Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 57490e40d9f96d79d734a528fcaed24a7bb61357^! / .
commit57490e40d9f96d79d734a528fcaed24a7bb61357[log] [tgz]
authorvexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com>Thu Dec 12 21:42:59 2024 -0500
committerGitHub <noreply@github.com>Fri Dec 13 02:42:59 2024 +0000
tree20a218ac5b78821b696201958fe096cf866d03ec
parenta51334fa00fab3ae6b5d593e10b1ed39cd345484 [diff]
[stable/2023.1] [CLOUDOPS-563] Add Emulated TPM Doc (#2204)

This is an automated cherry-pick of #2088
/assign mnaser
diff --git a/doc/source/admin/emulated-tpm.rst b/doc/source/admin/emulated-tpm.rst
new file mode 100644
index 0000000..05e0a55
--- /dev/null
+++ b/doc/source/admin/emulated-tpm.rst

@@ -0,0 +1,53 @@
+#######################################
+Emulated Trusted Platform Module (vTPM)
+#######################################
+
+
+The vTPM feature is enabled by default, so just verify and configure the flavor with
+vTPM.
+
+Verify the configuration
+========================
+
+Verify vTPM support by inspecting the traits on the compute node’s resource provider:
+
+.. code-block:: console
+
+ $ COMPUTE_UUID=$(openstack resource provider list --name $HOST -f value -c uuid)
+ $ openstack resource provider trait list $COMPUTE_UUID | grep SECURITY_TPM
+ | COMPUTE_SECURITY_TPM_1_2 |
+ | COMPUTE_SECURITY_TPM_2_0 |
+
+$HOST represents the hostname of the compute node where you want to verify vTPM support.
+
+
+Configuring a flavor or image
+=============================
+
+A vTPM can be requested on a server via flavor extra specs or image metadata properties.
+There are two versions supported - 1.2 and 2.0 - and two models - TPM Interface
+Specification (TIS) and Command-Response Buffer (CRB). The CRB model is only supported
+with version 2.0.
+
+For example, to configure a flavor to use the TPM 2.0 with the CRB model:
+
+.. code-block:: console
+
+   $ openstack flavor create test.vtpm \
+    --ram 512 --disk 1 --vcpus 1  \
+    --property hw:tpm_version=2.0 \
+    --property hw:tpm_model=tpm-crb
+
+To configure a image to use the TPM 2.0 with CRB model:
+
+.. code-block:: console
+
+   $ openstack image set <image-name-or-uuid> \
+    --property hw:tpm_version=2.0 \
+    --property hw:tpm_model=tpm-crb
+
+
+Create an instance with vTPM
+============================
+With configuration complete, we can finally proceed to creating an instance. Simply create
+an instance using the flavor we created previously.

diff --git a/doc/source/admin/index.rst b/doc/source/admin/index.rst
index 2232882..b149543 100644
--- a/doc/source/admin/index.rst
+++ b/doc/source/admin/index.rst

@@ -14,6 +14,7 @@
    :maxdepth: 2
 
    ceph
+   emulated-tpm
    integration
    maintenance
    monitoring