Can xcp-ng utilize TPM 2.0 via passthrough or does TPM only work via vTPM?
-
I am purchasing several Dell Servers soon and would like to utilize the included TPM 2.0 module. However, I am unsure if xcp-ng will actually use the module or just use vTPM via passthrough. If it can't use the TPM module then I would rather not pay for the module and I will have it removed.
-
You'll be able to utilize the built in chip, for anyone else that doesn't have a TPM2.0 chip the virtual chip would be used.
And for what its worth, I would recommend the physical chip over the virtualized one.
-
@DustinB Thanks for the reply! That helps me out very much.
-
Thanks for this interesting discussion.
@DustinB In your understanding, does using a built-in chip limit Windows 11 VM (for example) host migrations?
Said another way, is vTPM recommended/required for VMs that will potentially run on multiple hosts?
-
There's no other way to virtualize a device if it's shared between multiple VMs and requires VM to move. Like any PCI passthrough device for example.
-
@olivierlambert Thank you, that was my understanding from reading the documentation - in which case, for multiple host / VM migration scenarios, a physical TPM2 chip is of no benefit - and thus not required?
Per: https://xcp-ng.org/forum/topic/7487/vtpm-support-requirements, Stormi (in June of 2023) has confirmed that a physical TPM hardware module is not required for vTPM. I assume, when buying host hardware for Windows VMs, it is correct to count on this for the future as well.
-
That's correct, no need for a physical TPM for your VMs.
-
@olivierlambert Thank you - appreciate for the confirmation.
