From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562696866; cv=none; d=zoho.com; s=zohoarc; b=Ge9KmN8XhByHbi2i5i6mH3BDWqt1PUrGoTYNQfsFBmz1EnuCjEZ8yNzktsyaxXs/5vVx8nqhJ93sgzgTM7W0nRK5j+6kpdy70fqnWE9wONb7H8Jz1kG6l4m59uaELwzJX+nlcg+OzmhsyEK3/Sok1vR/cjJbzanyavwNc9yq478= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562696866; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=s4ii70vT2qH4IOit8aKeFVYPklYnQvKoHUXbIPg+c9k=; b=kFpFCbO0B6TlrXeeZSYzQXPbDcFPdanc3SAyGiU72Oy/NXU+WljJhqMwD51/zjPvC2gvWsxeYGCvq5+IIgfDcN93noRQXVmFPziPPS4yN1I0g4veb4+5tCuV6raTzNxQjAYAlBjKNqj01nKpIPYyhuC+aXGzlS4XZTLij2HGgvQ= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562696866315679.3566122068403; Tue, 9 Jul 2019 11:27:46 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5B71530860AF; Tue, 9 Jul 2019 18:27:36 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4A30B1001B00; Tue, 9 Jul 2019 18:27:27 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 692731833001; Tue, 9 Jul 2019 18:27:10 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69IR87W007850 for ; Tue, 9 Jul 2019 14:27:08 -0400 Received: by smtp.corp.redhat.com (Postfix) id 340775C306; Tue, 9 Jul 2019 18:27:08 +0000 (UTC) Received: from mx1.redhat.com (ext-mx17.extmail.prod.ext.phx2.redhat.com [10.5.110.46]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2E3F95FCA6 for ; Tue, 9 Jul 2019 18:27:06 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D540C30C543C for ; Tue, 9 Jul 2019 18:26:42 +0000 (UTC) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HNh4m051456 for ; Tue, 9 Jul 2019 13:24:06 -0400 Received: from e16.ny.us.ibm.com (e16.ny.us.ibm.com [129.33.205.206]) by mx0b-001b2d01.pphosted.com with ESMTP id 2tmx3hk4x8-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 09 Jul 2019 13:24:05 -0400 Received: from localhost by e16.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 9 Jul 2019 18:23:46 +0100 Received: from b01cxnp22036.gho.pok.ibm.com (9.57.198.26) by e16.ny.us.ibm.com (146.89.104.203) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 9 Jul 2019 18:23:43 +0100 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNhTY8061744 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:43 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F259B112061; Tue, 9 Jul 2019 17:23:42 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DB7CD112065; Tue, 9 Jul 2019 17:23:42 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:42 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:24 -0400 In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19070917-0072-0000-0000-000004465415 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00011401; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000286; SDB=6.01229777; UDB=6.00647693; IPR=6.01011037; MB=3.00027654; MTD=3.00000008; XFM=3.00000015; UTC=2019-07-09 17:23:45 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19070917-0073-0000-0000-00004CB696AA Message-Id: <20190709172341.3063264-2-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: Delayed for 01:03:05 by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 09 Jul 2019 18:26:51 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 09 Jul 2019 18:26:51 +0000 (UTC) for IP:'148.163.158.5' DOMAIN:'mx0b-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.158.5 mx0b-001b2d01.pphosted.com 148.163.158.5 mx0b-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.46 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 01/18] secret: Add support for usage type vTPM X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Tue, 09 Jul 2019 18:27:42 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Add support for usage type vTPM to secret. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- include/libvirt/libvirt-secret.h | 1 + src/conf/secret_conf.c | 13 +++++++++++++ src/util/virsecret.c | 2 +- 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/include/libvirt/libvirt-secret.h b/include/libvirt/libvirt-sec= ret.h index 9a1065f0f3..e5aaac9450 100644 --- a/include/libvirt/libvirt-secret.h +++ b/include/libvirt/libvirt-secret.h @@ -43,6 +43,7 @@ typedef enum { VIR_SECRET_USAGE_TYPE_CEPH =3D 2, VIR_SECRET_USAGE_TYPE_ISCSI =3D 3, VIR_SECRET_USAGE_TYPE_TLS =3D 4, + VIR_SECRET_USAGE_TYPE_VTPM =3D 5, =20 # ifdef VIR_ENUM_SENTINELS VIR_SECRET_USAGE_TYPE_LAST diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c index 5b85a7c0be..b291339e77 100644 --- a/src/conf/secret_conf.c +++ b/src/conf/secret_conf.c @@ -110,6 +110,15 @@ virSecretDefParseUsage(xmlXPathContextPtr ctxt, } break; =20 + case VIR_SECRET_USAGE_TYPE_VTPM: + def->usage_id =3D virXPathString("string(./usage/name)", ctxt); + if (!def->usage_id) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("vTPM usage specified, but name is missing")); + return -1; + } + break; + default: virReportError(VIR_ERR_INTERNAL_ERROR, _("unexpected secret usage type %d"), @@ -257,6 +266,10 @@ virSecretDefFormatUsage(virBufferPtr buf, virBufferEscapeString(buf, "%s\n", def->usage_id); break; =20 + case VIR_SECRET_USAGE_TYPE_VTPM: + virBufferEscapeString(buf, "%s\n", def->usage_id); + break; + default: virReportError(VIR_ERR_INTERNAL_ERROR, _("unexpected secret usage type %d"), diff --git a/src/util/virsecret.c b/src/util/virsecret.c index 854dc72b06..7844a76a56 100644 --- a/src/util/virsecret.c +++ b/src/util/virsecret.c @@ -34,7 +34,7 @@ VIR_LOG_INIT("util.secret"); =20 VIR_ENUM_IMPL(virSecretUsage, VIR_SECRET_USAGE_TYPE_LAST, - "none", "volume", "ceph", "iscsi", "tls", + "none", "volume", "ceph", "iscsi", "tls", "vtpm", ); =20 void --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562697903; cv=none; d=zoho.com; s=zohoarc; b=DnqmEKqLrlBywnxEqHzHeLC9nE8k/URnBLpnAMlhyeuE6ueO2lGx4Sd8v7itYo+NaSSKtRH1BXtcPrlsQzkxqZFJ2wMJzbxRxYffv9sCsGGzFMz2UCywyjakDasrXWwMmwtBOKmDjPKBUgr4OVSSmvkGZOIkXbng8dqJl5QF0o8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562697903; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=D4pvqMbTZRq7M9XhPkZsTFOUKnT4jSVgWTiNAJGiPZs=; b=R63i8rU4szBoQdtux4/fmPx7eWjUYHH0oxFAp3JbCFUMrVYNM1ZXS1J/Lgi2dufDygGkZQO7qax7v+hyI1+dDq/5jxb2/Ad8KrV9jE8WRgOIx1H1kKyxg264tM8LKorFI/s84RFWPXyPuZNtg8NApJkX7rYTuoysw/qpDqONHgs= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562697903764320.2440863273247; Tue, 9 Jul 2019 11:45:03 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7D51CA3B7C; Tue, 9 Jul 2019 18:45:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 544AD1001281; Tue, 9 Jul 2019 18:44:59 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1C8B1206D3; Tue, 9 Jul 2019 18:44:58 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69IisB2010436 