Merge branch 'zsv-ldap' into 'feature-zsv-5.0.0-vm-support-vtpm-and-secuceboot'

gitlab · gitlab · commit 730d0618f22f · 2026-03-26T01:25:12.000Z
&lt;feature&gt;[kvm]: reset TPM state after VM clone

See merge request zstackio/zstack!9458
diff --git a/compute/src/main/java/org/zstack/compute/vm/VmInstanceBase.java b/compute/src/main/java/org/zstack/compute/vm/VmInstanceBase.java
@@ -45,6 +45,7 @@
 import org.zstack.header.message.*;
 import org.zstack.header.network.l3.*;
 import org.zstack.header.storage.primary.*;
+import org.zstack.header.tpm.TpmConstants;
 import org.zstack.header.vm.*;
 import org.zstack.header.vm.ChangeVmMetaDataMsg.AtomicHostUuid;
 import org.zstack.header.vm.ChangeVmMetaDataMsg.AtomicVmState;
@@ -56,6 +57,7 @@
 import org.zstack.header.vm.VmInstanceSpec.CdRomSpec;
 import org.zstack.header.vm.VmInstanceSpec.HostName;
 import org.zstack.header.vm.VmInstanceSpec.IsoSpec;
+import org.zstack.header.vm.additions.ResetVmTpmMsg;
 import org.zstack.header.vm.cdrom.*;
 import org.zstack.header.vm.devices.VmInstanceResourceMetadataManager;
 import org.zstack.header.vo.ResourceVO;
@@ -3561,6 +3563,40 @@ public void run(MessageReply reply) {
                     }
                 });
 
+                flow(new NoRollbackFlow() {
+                    String __name__ = "reset-vm-tpm";
+
+                    @Override
+                    public boolean skip(Map data) {
+                        boolean resetTpm;
+                        if (msg.getResetTpm() == null) {
+                            resetTpm = rcf.getResourceConfigValue(
+                                    VmGlobalConfig.RESET_TPM_AFTER_VM_CLONE,
+                                    msg.getVmInstanceUuid(), Boolean.class);
+                        } else {
+                            resetTpm = msg.getResetTpm();
+                        }
+                        return !resetTpm;
+                    }
+
+                    @Override
+                    public void run(FlowTrigger trigger, Map map) {
+                        ResetVmTpmMsg rmsg = new ResetVmTpmMsg();
+                        rmsg.setVmInstanceUuid(msg.getVmInstanceUuid());
+                        bus.makeLocalServiceId(rmsg, TpmConstants.SERVICE_ID);
+                        bus.send(rmsg, new CloudBusCallBack(trigger) {
+                            @Override
+                            public void run(MessageReply reply) {
+                                if (!reply.isSuccess()) {
+                                    trigger.fail(reply.getError());
+                                    return;
+                                }
+                                trigger.next();
+                            }
+                        });
+                    }
+                });
+
                 flow(new NoRollbackFlow() {
                     String __name__ = "update-vm-name";
 
diff --git a/header/src/main/java/org/zstack/header/vm/additions/ResetVmTpmMsg.java b/header/src/main/java/org/zstack/header/vm/additions/ResetVmTpmMsg.java
@@ -0,0 +1,15 @@
+package org.zstack.header.vm.additions;
+
+import org.zstack.header.message.NeedReplyMessage;
+
+public class ResetVmTpmMsg extends NeedReplyMessage {
+    private String vmInstanceUuid;
+
+    public String getVmInstanceUuid() {
+        return vmInstanceUuid;
+    }
+
+    public void setVmInstanceUuid(String vmInstanceUuid) {
+        this.vmInstanceUuid = vmInstanceUuid;
+    }
+}
diff --git a/header/src/main/java/org/zstack/header/vm/additions/ResetVmTpmReply.java b/header/src/main/java/org/zstack/header/vm/additions/ResetVmTpmReply.java
@@ -0,0 +1,6 @@
+package org.zstack.header.vm.additions;
+
+import org.zstack.header.message.MessageReply;
+
+public class ResetVmTpmReply extends MessageReply {
+}
diff --git a/plugin/kvm/src/main/java/org/zstack/kvm/tpm/KvmTpmManager.java b/plugin/kvm/src/main/java/org/zstack/kvm/tpm/KvmTpmManager.java
@@ -44,6 +44,10 @@
 import org.zstack.header.tpm.message.RemoveTpmReply;
 import org.zstack.header.vm.VmInstanceVO;
 import org.zstack.header.vm.VmInstanceVO_;
+import org.zstack.header.vm.additions.ResetVmTpmMsg;
+import org.zstack.header.vm.additions.ResetVmTpmReply;
+import org.zstack.header.vm.additions.VmHostBackupFileVO;
+import org.zstack.header.vm.additions.VmHostBackupFileVO_;
 import org.zstack.header.vm.additions.VmHostFileInventory;
 import org.zstack.header.vm.additions.VmHostFileType;
 import org.zstack.header.vm.additions.VmHostFileVO;
@@ -120,6 +124,8 @@ private void handleLocalMessage(Message msg) {
             handle((RemoveTpmMsg) msg);
         } else if (msg instanceof CloneVmTpmMsg) {
             handle((CloneVmTpmMsg) msg);
+        } else if (msg instanceof ResetVmTpmMsg) {
+            handle((ResetVmTpmMsg) msg);
         } else {
             bus.dealWithUnknownMessage(msg);
         }
@@ -420,6 +426,22 @@ public void handle(ErrorCode errCode, Map data) {
         }).start();
     }
 
+    private void handle(ResetVmTpmMsg msg) {
+        ResetVmTpmReply reply = new ResetVmTpmReply();
+
+        String vmUuid = msg.getVmInstanceUuid();
+        SQL.New(VmHostFileVO.class)
+                .eq(VmHostFileVO_.vmInstanceUuid, vmUuid)
+                .eq(VmHostFileVO_.type, VmHostFileType.TpmState)
+                .delete();
+        SQL.New(VmHostBackupFileVO.class)
+                .eq(VmHostBackupFileVO_.resourceUuid, vmUuid)
+                .eq(VmHostBackupFileVO_.type, VmHostFileType.TpmState)
+                .delete();
+
+        bus.reply(msg, reply);
+    }
+
     private void handle(APIGetTpmCapabilityMsg msg) {
         TpmCapabilityView view = new TpmCapabilityView();
 
