| ####################################### |
| Emulated Trusted Platform Module (vTPM) |
| ####################################### |
| |
| |
| The vTPM feature is enabled by default, so just verify and configure the flavor with |
| vTPM. |
| |
| Verify the configuration |
| ======================== |
| |
| Verify vTPM support by inspecting the traits on the compute node’s resource provider: |
| |
| .. code-block:: console |
| |
| $ COMPUTE_UUID=$(openstack resource provider list --name $HOST -f value -c uuid) |
| $ openstack resource provider trait list $COMPUTE_UUID | grep SECURITY_TPM |
| | COMPUTE_SECURITY_TPM_1_2 | |
| | COMPUTE_SECURITY_TPM_2_0 | |
| |
| $HOST represents the hostname of the compute node where you want to verify vTPM support. |
| |
| |
| Configuring a flavor or image |
| ============================= |
| |
| A vTPM can be requested on a server via flavor extra specs or image metadata properties. |
| There are two versions supported - 1.2 and 2.0 - and two models - TPM Interface |
| Specification (TIS) and Command-Response Buffer (CRB). The CRB model is only supported |
| with version 2.0. |
| |
| For example, to configure a flavor to use the TPM 2.0 with the CRB model: |
| |
| .. code-block:: console |
| |
| $ openstack flavor create test.vtpm \ |
| --ram 512 --disk 1 --vcpus 1 \ |
| --property hw:tpm_version=2.0 \ |
| --property hw:tpm_model=tpm-crb |
| |
| To configure a image to use the TPM 2.0 with CRB model: |
| |
| .. code-block:: console |
| |
| $ openstack image set <image-name-or-uuid> \ |
| --property hw:tpm_version=2.0 \ |
| --property hw:tpm_model=tpm-crb |
| |
| |
| Create an instance with vTPM |
| ============================ |
| With configuration complete, we can finally proceed to creating an instance. Simply create |
| an instance using the flavor we created previously. |