for ; Tue, 9 Jul 2019 14:44:56 -0400 Received: by smtp.corp.redhat.com (Postfix) id D71615B0A7; Tue, 9 Jul 2019 18:44:54 +0000 (UTC) Received: from mx1.redhat.com (ext-mx11.extmail.prod.ext.phx2.redhat.com [10.5.110.40]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D2B695B0AB for ; Tue, 9 Jul 2019 18:44:51 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A4CE130C34D9 for ; Tue, 9 Jul 2019 18:44:37 +0000 (UTC) Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HMUOC136156; Tue, 9 Jul 2019 13:23:45 -0400 Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com with ESMTP id 2tmx9mahaq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Jul 2019 13:23:44 -0400 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id x69HJmcg002087; Tue, 9 Jul 2019 17:23:43 GMT Received: from b01cxnp22036.gho.pok.ibm.com (b01cxnp22036.gho.pok.ibm.com [9.57.198.26]) by ppma03dal.us.ibm.com with ESMTP id 2tjk96pk91-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Jul 2019 17:23:43 +0000 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNh2U8061746 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:43 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1AC33112065; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 03F2C112062; Tue, 9 Jul 2019 17:23:42 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:42 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:25 -0400 Message-Id: <20190709172341.3063264-3-stefanb@linux.vnet.ibm.com> In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Tue, 09 Jul 2019 18:44:37 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Tue, 09 Jul 2019 18:44:37 +0000 (UTC) for IP:'148.163.158.5' DOMAIN:'mx0b-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.158.5 mx0b-001b2d01.pphosted.com 148.163.158.5 mx0b-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.40 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 02/18] tests: Add test for new Secret vTPM usage type X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 09 Jul 2019 18:45:02 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Extend the schema for the Secret to support the vTPM usage type and add a test case for parsing the Secret with usage type vTPM. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- docs/schemas/secret.rng | 10 ++++++++++ tests/secretxml2xmlin/usage-vtpm.xml | 7 +++++++ tests/secretxml2xmltest.c | 1 + 3 files changed, 18 insertions(+) create mode 100644 tests/secretxml2xmlin/usage-vtpm.xml diff --git a/docs/schemas/secret.rng b/docs/schemas/secret.rng index 1e94d66e48..e0add8a5e9 100644 --- a/docs/schemas/secret.rng +++ b/docs/schemas/secret.rng @@ -37,6 +37,7 @@ + @@ -81,4 +82,13 @@ =20 + + + vtpm + + + + + + diff --git a/tests/secretxml2xmlin/usage-vtpm.xml b/tests/secretxml2xmlin/u= sage-vtpm.xml new file mode 100644 index 0000000000..5baff3034d --- /dev/null +++ b/tests/secretxml2xmlin/usage-vtpm.xml @@ -0,0 +1,7 @@ + + aa6c7af2-45a7-477c-85a2-fe86d9f2514e + vTPM secret + + vTPMvTPMvTPM + + diff --git a/tests/secretxml2xmltest.c b/tests/secretxml2xmltest.c index fd93703424..595583346a 100644 --- a/tests/secretxml2xmltest.c +++ b/tests/secretxml2xmltest.c @@ -80,6 +80,7 @@ mymain(void) DO_TEST("usage-ceph"); DO_TEST("usage-iscsi"); DO_TEST("usage-tls"); + DO_TEST("usage-vtpm"); =20 return ret =3D=3D 0 ? EXIT_SUCCESS : EXIT_FAILURE; } --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562697893; cv=none; d=zoho.com; s=zohoarc; b=kaHb0ATjgTZvNq3DWnhUxxBOA7s7uPiFCFoDZhSB4hV/2REvJ/Ogl87C/7MbA1jQR1N0xb9qix92c0L1Ed0d/5CkZSnaOViv5vbHLBMdGPfEKVUfbPtNybXXY9/UgTKOomGvWMu6OmojyyUCvf/4XvAEtlMOcQqT+S3jvGw+8/A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562697893; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=NgoPmE6a90alxKbGAeOU6jNPo/2REW5orwQFVlt0p0Y=; b=aBZwYXpv2t4vsTs/iOP0VUmcw8bQcQyyCdZJ3fvfjRcOLnL0hEcZK33n/Cvho131WtbJsAptjtSme5pbvKDkiVh2yteWJtjkBQkMLLd4osG+nsucz1DTjrhZ7W1J3pXTEd0xJpAOKvvLLMxp5cdZkZtBZmPgiSG0XBrWlWDmvYg= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562697893299162.72702372252195; Tue, 9 Jul 2019 11:44:53 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0D0F330C26A5; Tue, 9 Jul 2019 18:44:36 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 231B35F9AC; Tue, 9 Jul 2019 18:44:30 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 15A8A206D2; Tue, 9 Jul 2019 18:44:22 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69IiJCC010418 for ; Tue, 9 Jul 2019 14:44:19 -0400 Received: by smtp.corp.redhat.com (Postfix) id 2B3A71001281; Tue, 9 Jul 2019 18:44:19 +0000 (UTC) Received: from mx1.redhat.com (ext-mx08.extmail.prod.ext.phx2.redhat.com [10.5.110.32]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 25C6F100033F for ; Tue, 9 Jul 2019 18:44:16 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DA5BAC0703D3 for ; Tue, 9 Jul 2019 18:43:59 +0000 (UTC) Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HMUwm136128; Tue, 9 Jul 2019 13:23:46 -0400 Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com with ESMTP id 2tmx9mahb0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Jul 2019 13:23:45 -0400 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id x69HJot3029746; Tue, 9 Jul 2019 17:23:44 GMT Received: from b01cxnp22036.gho.pok.ibm.com (b01cxnp22036.gho.pok.ibm.com [9.57.198.26]) by ppma01dal.us.ibm.com with ESMTP id 2tjk976jk3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Jul 2019 17:23:44 +0000 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNh2K37945776 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:43 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 31B1D112063; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1BE9A112066; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:26 -0400 Message-Id: <20190709172341.3063264-4-stefanb@linux.vnet.ibm.com> In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Tue, 09 Jul 2019 18:44:05 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Tue, 09 Jul 2019 18:44:05 +0000 (UTC) for IP:'148.163.158.5' DOMAIN:'mx0b-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.158.5 mx0b-001b2d01.pphosted.com 148.163.158.5 mx0b-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.32 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 03/18] tests: Add already existing test case tpm-emulator-tpm2 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Tue, 09 Jul 2019 18:44:52 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Add an already existing test case tpm-emulator-tpm2 to qemuxml2xmltest.c Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- tests/qemuxml2xmltest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index