From: Stefan Hajnoczi <stefanha@redhat.com>
To: Stefan Berger <stefanb@linux.ibm.com>
Cc: qemu-devel@nongnu.org, pkrempa@redhat.com
Subject: swtpm persistent state snapshots by copying .permall file
Date: Wed, 10 Sep 2025 17:08:49 -0400 [thread overview]
Message-ID: <20250910210849.GA379545@fedora> (raw)
[-- Attachment #1: Type: text/plain, Size: 1214 bytes --]
Hi Stefan,
I am investigating QEMU devices with persistent state like swtpm for a
specific snapshot use case. The VM is paused while disk images and other
persistent state files are snapshotted. This creates a crash-consistent
snapshot similar to booting after power failure on a real machine. No
RAM or volatile device state is collected.
My concern is how to ensure the swtpm's persistent state is captured as
consistently as possible, but I'm not very familiar with the code. I
wanted to run the following by you:
- Using --tpmstate dir= will write the persistent state to a new
temporary file and then atomically replace the old .permall file using
rename(2).
- If the VM is paused and a copy of the .permall file is taken, then
this copy is consistent. It may not reflect any in-progress changes
being written into a new temporary file, but that doesn't matter from
the snapshot point of view since the VM is paused and it hasn't seen
the completion of in-progress TPM operations.
- The .volatilestate and .savestate files do not need to be captured in
the snapshot since the goal is just to achieve crash consistency.
Does this sound reasonable or have I missed something?
Thanks,
Stefan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next reply other threads:[~2025-09-10 21:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-10 21:08 Stefan Hajnoczi [this message]
2025-09-10 23:13 ` swtpm persistent state snapshots by copying .permall file Stefan Berger
2025-09-11 10:23 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250910210849.GA379545@fedora \
--to=stefanha@redhat.com \
--cc=pkrempa@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).