vmSpec.getDetails().getOrDefault(ApiConstants.BootType.UEFI.toString(), null);
+        String virtualTPMEnabled = 
vmSpec.getDetails().getOrDefault(VmDetailConstants.VIRTUAL_TPM_ENABLED, null);
+        if (StringUtils.isNotBlank(bootMode) && 
!bootMode.equalsIgnoreCase("bios")
+                && "secure".equalsIgnoreCase(bootType)
+                && Boolean.parseBoolean(virtualTPMEnabled)) {
+            logger.debug("Adding Virtual TPM device");
+            for (VirtualDevice device : vmMo.getAllDeviceList()) {
+                if (device instanceof VirtualTPM) {
+                    return;
+                }
+            }
+            Description description = new Description();
+            description.setSummary("Trusted Platform Module");
+            description.setLabel("Trusted Platform Module");
+            VirtualTPM virtualTPM = new VirtualTPM();
+            virtualTPM.setDeviceInfo(description);
+            VirtualDeviceConfigSpec deviceConfigSpec = new 
VirtualDeviceConfigSpec();
+            deviceConfigSpec.setDevice(virtualTPM);
+            
deviceConfigSpec.setOperation(VirtualDeviceConfigSpecOperation.ADD);

Review Comment:
   extra method?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] vTPM: support KVM and VMware [cloudstack]

Reply via email to