a64b17ac28..a29958ae29 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -653,6 +653,7 @@ mymain(void) DO_TEST("tpm-passthrough", NONE); DO_TEST("tpm-passthrough-crb", NONE); DO_TEST("tpm-emulator", NONE); + DO_TEST("tpm-emulator-tpm2", NONE); =20 DO_TEST("metadata", NONE); DO_TEST("metadata-duplicate", NONE); --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562694101; cv=none; d=zoho.com; s=zohoarc; b=Us/0fefcN4lBbigg8NMwKkvoDpc5QZRy2/EoF/pW7fXjx+wcqFRsoG4YoM35lwV2TpLexLfLDxyJgZI0shmyHRi3MVtrYDeXXkmNfZwNzfGYG5502pBtf4ZdYUY7ETW/FD/k+8v6Z08pWV9a93a1D1UKNifEkhhu+63BOmEhZ+I= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562694101; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=9Edrtq7RIX8J6FbSiECnXWUntSWSjiv1OEsac5hQgmc=; b=i1oLRq8CYSBa8AgDbwBtb7TUBk4g+m615Ai7zby9mnwO4ktFLoe96qWlsApQ9kIWTkVbEIjWzWBNWYiS20QCrMahQP5xPlB7D8xBPhHjZ3QHqf+y7lz+lz4iMmJ8Mdn1NadVhZBciboy5FLrCWxCfo2epz3dgs/0+qqAGgwsOHU= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562694101824648.1547394096154; Tue, 9 Jul 2019 10:41:41 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8B8FB5945B; Tue, 9 Jul 2019 17:41:37 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 66D221001DF3; Tue, 9 Jul 2019 17:41:36 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 788F7206D2; Tue, 9 Jul 2019 17:41:34 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69HfVbZ030336 for ; Tue, 9 Jul 2019 13:41:32 -0400 Received: by smtp.corp.redhat.com (Postfix) id 3F8B35F7D9; Tue, 9 Jul 2019 17:41:31 +0000 (UTC) Received: from mx1.redhat.com (ext-mx14.extmail.prod.ext.phx2.redhat.com [10.5.110.43]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3598092D3D for ; Tue, 9 Jul 2019 17:41:28 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E590F3092650 for ; Tue, 9 Jul 2019 17:41:16 +0000 (UTC) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HNGF1117681 for ; Tue, 9 Jul 2019 13:23:48 -0400 Received: from e13.ny.us.ibm.com (e13.ny.us.ibm.com [129.33.205.203]) by mx0a-001b2d01.pphosted.com with ESMTP id 2tmwhum9n7-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 09 Jul 2019 13:23:48 -0400 Received: from localhost by e13.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 9 Jul 2019 18:23:47 +0100 Received: from b01cxnp22036.gho.pok.ibm.com (9.57.198.26) by e13.ny.us.ibm.com (146.89.104.200) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 9 Jul 2019 18:23:44 +0100 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNhxV13501070 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:43 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3F930112062; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 332FD112064; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:27 -0400 In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19070917-0064-0000-0000-000003F903FF X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00011401; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000286; SDB=6.01229777; UDB=6.00647692; IPR=6.01011037; MB=3.00027654; MTD=3.00000008; XFM=3.00000015; UTC=2019-07-09 17:23:45 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19070917-0065-0000-0000-00003E323C46 Message-Id: <20190709172341.3063264-5-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Tue, 09 Jul 2019 17:41:17 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Tue, 09 Jul 2019 17:41:17 +0000 (UTC) for IP:'148.163.156.1' DOMAIN:'mx0a-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.156.1 mx0a-001b2d01.pphosted.com 148.163.156.1 mx0a-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.43 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 04/18] util: Add VIR_STORAGE_ENCRYPTION_FORMAT_VTPM X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 09 Jul 2019 17:41:40 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Add VIR_STORAGE_ENCRYPTION_FORMAT_VTPM with string 'vtpm' for support of encrypting vTPM storage. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- src/qemu/qemu_block.c | 1 + src/util/virstorageencryption.c | 2 +- src/util/virstorageencryption.h | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 0a6522577d..c3296c36f5 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -1184,6 +1184,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource= Ptr src, encformat =3D "luks"; break; =20 + case VIR_STORAGE_ENCRYPTION_FORMAT_VTPM: case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT: case VIR_STORAGE_ENCRYPTION_FORMAT_LAST: default: diff --git a/src/util/virstorageencryption.c b/src/util/virstorageencryptio= n.c index 49df7fddd8..4c7356d47a 100644 --- a/src/util/virstorageencryption.c +++ b/src/util/virstorageencryption.c @@ -44,7 +44,7 @@ VIR_ENUM_IMPL(virStorageEncryptionSecret, =20 VIR_ENUM_IMPL(virStorageEncryptionFormat, VIR_STORAGE_ENCRYPTION_FORMAT_LAST, - "default", "qcow", "luks", + "default", "qcow", "luks", "vtpm", ); =20 static void diff --git a/src/util/virstorageencryption.h b/src/util/virstorageencryptio= n.h index 3e5485d88b..29bd00056c 100644 --- a/src/util/virstorageencryption.h +++ b/src/util/virstorageencryption.h @@ -59,6 +59,7 @@ typedef enum { VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT =3D 0, VIR_STORAGE_ENCRYPTION_FORMAT_QCOW, /* Both qcow and qcow2 */ VIR_STORAGE_ENCRYPTION_FORMAT_LUKS, + VIR_STORAGE_ENCRYPTION_FORMAT_VTPM, =20 VIR_STORAGE_ENCRYPTION_FORMAT_LAST, } virStorageEncryptionFormatType; --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562693922; cv=none; d=zoho.com; s=zohoarc; b=QVnIqKd5p08F1Bdwy6Ce77VhQHNwxW5q/ZSoc+dzg5D4FSr0JSYGGtlQidLmU4IV6TY3vKEx54Tm7Waamuc6j0NY/4A9Rs2fOIhu4zAz0JbVpoSwyfV3U5aHDIDfIHuUN59MZ7m9DyeX9mgvaVjeliCCCs4I5W2YvsDvoYu4p78= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562693922; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=ozIF5DtBmtZl9OMK+TOA65OJ6aN9rJHN7DTJpwKQLbQ=; b=aaPn0y0kl7HuC2Vk/dylIknPpBnqsYhGtDoW8ht254BRG7+gfBZbOacDn5gpAr12UnBQxpYxvJKZdeArWMdV7KtOcmV3GgGYK+5AChyzMorG6sRvf4Hxq8oBr8qGglRL8p9Fod60/dJ2xSHomKDxiQt/8Zzy6PmlEEjcqLuktVs= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562693922822280.0540262559242; Tue, 9 Jul 2019 10:38:42 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0C99E30ADC98; Tue, 9 Jul 2019 17:38:28 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B627A5B0A5; Tue, 9 Jul 2019 17:38:27 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5B730206D4; Tue, 9 Jul 2019 17:38:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69HcMWG030182 for ; Tue, 9 Jul 2019 13:38:23 -0400 Received: by smtp.corp.redhat.com (Postfix) id 689A65B0A0; Tue, 9 Jul 2019 17:38:22 +0000 (UTC) Received: from mx1.redhat.com (ext-mx14.extmail.prod.ext.phx2.redhat.com [10.5.110.43]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 63A325B09D for ; Tue, 9 Jul 2019 17:38:20 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 133253092650 for ; Tue, 9 Jul 2019 17:38:05 +0000 (UTC) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HMQYL064028 for ; Tue, 9 Jul 2019 13:23:48 -0400 Received: from e11.ny.us.ibm.com (e11.ny.us.ibm.com [129.33.205.201]) by mx0b-001b2d01.pphosted.com with ESMTP id 2tmx3j2x12-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 09 Jul 2019 13:23:48 -0400 Received: from localhost by e11.