Am 14.11.25 um 13:03 schrieb Fiona Ebner: > Am 14.11.25 um 12:47 PM schrieb Thomas Lamprecht: >> Am 14.11.25 um 12:03 schrieb Fiona Ebner: >>> Yes, we will need to be careful down the line. A clean option is using >>> different QSD IDs for different tasks (the ID for a QSD can be any >>> string and does not need to be a VMID). Currently, we only use QSD for >>> EFI enrollment here and for TPM which are both part of the same start >>> task. I will add a comment to note this and that >>> ensure_ms_2023_cert_enrolled() may currently only be called as part of >>> VM start. >> >> >> Oh, and what I just noticed: the QSD is currently not running inside of >> the qemu.slice/$vmid.scope? >> >> Not a blocker at all now, but that might be nice to have to ensure it's >> resource (mainly memory) usage is accounted for. > > The one started for enrollment is not, but that one is very short-lived. > The one for started for swtpm should actually be? It's part of the > start_swtpm() function.
True, and as you say that's the more important one anyway due to running for the entire time such a VM is running. So fine as is for now, we can change this at anytime anyway. _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
