On 06/05/2018 07:28 AM, Stefan Berger wrote:
> On 06/05/2018 01:03 AM, Marc Hartmayer wrote:
>> On Thu, May 24, 2018 at 10:25 PM +0200, Stefan Berger
>> <stefanb@linux.vnet.ibm.com> wrote:
>>> This series of patches adds support for the TPM emulator backend that
>>> is available in QEMU and based on swtpm + libtpms. It allows to
>>> attach a
>>> TPM 1.2 or 2 to a QEMU VM. sVirt labels are used for labeling the swtpm
>>> process, its Unix socket, and log file with the same label that the
>>> QEMU process gets. Besides that swtpm is added to the emulator
>>> cgroup to
>>> restrict its CPU usage.
>>>
>>> The device XML can be changed from a TPM 1.2 to a TPM 2 and back to a
>>> TPM 1.2. The device state is not removed during those changes but only
>>> when the domain is undefined.
>>>
>>> The swtpm needs persistent storage to store its state. For that I am
>>> using the uuid of the VM as part of the path since the name of the VM
>>> can be changed. Logfiles, PID files, and socket names are based on the
>>> name of the VM, though.
>>>
>>> Stefan
>>>
>>> v7->v8:
>>> - Delaying this series for 4.5; adjusted references to 4.4
>>> - Fixed a test case since version='1.2' is now formatted as well
>>> - Appended patches for AppArmor and auditing
>>> - Appended patches that improve / fix existing code
>>> - patch for validating the TPM configuration rather than
>>> overwriting it;
>>> a particular case is the CRB interface does not work with a TPM
>>> 1.2
>>> - swtpm_setup can be run for a TPM 2 in unprivileged mode as well
>>>
>>> v6->v7:
>>> - followed Jan Tomko's suggestion with resulting changing to patch
>>> 10/12.
>>> - re-added missing parts related to swtpm_setup and TPM that got
>>> lost
>>> in v4
>>>
>>> v5->v6:
>>> - Addressed John Ferlan's comments
>>> - rebased on latest tip
>>> - Added patch 12.
>>>
>>> v4->v5:
>>> - Addressed John Ferlan's, Boris Fiuczysnki's and Marc
>>> Hartmayer's comments
>>> - rebased on latest tip
>>>
>>> v3->v4:
>>> - Addressed John Ferlan's comments
>>> - Fixed bugs I found while testing
>>> - rebased on latest tip
>>>
>>>
>>> Stefan Berger (18):
>>> conf: Add support for external swtpm TPM emulator to domain XML
>>> qemu: Extend QEMU capabilities with 'tpm-emulator'
>>> util: Implement virFileChownFiles()
>>> security: Add DAC and SELinux security for tpm-emulator
>>> qemu: Extend qemu_conf with tpm-emulator support
>>> qemu: Extend QEMU with external TPM support
>>> qemu: Add support for external swtpm TPM emulator
>>> tests: Add test cases for external swtpm TPM emulator
>>> security: Label the external swtpm with SELinux labels
>>> conf: Add support for choosing emulation of a TPM 2
>>> qemu: Add swtpm to emulator cgroup
>>> news: Update news with new TPM emulator feature
>>> security: Add swtpm paths to the domain's AppArmor profile
>>> qemu: Run swtpm_setup in unprivileged mode for a TPM 2
>>> qemu: Validate chosen TPM model rather than overwriting it
>>> conf: Audit TPM emulator device at domain startup
>>> conf: Use resrc=tpm in case of TPM passthrough following docs
>>> conf: Use virDomainChrSourceDefClear() rather than VIR_FREE()
>>>
>>> docs/auditlog.html.in | 2 +-
>>> docs/formatdomain.html.in | 43 +
>>> docs/news.xml | 13 +
>>> docs/schemas/domaincommon.rng | 17 +
>>> examples/apparmor/libvirt-qemu | 3 +
>>> libvirt.spec.in | 2 +
>>> src/conf/domain_audit.c | 20 +-
>>> src/conf/domain_conf.c | 49 +-
>>> src/conf/domain_conf.h | 15 +
>>> src/libvirt_private.syms | 3 +
>>> src/qemu/Makefile.inc.am | 10 +
>>> src/qemu/libvirtd_qemu.aug | 5 +
>>> src/qemu/qemu.conf | 8 +
>>> src/qemu/qemu_capabilities.c | 5 +
>>> src/qemu/qemu_capabilities.h | 1 +
>>> src/qemu/qemu_cgroup.c | 36 +
>>> src/qemu/qemu_cgroup.h | 2 +
>>> src/qemu/qemu_command.c | 34 +-
>>> src/qemu/qemu_conf.c | 43 +
>>> src/qemu/qemu_conf.h | 6 +
>>> src/qemu/qemu_domain.c | 31 +-
>>> src/qemu/qemu_extdevice.c | 180 ++++
>>> src/qemu/qemu_extdevice.h | 59 ++
>>> src/qemu/qemu_process.c | 16 +
>>> src/qemu/qemu_security.c | 69 ++
>>> src/qemu/qemu_security.h | 11 +
>>> src/qemu/qemu_tpm.c | 922
>>> +++++++++++++++++++++
>>> src/qemu/qemu_tpm.h | 56 ++
>>> src/qemu/test_libvirtd_qemu.aug.in | 2 +
>>> src/security/security_dac.c | 7 +
>>> src/security/security_driver.h | 7 +
>>> src/security/security_manager.c | 36 +
>>> src/security/security_manager.h | 6 +
>>> src/security/security_selinux.c | 172 ++++
>>> src/security/security_stack.c | 40 +
>>> src/security/virt-aa-helper.c | 24 +
>>> src/util/virfile.c | 55 ++
>>> src/util/virfile.h | 3 +
>>> tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 1 +
>>> tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 1 +
>>> tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 1 +
>>> tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 1 +
>>> tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 1 +
>>> .../tpm-emulator-tpm2.x86_64-latest.args | 33 +
>>> tests/qemuxml2argvdata/tpm-emulator-tpm2.xml | 30 +
>>> .../tpm-emulator.x86_64-latest.args | 33 +
>>> tests/qemuxml2argvdata/tpm-emulator.xml | 30 +
>>> tests/qemuxml2argvtest.c | 16 +-
>>> tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml | 34 +
>>> tests/qemuxml2xmloutdata/tpm-emulator.xml | 34 +
>>> tests/qemuxml2xmltest.c | 1 +
>>> 51 files changed, 2212 insertions(+), 17 deletions(-)
>>> create mode 100644 src/qemu/qemu_extdevice.c
>>> create mode 100644 src/qemu/qemu_extdevice.h
>>> create mode 100644 src/qemu/qemu_tpm.c
>>> create mode 100644 src/qemu/qemu_tpm.h
>>> create mode 100644
>>> tests/qemuxml2argvdata/tpm-emulator-tpm2.x86_64-latest.args
>>> create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.xml
>>> create mode 100644
>>> tests/qemuxml2argvdata/tpm-emulator.x86_64-latest.args
>>> create mode 100644 tests/qemuxml2argvdata/tpm-emulator.xml
>>> create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml
>>> create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator.xml
>>>
>>> --
>>> 2.14.3
>> Hi Stefan,
>>
>> if I restart libvirtd while the TPM-guest is running, the guest crashes…
>> I haven’t had a closer look yet, but can you please verify the behavior
>> for you? Thanks!
>
> I do not see this with the current version (v9) I posted yesterday. Is
> this happening only when a vTPM is attached or also in other cases?
> Though. I had seen such behavior a while ago but then it disappeared
> and iirc it wasn't limited to guests with an attached vTPM. I think it
> was due to libvirt terminating the guest for some reason.
One more thing. In v9 I changed the version from '2' to '2.0' since it's
a TPM 2.0. So you have to edit the domain XML of previously existing
domains to be ... version='2.0'. Snapshots from v8 won't work, either.
>
> Stefan
>
>>
>> Beste Grüße / Kind regards
>> Marc Hartmayer
>>
>> IBM Deutschland Research & Development GmbH
>> Vorsitzende des Aufsichtsrats: Martina Koederitz
>> Geschäftsführung: Dirk Wittkopp
>> Sitz der Gesellschaft: Böblingen
>> Registergericht: Amtsgericht Stuttgart, HRB 243294
>
>
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list