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 9 Jul 2019 18:23:47 +0100 Received: from b01cxnp22036.gho.pok.ibm.com (9.57.198.26) by e11.ny.us.ibm.com (146.89.104.198) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 9 Jul 2019 18:23:44 +0100 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNhHb9241154 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:43 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4E627112064; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 410F1112069; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:28 -0400 In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19070917-2213-0000-0000-000003AB9BED X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00011401; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000286; SDB=6.01229777; UDB=6.00647692; IPR=6.01011037; MB=3.00027654; MTD=3.00000008; XFM=3.00000015; UTC=2019-07-09 17:23:45 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19070917-2214-0000-0000-00005F2A40F5 Message-Id: <20190709172341.3063264-6-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: Delayed for 00:14:19 by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Tue, 09 Jul 2019 17:38:05 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Tue, 09 Jul 2019 17:38:05 +0000 (UTC) for IP:'148.163.158.5' DOMAIN:'mx0b-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.158.5 mx0b-001b2d01.pphosted.com 148.163.158.5 mx0b-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.43 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 05/18] conf: Extend TPM XML parser with encryption support X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Tue, 09 Jul 2019 17:38:40 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Extend the TPM device XML parser and XML generator with emulator state encryption support. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- src/conf/domain_conf.c | 40 +++++++++++++++++++++++++++++++++++++++- src/conf/domain_conf.h | 1 + 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 3323c9a5b1..df6238c299 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -2950,6 +2950,7 @@ void virDomainTPMDefFree(virDomainTPMDefPtr def) virDomainChrSourceDefClear(&def->data.emulator.source); VIR_FREE(def->data.emulator.storagepath); VIR_FREE(def->data.emulator.logfile); + virStorageEncryptionFree(def->data.emulator.encryption); break; case VIR_DOMAIN_TPM_TYPE_LAST: break; @@ -13048,6 +13049,16 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPt= r xmlopt, * * * + * + * Emulator state encryption is supported with the following: + * + * + * + * + * + * + * + * */ static virDomainTPMDefPtr virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt, @@ -13063,6 +13074,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlop= t, VIR_AUTOFREE(char *) backend =3D NULL; VIR_AUTOFREE(char *) version =3D NULL; VIR_AUTOFREE(xmlNodePtr *) backends =3D NULL; + xmlNodePtr encnode =3D NULL; =20 if (VIR_ALLOC(def) < 0) return NULL; @@ -13126,6 +13138,21 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlo= pt, def->data.passthrough.source.type =3D VIR_DOMAIN_CHR_TYPE_DEV; break; case VIR_DOMAIN_TPM_TYPE_EMULATOR: + encnode =3D virXPathNode("./backend/encryption", ctxt); + if (encnode) { + def->data.emulator.encryption =3D + virStorageEncryptionParseNode(encnode, ctxt); + if (!def->data.emulator.encryption) + goto error; + if (def->data.emulator.encryption->format !=3D + VIR_STORAGE_ENCRYPTION_FORMAT_VTPM) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Unsupported vTPM encryption type '%s'"), + virStorageEncryptionFormatTypeToString( + def->data.emulator.encryption->format)); + goto error; + } + } break; case VIR_DOMAIN_TPM_TYPE_LAST: goto error; @@ -25949,8 +25976,19 @@ virDomainTPMDefFormat(virBufferPtr buf, virBufferAddLit(buf, "\n"); break; case VIR_DOMAIN_TPM_TYPE_EMULATOR: - virBufferAsprintf(buf, " version=3D'%s'/>\n", + virBufferAsprintf(buf, " version=3D'%s'", virDomainTPMVersionTypeToString(def->version)); + if (def->data.emulator.encryption) { + virBufferAddLit(buf, ">\n"); + virBufferAdjustIndent(buf, 2); + if (virStorageEncryptionFormat(buf, + def->data.emulator.encryption) = < 0) + return -1; + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "\n"); + } else { + virBufferAddLit(buf, "/>\n"); + } break; case VIR_DOMAIN_TPM_TYPE_LAST: break; diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index c1b5fc1337..a03986623a 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1270,6 +1270,7 @@ struct _virDomainTPMDef { virDomainChrSourceDef source; char *storagepath; char *logfile; + virStorageEncryptionPtr encryption; } emulator; } data; }; --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562695801; cv=none; d=zoho.com; s=zohoarc; b=ZgMNItQxG8YMifilb2kadQr0XwoEwG4pIzHRD/2VWwhlF/S9PTIS9TuyRr0V/NvaPMt/+KaABjPESso6i1YdAsIIt8nGybBSH3XDWwBEpNkhBbiCdAjKzFMN2qa9Bej/UYrAex6G9eaPajCMpsBxBw6LBD4ux5XiVLomV7gIm2g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562695801; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=AndaTIuPpdDr5ALs9+YYaATjSEUyBu9yOXy+yVXFprI=; b=ITDf8ngcrryemO1vq4WUnTdQUk/5FHQs75uMXVn/eEpbC0tc4G684mQTsiwtNLBgXleiYwofzrlZFdvQ44osWzXOaZqkUbKCjmbhh35YF9+ucg2vWBFtnsBOqlTde8VlHTUQ7fSDz9EIDmdZw7GvoSZZttc5SMbtvkgz1q8C+ww= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562695801043786.0321080463615; Tue, 9 Jul 2019 11:10:01 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4AE1681135; Tue, 9 Jul 2019 18:09:20 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9EBAE5B09D; Tue, 9 Jul 2019 18:09:15 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 29B121833003; Tue, 9 Jul 2019 18:09:02 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69I902M003298 for ; Tue, 9 Jul 2019 14:09:00 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1C18A5FCAC; Tue, 9 Jul 2019 18:09:00 +0000 (UTC) Received: from mx1.redhat.com (ext-mx13.extmail.prod.ext.phx2.redhat.com [10.5.110.42]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 15E8B5FCA9 for ; Tue, 9 Jul 2019 18:08:57 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 23AA43086234 for ; Tue, 9 Jul 2019 18:08:46 +0000 (UTC) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HNb8u056430 for ; Tue, 9 Jul 2019 13:23:49 -0400 Received: from e13.ny.us.ibm.com (e13.ny.us.ibm.com [129.33.205.203]) by mx0a-001b2d01.pphosted.com with ESMTP id 2tmx8ctsfj-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 09 Jul 2019 13:23:49 -0400 Received: from localhost by e13.