Add TPM support

[5aaee9]

pvedaemon call swtpm_setup to setup TPM support for vm.

This patch add swtpm support and Windows 11 vm is require TPM.

[JulienMalka]

Thank you ! Can you explain what the rationale was for producing swtpm_setup.conf so I know how to maintain it in the future ?

[5aaee9]

@JulienMalka

Proxmox hard-code path in there code https://github.com/proxmox/qemu-server/blob/master/PVE/QemuServer.pm#L3248

And the config file is from swtpm-tools https://github.com/stefanberger/swtpm/blob/v0.8.0/samples/swtpm_setup.conf.in

[mjm]

I found I still had some issues with swtpm with this PR as is. When migrating VMs, I needed to add swtpm to environment.systemPackages to make it available to (I think) other hosts calling it directly via SSH. And then I also needed to add it to the pve-guests service path to be able to start VMs with a TPM automatically on boot.

[mjm]

Seems like maybe qmeventsd needs it too? I get an error about swtpm_setup not being found in the start task when I reboot a VM, but starting it manually after that works fine. Maybe swtpm should just be in the wrapper for the pve-manager binaries, rather than on individual services?

[eljojo]

Hey I was trying to setup a windows VM, opened main...eljojo:proxmox-nixos:swtpm and only afterwards I saw this existed, your solution here is better.

In my case I think I got things to work by providing an empty swtmp config, you could try it:

environment.etc."swtpm_setup.conf" = {
        text = '' '';
      };

edit: no, it still breaks :(

swtpm: Formatting 'file:///dev/zvol/one_tera/vm-120-disk-1' as new linear NVRAM store
Failed to open file �/tmp/swtpm_setup.certs.1WJ8Z2/ek.cert�: No such file or directory
An error occurred. Authoring the TPM state failed.

running the command on the console to initialize TPM allows it to work.