On Tue Oct 14, 2025 at 4:39 PM CEST, Fiona Ebner wrote: > Add infrastructure for doing FUSE exports via QEMU storage daemon. > This makes it possible to use non-raw formatted volumes for the TPM > state, by exposing it to swtpm as raw via FUSE. A QEMU storage daemon > instance is associated to a given VM. > > The swtpm_setup code tries to unlink files rather than just clear the > header like it does for block devices. FUSE exports cannot be > unlinked, align the behavior to also just remove the header for files. > > To have FUSE exports available, it's necessary to enable via QEMU > build flags. > > A new standard option for VM image formats is introduced and in the > end used for the TPM state drive. The need for that also came up > already in the past for setting a format override when restoring and > it's cleaner to use what the storage layer actually supports. > > Then there's two independent improvements for qemu-server. > > For the QMP client and wrappers, the QMP peer is better abstracted and > the QEMU storage daemon is added as a possible peer. > > Blockdev code is updated to also support attaching a drive to the QEMU > storage daemon rather than just the main QEMU instance for a VM. > > Then the QSD module is introduced and handling for TPM is added. > > Finally, non-raw formats are allowed in the schema for the TPM state > drive.
I have tested this for a few pre-existing and new VMs and it works like a charm, nice work! I've tested the following: - creating a VM with tpmstate0 as a raw image - creating a VM with tpmstate0 as a subvol - creating a VM with tpmstate0 as a qcow2 image - cloning a VM with tpmstate0 as a raw image - cloning a VM with tpmstate0 as a qcow2 image - templating a VM with tpmstate0 + cloning - moving qcow2 tmpstate0s between storages - converting existing raw tpmstate0 to qcow2 - converting qcow2 tpmstate0 back to raw image I installed Debian on the new VMs and used existing Debian and Windows VMs to test the templating / moving / converting ops and all of those worked as expected. As pointed out in the cover letter / swtpm patch, not applying that one will result in a failed VM start as it will try to unlink the FUSE export fs (which is exposed as a regular file). The qsd run files in /run/qemu-server/ were always cleaned up correctly (besides when sending SIGKILL to the VM's qsd process directly) and I didn't ran into qsd hanging when stopping the VM normally otherwise. I've tried my best to study the surrounding code that I didn't have much knowledge about yet (mainly setting up swtpm and the qmp cmd infrastructure), but didn't find any serious issues besides a few nits and the SIGKILL handling, so with the latter addressed consider this as: Reviewed-by: Daniel Kral <[email protected]> Tested-by: Daniel Kral <[email protected]> _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