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 9 Jul 2019 18:23:46 +0100 Received: from b01cxnp22036.gho.pok.ibm.com (9.57.198.26) by e13.ny.us.ibm.com (146.89.104.200) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 9 Jul 2019 18:23:44 +0100 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNhe49175662 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:43 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5C42A11206F; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4F0E011206B; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:29 -0400 In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19070917-0064-0000-0000-000003F90401 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00011401; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000286; SDB=6.01229777; UDB=6.00647692; IPR=6.01011037; MB=3.00027654; MTD=3.00000008; XFM=3.00000015; UTC=2019-07-09 17:23:45 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19070917-0065-0000-0000-00003E323C47 Message-Id: <20190709172341.3063264-7-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: Delayed for 00:45:00 by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Tue, 09 Jul 2019 18:08:46 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Tue, 09 Jul 2019 18:08:46 +0000 (UTC) for IP:'148.163.156.1' DOMAIN:'mx0a-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.156.1 mx0a-001b2d01.pphosted.com 148.163.156.1 mx0a-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.42 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 06/18] schema: Extend the TPM XML schema with support for encryption X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 09 Jul 2019 18:09:50 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Extend the TPM XML schema with support for an encryption node. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- docs/schemas/domaincommon.rng | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 31db599ab9..4a4f4f8a4d 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -4316,6 +4316,7 @@ emulator + @@ -4345,6 +4346,35 @@ =20 + + + + + vtpm + + + + + + + + + + + passphrase + + + + + + + + + + + + + --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562697571; cv=none; d=zoho.com; s=zohoarc; b=iZFJHUyRWmxqbipVCYmYXwEWG62fIK+aLOi6HZ60U97SM8qc82qHEj12SPR+9Rb65rTQWJHcfAZbhovjzssvyHvC+J39LAKubZfqqS63RDiMzmMi38coLl74qZG5FnckBlZPc0sDYm8SzOScjwf6xmhWdGvfIuSvUu6Azsp1HuA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562697571; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=wo63/30cxR1MRIDokiZw+UAc2dqNPiY94Zr27R5A6TM=; b=OJskLPWp/7pzUJnwWwRxu31L53Fj3qeh5wWVvleOynvCAoFQx5I8krCB9+YKxljvAdfm9JTFkBC3UapiFq14BVVMp8UMgrY9qM8GWah3tSTDMRrYVbWjEGJHP2Ivz6LGxb9odWQuOdJZjbrQ5GThng8AMyu20sxfMrWgLAlEpRE= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562697570987922.5183795422772; Tue, 9 Jul 2019 11:39:30 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C9EBEA3B6E; Tue, 9 Jul 2019 18:39:03 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 62A805DD6D; Tue, 9 Jul 2019 18:38:58 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0A770206D2; Tue, 9 Jul 2019 18:38:52 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69Ickrs009498 for ; Tue, 9 Jul 2019 14:38:47 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8842E92AEF; Tue, 9 Jul 2019 18:38:46 +0000 (UTC) Received: from mx1.redhat.com (ext-mx19.extmail.prod.ext.phx2.redhat.com [10.5.110.48]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8167A5F7DC for ; Tue, 9 Jul 2019 18:38:43 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1194A308C391 for ; Tue, 9 Jul 2019 18:38:33 +0000 (UTC) Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HPUTM060361; Tue, 9 Jul 2019 13:25:35 -0400 Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0b-001b2d01.pphosted.com with ESMTP id 2tmx8b29wy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Jul 2019 13:25:33 -0400 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id x69HJobP002104; Tue, 9 Jul 2019 17:23:44 GMT Received: from b01cxnp22036.gho.pok.ibm.com (b01cxnp22036.gho.pok.ibm.com [9.57.198.26]) by ppma03dal.us.ibm.com with ESMTP id 2tjk96pk94-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Jul 2019 17:23:44 +0000 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNhWO11600394 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:43 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6066D112070; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5CCB0112065; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:30 -0400 Message-Id: <20190709172341.3063264-8-stefanb@linux.vnet.ibm.com> In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Tue, 09 Jul 2019 18:38:33 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Tue, 09 Jul 2019 18:38:33 +0000 (UTC) for IP:'148.163.158.5' DOMAIN:'mx0b-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.158.5 mx0b-001b2d01.pphosted.com 148.163.158.5 mx0b-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.48 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 07/18] tests: Add test for TPM XML encryption parser and formatter X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 09 Jul 2019 18:39:24 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Add a test case for the TPM XML encryption parser and formatter. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- .../tpm-emulator-tpm2-enc.xml | 34 +++++++++++++++++ .../tpm-emulator-tpm2-enc.xml | 38 +++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 3 files changed, 73 insertions(+) create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml diff --git a/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml b/tests/qemux= ml2argvdata/tpm-emulator-tpm2-enc.xml new file mode 100644 index 0000000000..3838518e65 --- /dev/null +++ b/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml @@ -0,0 +1,34 @@ + + TPM-VM + 11d7cd22-da89-3094-6212-079a48a309a1 + 2097152 + 512288 + 1 + + hvm + + + + + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + + + + + + + diff --git a/tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml b/tests/qem= uxml2xmloutdata/tpm-emulator-tpm2-enc.xml new file mode 100644 index 0000000000..7083fc9c13 --- /dev/null +++ b/tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml @@ -0,0 +1,38 @@ + + TPM-VM + 11d7cd22-da89-3094-6212-079a48a309a1 + 2097152 + 512288 + 1 + + hvm + + + + + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + +
