[stable/2023.1] [CLOUDOPS-563]  Enable Emulated-TPM (#2097)

This is an automated cherry-pick of #2089
/assign larainema
diff --git a/images/nova/Dockerfile b/images/nova/Dockerfile
index bd5641c..5f64afe 100644
--- a/images/nova/Dockerfile
+++ b/images/nova/Dockerfile
@@ -28,7 +28,7 @@
 RUN <<EOF bash -xe
 apt-get update -qq
 apt-get install -qq -y --no-install-recommends \
-    ceph-common genisoimage iproute2 libosinfo-bin lsscsi ndctl nvme-cli openssh-client ovmf python3-libvirt python3-rados python3-rbd qemu-efi-aarch64 qemu-block-extra qemu-utils sysfsutils udev util-linux
+    ceph-common genisoimage iproute2 libosinfo-bin lsscsi ndctl nvme-cli openssh-client ovmf python3-libvirt python3-rados python3-rbd qemu-efi-aarch64 qemu-block-extra qemu-utils sysfsutils udev util-linux swtpm swtpm-tools libtpms0
 apt-get clean
 rm -rf /var/lib/apt/lists/*
 EOF
diff --git a/roles/nova/vars/main.yml b/roles/nova/vars/main.yml
index ca4d3e0..b9fb880 100644
--- a/roles/nova/vars/main.yml
+++ b/roles/nova/vars/main.yml
@@ -101,6 +101,9 @@
         # TODO(mnaser): We should enable this once we figure out how to "inject"
         #               the certificates into the existing "qemu-kvm" processes.
         # live_migration_with_native_tls: true
+        swtpm_enabled: true
+        swtpm_user: swtpm
+        swtpm_group: swtpm
       neutron:
         metadata_proxy_shared_secret: "{{ openstack_helm_endpoints['compute_metadata']['secret'] }}"
       oslo_messaging_notifications: