136 private links
The specific use case for a vTPM on vSphere is to support Windows 10 and 2016 security features. The HTML5 UI is designed with this in mind. Enablement of VBS does not require a vTPM.
Enablement of vTPM for any VM other than Windows 10 and 2016 is done via API. More on that in the future.
Let’s get a question I get asked about out of the way up front.
“Does this mean I can run Bitlocker on a Windows VM now?!”
Well, technically, all the parts are now there to run Bitlocker but I have to ask “Why??”. Remember, in order to enable vTPM you have to already have VM Encryption!
This means you already have a virtual machine encryption solution that’s easy to manage and works for every virtual machine that’s supported on vSphere, regardless of the guest operating system. Not to mention, you don’t have to manage the encryption “in guest” which lowers your overall workload significantly. #NoSecuritySnowflakes
If you want to test software which exploits TPM 2.0 functionality inside the qemu-kvm emulator, this can be challenging because the software stack is still quite new. Here is how I did it.
To login to the vm run: virsh console test
Please then complete the following steps:
dhclient should get an address for the vm
dnf install tpm2-tools tpm2-tss tpm2-abrmd
Then run the abrmd as root:
/usr/sbin/tpm2-abrmd --allow-root &
You should now be able to query the tpm with a command such as tpm2_pcrlist
Convert VMDKs (VM's disk), even when having multiple files, to qcow2 format (note: QVM/QEMU should be able to deal with vmdk files (multiple as well?), so possibly this step is redundant):
qemu-img convert <vmdk wildcard> <qcow2 file>
1
qemu-img convert <vmdk wildcard> <qcow2 file>
Convert the vmx (VM's settings) to xml (requires vmware2libvirt tool found in virt-goodies package)
vmware2libvirt -f <source.vmx> > target.xml
1
vmware2libvirt -f <source.vmx> > target.xml
import the xml:
virsh -c qemu:///system define file.xml
1
virsh -c qemu:///system define file.xml
The Kernel-based Virtual Machine (KVM) topic contains information about using KVM on IBM® systems
You can store virtual disk images in a location other than the /var/lib/libvirt/images directory.
The following information applies to KVM environments that are running Red Hat Enterprise Linux 5.6 or 6.
To store virtual disk images in a customized location, complete the following steps:
This doc set contains info about using #KVM for #virtualization on #IBM systems: best practices, tuning, FAQs etc: http://t.co/msx4Ik1Z