+ + + + + + + + + + + + +
+ + + diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index a29958ae29..f6cd56cc8f 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -654,6 +654,7 @@ mymain(void) DO_TEST("tpm-passthrough-crb", NONE); DO_TEST("tpm-emulator", NONE); DO_TEST("tpm-emulator-tpm2", NONE); + DO_TEST("tpm-emulator-tpm2-enc", NONE); =20 DO_TEST("metadata", NONE); DO_TEST("metadata-duplicate", NONE); --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562699968; cv=none; d=zoho.com; s=zohoarc; b=gm5eCyJ+817+ntRXoM4W08PXdKKYbBmkdRqfxS0n8NsnrBSR4tmuzCb1FlOK+++8/LcS5beM4XQo4IQN3/smxPH6SRAI6ydK5ycG1z7MUgVv5U6syBloFu44lN59n85mstjoJ2uNQl7xND84X8SIBp96QbYTdicwk3ocqQ+mXg4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562699968; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=u2nm8fbKkZcCRwXQOvhTG7oS8HDr0oJZfHw7mzIy16c=; b=XNf5fUq1joIYh8sfp2IxixjL4Vx4U4D3r4/LTAxqpoeqBWdZTtlQR560m7YUfsB3ydhslO0ZjqTaztuZCEtvJY/sGgwY3kIsziRZosbMAra7sL7TbH4KAApxcnxDre522FYkcykDzxLo8JDi3JrYP1j9cL+VHY8B3CGluINsxf8= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562699968701945.8109179134813; Tue, 9 Jul 2019 12:19:28 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BF51030917A8; Tue, 9 Jul 2019 19:19:21 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1AECC1001E8C; Tue, 9 Jul 2019 19:19:21 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 25A081833003; Tue, 9 Jul 2019 19:19:17 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69JJGES015781 for ; Tue, 9 Jul 2019 15:19:16 -0400 Received: by smtp.corp.redhat.com (Postfix) id 2CF3058B1; Tue, 9 Jul 2019 19:19:16 +0000 (UTC) Received: from mx1.redhat.com (ext-mx17.extmail.prod.ext.phx2.redhat.com [10.5.110.46]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 22C374105 for ; Tue, 9 Jul 2019 19:19:13 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B24A730C62A0 for ; Tue, 9 Jul 2019 19:19:01 +0000 (UTC) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HO9TA160875 for ; Tue, 9 Jul 2019 13:24:12 -0400 Received: from e12.ny.us.ibm.com (e12.ny.us.ibm.com [129.33.205.202]) by mx0b-001b2d01.pphosted.com with ESMTP id 2tmxjahv52-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 09 Jul 2019 13:24:09 -0400 Received: from localhost by e12.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 9 Jul 2019 18:23:46 +0100 Received: from b01cxnp22036.gho.pok.ibm.com (9.57.198.26) by e12.ny.us.ibm.com (146.89.104.199) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 9 Jul 2019 18:23:44 +0100 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNh3613501074 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:43 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7820C112062; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6B43711206B; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:31 -0400 In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19070917-0060-0000-0000-0000035ADA42 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00011401; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000286; SDB=6.01229777; UDB=6.00647692; IPR=6.01011036; MB=3.00027654; MTD=3.00000008; XFM=3.00000015; UTC=2019-07-09 17:23:45 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19070917-0061-0000-0000-00004A124022 Message-Id: <20190709172341.3063264-9-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 09 Jul 2019 19:19:01 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 09 Jul 2019 19:19:01 +0000 (UTC) for IP:'148.163.158.5' DOMAIN:'mx0b-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.158.5 mx0b-001b2d01.pphosted.com 148.163.158.5 mx0b-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.46 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 08/18] tests: Add tests for QEMU command line generation with encrypted TPM X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Tue, 09 Jul 2019 19:19:26 +0000 (UTC) Content-Type: text/plain; charset="utf-8" The QEMU command line does not change when TPM state is encrypted compared to when it is plain. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- .../tpm-emulator-tpm2-enc.x86_64-latest.args | 35 +++++++++++++++++++ tests/qemuxml2argvtest.c | 1 + 2 files changed, 36 insertions(+) create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-lat= est.args diff --git a/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.arg= s b/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args new file mode 100644 index 0000000000..3c8dc8e483 --- /dev/null +++ b/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args @@ -0,0 +1,35 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/tmp/lib/domain--1-TPM-VM \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/tmp/lib/domain--1-TPM-VM/.local/share \ +XDG_CACHE_HOME=3D/tmp/lib/domain--1-TPM-VM/.cache \ +XDG_CONFIG_HOME=3D/tmp/lib/domain--1-TPM-VM/.config \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name guest=3DTPM-VM,debug-threads=3Don \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-TPM-VM/master-key.aes \ +-machine pc-i440fx-2.12,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \ +-m 2048 \ +-overcommit mem-lock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid 11d7cd22-da89-3094-6212-079a48a309a1 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-boot menu=3Don,strict=3Don \ +-device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \ +-tpmdev emulator,id=3Dtpm-tpm0,chardev=3Dchrtpm \ +-chardev socket,id=3Dchrtpm,path=3D/dev/test \ +-device tpm-tis,tpmdev=3Dtpm-tpm0,id=3Dtpm0 \ +-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x2 \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,\ +resourcecontrol=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 91ca35d469..9c02cac8fc 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -2082,6 +2082,7 @@ mymain(void) QEMU_CAPS_DEVICE_TPM_PASSTHROUGH, QEMU_CAPS_DEVICE= _TPM_TIS); DO_TEST_CAPS_LATEST("tpm-emulator"); DO_TEST_CAPS_LATEST("tpm-emulator-tpm2"); + DO_TEST_CAPS_LATEST("tpm-emulator-tpm2-enc"); =20 