Skip to content

Add Trusted Platform Module (TPM) support #185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rhjyoung wants to merge 17 commits into
base: master
Choose a base branch
from
Open

Add Trusted Platform Module (TPM) support #185

rhjyoung wants to merge 17 commits into from
+129 −0

Conversation

@rhjyoung
Copy link
Contributor

@rhjyoung rhjyoung commented Jan 8, 2026
edited
Loading

Add Trusted Platform Module (TPM) support

Signed-off-by: Jerone Young jyoung@redhat.com

@rhjyoung
Add Trusted Computing Module (TPM) support
0826ad3 
Signed-off-by: Jerone Young jyoung@redhat.com
@rhjyoung rhjyoung mentioned this pull request Jan 8, 2026
Open
@rhjyoung
Remove unneeded space in conditional in server.rb
95bd13f 
There was an unneeded space in the conditional.

Signed-off-by: Jerone Young <jyoung@redhat.com>
@rhjyoung
Fix ARM designation & Add ppc64le
bafbfc9 
Fix designation of ARM architecture and add ppc64le.

Signed-off-by: Jerone Young <jyoung@redhat.com
@rhjyoung
Add s390x support
7dc9085 
Add s390x support
 
Signed-off-by: Jerone Young <jyoung@redhat.com>
ekohl
ekohl reviewed Jan 12, 2026
View reviewed changes
Copy link
Contributor

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are just my first impressions. Haven't done actual testing on it.

lib/fog/libvirt/models/compute/tpm.rb Outdated
#
VERSIONS = ['1.2', '2.0'].freeze

def initialize(attributes = {}, arch = "")
Copy link
Contributor

@ekohl ekohl Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd normally keep the options at the end and even consider the following

Suggested change
def initialize(attributes = {}, arch = "")
def initialize(arch, **attributes)

Copy link
Contributor Author

@rhjyoung rhjyoung Jan 12, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can definitely move the order. But using **attributes breaks with the convention used in network.rb. Also Trying to change to ** attributes breaks the code.

rhjyoung and others added 13 commits January 12, 2026 05:39
@rhjyoung
Fix conditional & change argument order when creating new TPM object
bccb852 
Fix conditional & change argument order when creating new TPM object

Signed-off-by: Jerone Young <jyoung@redhat.com>
@rhjyoung
Redo argument initialization order and fix error calls.
83f2d5a 
Fix argument initialization order and fix error calls

Signed-off-by: Jerone Young <jyoung@redhat.com>
@rhjyoung
Fix errors in error calls
ae9378b 
Signed-off-by: Jerone Young <jyoung@redhat.com>
@rhjyoung
Convert conditional & fix trailing white space
87fc64d 
Signed-off-by: Jerone Young <jyoung@redhat.com>
@rhjyoung
Set id during initalization
bc256e1 
Signed-off-by: Jerone Young <jyoung@redhat.com>
@rhjyoung
Remove tpm id from defaults
6252824 
Signed-off-by: Jerone Young <jyoung@redhat.com>
@rhjyoung @ekohl
Update to check existence of tpm_device instead of tpm[:enable]
eda78c2 
Signed-off-by: Jerone Young <jyoung@redhat.com>

Co-authored-by: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
@rhjyoung
Fix ternary operation to match coding style
d0b8afb 
Signed-off-by: Jerone Young <jyoung@redhat.com>
@rhjyoung
Convert tpm to be value that can be boolean or hash value
003a5ac 
Signed-off-by: Jerone Young <jyoung@redhat.com>
@rhjyoung
Fix comment on conversion of tpm if not a hash value
6e9a84d 
Signed-off-by: Jerone Young <jyoung@redhat.com>
@rhjyoung
Set ppc64 default for passthrough device to tpm0
aeea352 
By default change ppc64 to tpm0. As tpmrm0 is to be used by spapr-tpm-proxy and not spapr in case of using passthrough option.

Signed-off-by: Jerone Young <jyoung@redhat.com>
@rhjyoung
Add support for ARM/aarch64 in big-endian mode
7473016 
Signed-off-by: Jerone Young <jyoung@redhat.com>
@rhjyoung
Add check for model type crb not supporting version 1.2
d48a77b 
Signed-off-by: Jerone Young <jyoung@redhat.com>
@rhjyoung rhjyoung changed the title Add Trusted Computing Module (TPM) support Add Trusted Platform Module (TPM) support Jan 15, 2026
@rhjyoung rhjyoung mentioned this pull request Jan 17, 2026
Draft
@rhjyoung
Copy link
Contributor Author

rhjyoung commented Jan 17, 2026

Created code for Foreman:
theforeman/foreman#10824

ekohl
ekohl reviewed Jan 17, 2026
View reviewed changes
Copy link
Contributor

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good to me. A quick test in tests/libvirt/models/compute/server_tests.rb tells me it works. I used this test:

test("with tpm set to true") do
  server = Fog::Libvirt::Compute::Server.new(
    {
      :tpm => true,
      :nics => [],
      :volumes => []
    }
  )
  xml = server.to_xml

  xml.include?('<tpm model="tpm-crb">') && xml.include?('<backend type="emulator" version="2.0"/>')
end

Then get the following XML:

<tpm model="tpm-crb">
  <backend type="emulator" version="2.0"/>
</tpm>

Is this what you'd expect?

@rhjyoung
Copy link
Contributor Author

rhjyoung commented Jan 19, 2026

Yeap for x86_64 that is the expected result.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ekohl ekohl ekohl left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rhjyoung @ekohl