You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/virt-about-vtpm-devices.adoc
+17-3Lines changed: 17 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,6 +16,20 @@ from a Windows 11 image to function without a physical TPM chip.
16
16
If you do not enable vTPM, then the VM does not recognize a TPM device, even if
17
17
the node has one.
18
18
19
-
vTPM devices also protect virtual machines by temporarily storing secrets
20
-
without physical hardware. However, using vTPM for persistent secret storage is
21
-
not currently supported. vTPM discards stored secrets after a VM shuts down.
19
+
A vTPM device also protects virtual machines by storing secrets without physical hardware. {VirtProductName} supports persisting vTPM device state by using Persistent Volume Claims (PVCs) for VMs. You must specify the storage class to be used by the PVC by setting the `vmStateStorageClass` attribute in the `HyperConverged` custom resource (CR):
20
+
21
+
[source,yaml]
22
+
----
23
+
kind: HyperConverged
24
+
metadata:
25
+
name: kubevirt-hyperconverged
26
+
spec:
27
+
vmStateStorageClass: <storage_class_name>
28
+
29
+
# ...
30
+
----
31
+
32
+
[NOTE]
33
+
====
34
+
The storage class must be of type `Filesystem` and support the `ReadWriteMany` (RWX) access mode.
Copy file name to clipboardExpand all lines: modules/virt-adding-vtpm-to-vm.adoc
+10-4Lines changed: 10 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,11 @@
8
8
9
9
Adding a virtual Trusted Platform Module (vTPM) device to a virtual machine
10
10
(VM) allows you to run a VM created from a Windows 11 image without a physical
11
-
TPM device. A vTPM device also temporarily stores secrets for that VM.
11
+
TPM device. A vTPM device also stores secrets for that VM.
12
+
13
+
.Prerequisites
14
+
* You have installed the OpenShift CLI (`oc`).
15
+
* You have configured a Persistent Volume Claim (PVC) to use a storage class of type `Filesystem` that supports the `ReadWriteMany` (RWX) access mode. This is necessary for the vTPM device data to persist across VM reboots.
12
16
13
17
.Procedure
14
18
@@ -19,7 +23,7 @@ TPM device. A vTPM device also temporarily stores secrets for that VM.
19
23
$ oc edit vm <vm_name>
20
24
----
21
25
22
-
. Edit the VM `spec` so that it includes the `tpm: {}` line. For example:
26
+
. Edit the VM specification to add the vTPM device. For example:
23
27
+
24
28
[source,yaml]
25
29
----
@@ -32,10 +36,12 @@ spec:
32
36
spec:
33
37
domain:
34
38
devices:
35
-
tpm: {} <1>
39
+
tpm: <1>
40
+
persistent: true <2>
36
41
# ...
37
42
----
38
-
<1> Adds the TPM device to the VM.
43
+
<1> Adds the vTPM device to the VM.
44
+
<2> Specifies that the vTPM device state persists after the VM is shut down. The default value is `false`.
39
45
40
46
. To apply your changes, save and exit the editor.
0 commit comments