DO_TEST_PARSE_ERROR("pci-domain-invalid", NONE); DO_TEST_PARSE_ERROR("pci-bus-invalid", NONE); --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562698859; cv=none; d=zoho.com; s=zohoarc; b=YcUY0gasvRr4eFnmIHUCGyXY3FG6EiLVKJ2LV4jmSB/QSZN5iNHu8GhJ8l7GEpw2r3dj09NVJb8GXf4u137AppyZUjMT/8pHGI8JMV6Pkp1Wu3A0y9Jskot34FFsTXYb24bX/j26KzlFCZSZdrZQR6vmxt0YabNfS3g0Qfq1YRw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562698859; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=vFOOoldcjqIspmR1L23kZ6xeTOTJMqn+yFTTe0WaVfI=; b=GoXieTFLyjDkDwi2EP90iU5hGQitj4MH6fUK2JeX29jBoBdiCQKmPtQMiV44fo0EJXNDGVjYDUFwhFPyykVTC7aFp2vzuEIwpxagpffrfFyDggP3gS3jYYwKQu+uHE3m5PMN9vOaEF6GMe3KnG7NUqSLzGa7B15Oln+WdGPFVi8= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562698859176646.7736978733617; Tue, 9 Jul 2019 12:00:59 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4ACB481E03; Tue, 9 Jul 2019 19:00:43 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A593090F42; Tue, 9 Jul 2019 19:00:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A3A6854D3D; Tue, 9 Jul 2019 19:00:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69J0THH012795 for ; Tue, 9 Jul 2019 15:00:29 -0400 Received: by smtp.corp.redhat.com (Postfix) id 3E4381001281; Tue, 9 Jul 2019 19:00:29 +0000 (UTC) Received: from mx1.redhat.com (ext-mx17.extmail.prod.ext.phx2.redhat.com [10.5.110.46]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 397081001B0F for ; Tue, 9 Jul 2019 19:00:26 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E55FC30C5844 for ; Tue, 9 Jul 2019 19:00:19 +0000 (UTC) Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HPUbO060286 for ; Tue, 9 Jul 2019 13:25:36 -0400 Received: from e13.ny.us.ibm.com (e13.ny.us.ibm.com [129.33.205.203]) by mx0b-001b2d01.pphosted.com with ESMTP id 2tmx8b29xy-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 09 Jul 2019 13:25:33 -0400 Received: from localhost by e13.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 9 Jul 2019 18:23:47 +0100 Received: from b01cxnp22036.gho.pok.ibm.com (9.57.198.26) by e13.ny.us.ibm.com (146.89.104.200) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 9 Jul 2019 18:23:44 +0100 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNhuo15926222 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:43 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 90CC2112066; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 832DE112064; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:32 -0400 In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19070917-0064-0000-0000-000003F90400 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00011401; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000286; SDB=6.01229777; UDB=6.00647692; IPR=6.01011037; MB=3.00027654; MTD=3.00000008; XFM=3.00000015; UTC=2019-07-09 17:23:45 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19070917-0065-0000-0000-00003E323C48 Message-Id: <20190709172341.3063264-10-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=621 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 09 Jul 2019 19:00:20 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 09 Jul 2019 19:00:20 +0000 (UTC) for IP:'148.163.158.5' DOMAIN:'mx0b-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.158.5 mx0b-001b2d01.pphosted.com 148.163.158.5 mx0b-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.46 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 09/18] tpm: Move virtpm.c from utils dir to own tpm dir X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 09 Jul 2019 19:00:57 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Move virtpm.c from utils dir to its own tpm dir. This change is mostly driven by the later introduction of virtpm_conf.c where the define function like XYZTypeFromString() that we cannot include from utils dir. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- po/POTFILES | 2 +- src/Makefile.am | 1 + src/conf/Makefile.inc.am | 1 + src/libvirt_private.syms | 8 ++++---- src/qemu/Makefile.inc.am | 1 + src/security/Makefile.inc.am | 1 + src/tpm/Makefile.inc.am | 17 +++++++++++++++++ src/{util =3D> tpm}/virtpm.c | 0 src/{util =3D> tpm}/virtpm.h | 0 src/util/Makefile.inc.am | 2 -- tests/Makefile.am | 1 + 11 files changed, 27 insertions(+), 7 deletions(-) create mode 100644 src/tpm/Makefile.inc.am rename src/{util =3D> tpm}/virtpm.c (100%) rename src/{util =3D> tpm}/virtpm.h (100%) diff --git a/po/POTFILES b/po/POTFILES index 8017712ff4..e3c1a8edae 100644 --- a/po/POTFILES +++ b/po/POTFILES @@ -188,6 +188,7 @@ src/storage/storage_backend_zfs.c src/storage/storage_driver.c src/storage/storage_util.c src/test/test_driver.c +src/tpm/virtpm.c src/util/iohelper.c src/util/viralloc.c src/util/virarptable.c @@ -266,7 +267,6 @@ src/util/virsysinfo.c src/util/virthreadjob.c src/util/virthreadpool.c src/util/virtime.c -src/util/virtpm.c src/util/virtypedparam.c src/util/viruri.c src/util/virusb.c diff --git a/src/Makefile.am b/src/Makefile.am index 0b562dc250..5f7c9001fe 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -122,6 +122,7 @@ include node_device/Makefile.inc.am include secret/Makefile.inc.am include storage/Makefile.inc.am include remote/Makefile.inc.am +include tpm/Makefile.inc.am =20 =20 THREAD_LIBS =3D $(LIB_PTHREAD) $(LTLIBMULTITHREAD) diff --git a/src/conf/Makefile.inc.am b/src/conf/Makefile.inc.am index 6b52ba674b..08c7c9da7f 100644 --- a/src/conf/Makefile.inc.am +++ b/src/conf/Makefile.inc.am @@ -178,6 +178,7 @@ libvirt_la_BUILT_LIBADD +=3D libvirt_conf.la libvirt_conf_la_SOURCES =3D $(CONF_SOURCES) libvirt_conf_la_CFLAGS =3D \ -I$(srcdir)/conf \ + -I$(srcdir)/tpm \ $(AM_CFLAGS) \ $(NULL) libvirt_conf_la_LDFLAGS =3D $(AM_LDFLAGS) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 34937adc5d..e29007cab1 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1445,6 +1445,10 @@ virSecurityManagerTransactionStart; virSecurityManagerVerify; =20 =20 +# tpm/virtpm.h +virTPMCreateCancelPath; + + # util/viralloc.h virAlloc; virAllocN; @@ -3175,10 +3179,6 @@ virTimeStringThen; virTimeStringThenRaw; =20 =20 -# util/virtpm.h -virTPMCreateCancelPath; - - # util/virtypedparam.h virTypedParameterAssign; virTypedParameterAssignFromStr; diff --git a/src/qemu/Makefile.inc.am b/src/qemu/Makefile.inc.am index 254ba07dc0..72b28e731d 100644 --- a/src/qemu/Makefile.inc.am +++ b/src/qemu/Makefile.inc.am @@ -84,6 +84,7 @@ libvirt_driver_qemu_impl_la_CFLAGS =3D \ -I$(srcdir)/access \ -I$(srcdir)/conf \ -I$(srcdir)/secret \ + -I$(srcdir)/tpm \ $(AM_CFLAGS) \ $(NULL) libvirt_driver_qemu_impl_la_LDFLAGS =3D $(AM_LDFLAGS) diff --git a/src/security/Makefile.inc.am b/src/security/Makefile.inc.am index 64e0f46857..3e110596dc 100644 --- a/src/security/Makefile.inc.am +++ b/src/security/Makefile.inc.am @@ -47,6 +47,7 @@ noinst_LTLIBRARIES +=3D libvirt_security_manager.la libvirt_la_BUILT_LIBADD +=3D libvirt_security_manager.la libvirt_security_manager_la_CFLAGS =3D \ -I$(srcdir)/conf \ + -I$(srcdir)/tpm \ $(AM_CFLAGS) \ $(NULL) libvirt_security_manager_la_LDFLAGS =3D $(AM_LDFLAGS) diff --git a/src/tpm/Makefile.inc.am b/src/tpm/Makefile.inc.am new file mode 100644 index 0000000000..1f5131bf34 --- /dev/null +++ b/src/tpm/Makefile.inc.am @@ -0,0 +1,17 @@ +# vim: filetype=3Dautomake + +TPM_UTIL_SOURCES =3D \ + tpm/virtpm.h \ + tpm/virtpm.c \ + $(NULL) + + +EXTRA_DIST +=3D \ + $(TPM_UTIL_SOURCES) \ + $(NULL) + +noinst_LTLIBRARIES +=3D libvirt_tpm.la +libvirt_la_BUILT_LIBADD +=3D libvirt_tpm.la +libvirt_tpm_la_CFLAGS =3D $(AM_CFLAGS) +libvirt_tpm_la_LDFLAGS =3D $(AM_LDFLAGS) +libvirt_tpm_la_SOURCES =3D $(TPM_UTIL_SOURCES) diff --git a/src/util/virtpm.c b/src/tpm/virtpm.c similarity index 100% rename from src/util/virtpm.c rename to src/tpm/virtpm.c diff --git a/src/util/virtpm.h b/src/tpm/virtpm.h similarity index 100% rename from src/util/virtpm.h rename to src/tpm/virtpm.h diff --git a/src/util/Makefile.inc.am b/src/util/Makefile.inc.am index c757f5a6ae..8b2ff6be6b 100644 --- a/src/util/Makefile.inc.am +++ b/src/util/Makefile.inc.am @@ -205,8 +205,6 @@ UTIL_SOURCES =3D \ util/virthreadpool.h \ util/virtime.c \ util/virtime.h \ - util/virtpm.c \ - util/virtpm.h \ util/virtypedparam.c \ util/virtypedparam.h \ util/virusb.c \ diff --git a/tests/Makefile.am b/tests/Makefile.am index 115afa1c1a..ffc9f7f92e 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -25,6 +25,7 @@ AM_CPPFLAGS =3D \ -I$(top_builddir)/src -I$(top_srcdir)/src \ -I$(top_srcdir)/src/util \ -I$(top_srcdir)/src/conf \ + -I$(top_srcdir)/src/tpm \ $(NULL) =20 WARN_CFLAGS +=3D $(RELAXED_FRAME_LIMIT_CFLAGS) --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562694275; cv=none; d=zoho.com; s=zohoarc; b=LtiCjSYKGiABGoSNXgA8RYIgpxl195htshPo4do1qlQ+S1HRVngmRLzH0uFOR2cyIu4JDBoz7jdWTb/pc5IFFSbaO3G82slE/l1CNr52T7YxFsPF7Yj+Pv/aRabS+Ex9I8mTnlDD8wMT7QO9HiGIFlH9IXbgYauEVDwUw4TUnkk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562694275; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=eVXQDLNjglNdOZgNhdinu8ebd4GElqzzzcG//nnL9kQ=; b=CmWvZEib42Q6Y3qW97Y7VspYeJ2Yo+f3TF/V3UOBDxu1FgU0j6Ub0utakcymBvdDPNlyspEw62TnniKSVzovPl+cFWE4PVdYVUIwP5lCaXHAB27jz73VMAblEaQo+w3c9QY420rYJCs/ftX5H/nMEhv/WzO66W+CoWvG63xdjcI= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562694275618184.8723578262851; Tue, 9 Jul 2019 10:44:35 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AD5243082204; Tue, 9 Jul 2019 17:44:04 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 507125FCA7; Tue, 9 Jul 2019 17:44:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A5E941833002; Tue, 9 Jul 2019 17:43:55 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69Hhqv5031068 for ; Tue, 9 Jul 2019 13:43:52 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5EB405C2F7; Tue, 9 Jul 2019 17:43:52 +0000 (UTC) Received: from mx1.redhat.com (ext-mx14.extmail.prod.ext.phx2.redhat.com [10.5.110.43]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 574785FCA6 for ; Tue, 9 Jul 2019 17:43:49 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B2F9F308FBAC for ; Tue, 9 Jul 2019 17:43:41 +0000 (UTC) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HN2N6093542; Tue, 9 Jul 2019 13:23:46 -0400 Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0a-001b2d01.pphosted.com with ESMTP id 2tmxrmhdsd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Jul 2019 13:23:45 -0400 Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id x69HJnOU005146; Tue, 9 Jul 2019 17:23:44 GMT Received: from b01cxnp22036.gho.pok.ibm.com (b01cxnp22036.gho.pok.ibm.com [9.57.198.26]) by ppma04dal.us.ibm.com with ESMTP id 2tjk96ejp3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Jul 2019 17:23:44 +0000 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNhLR32506126 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:43 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AA2A3112062; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9BD05112061; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:33 -0400 Message-Id: <20190709172341.3063264-11-stefanb@linux.vnet.ibm.com> In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=883 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Tue, 09 Jul 2019 17:43:41 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Tue, 09 Jul 2019 17:43:41 +0000 (UTC) for IP:'148.163.156.1' DOMAIN:'mx0a-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.156.1 mx0a-001b2d01.pphosted.com 148.163.156.1 mx0a-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.43 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 10/18] tpm: Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Tue, 09 Jul 2019 17:44:18 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c and introduce a few functions to query the executables needed for virCommands. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- src/libvirt_private.syms | 4 ++ src/qemu/qemu_tpm.c | 83 ++++-------------------------------- src/tpm/virtpm.c | 91 ++++++++++++++++++++++++++++++++++++++++ src/tpm/virtpm.h | 5 +++ 4 files changed, 108 insertions(+), 75 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index e29007cab1..e33d7d9f14 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1447,6 +1447,10 @@ virSecurityManagerVerify; =20 # tpm/virtpm.h virTPMCreateCancelPath; +virTPMEmulatorInit; +virTPMGetSwtpm; +virTPMGetSwtpmIoctl; +virTPMGetSwtpmSetup; =20 =20 # util/viralloc.h diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index cc8c69433b..61b4f72320 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -41,79 +41,12 @@ #include "configmake.h" #include "dirname.h" #include "qemu_tpm.h" +#include "virtpm.h" =20 #define VIR_FROM_THIS VIR_FROM_NONE =20 VIR_LOG_INIT("qemu.tpm"); =20 -/* - * executables for the swtpm; to be found on the host - */ -static char *swtpm_path; -static char *swtpm_setup; -static char *swtpm_ioctl; - -/* - * qemuTPMEmulatorInit - * - * Initialize the Emulator functions by searching for necessary - * executables that we will use to start and setup the swtpm - */ -static int -qemuTPMEmulatorInit(void) -{ - if (!swtpm_path) { - swtpm_path =3D virFindFileInPath("swtpm"); - if (!swtpm_path) { - virReportSystemError(ENOENT, "%s", - _("Unable to find 'swtpm' binary in $PATH= ")); - return -1; - } - if (!virFileIsExecutable(swtpm_path)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("TPM emulator %s is not an executable"), - swtpm_path); - VIR_FREE(swtpm_path); - return -1; - } - } - - if (!swtpm_setup) { - swtpm_setup =3D virFindFileInPath("swtpm_setup"); - if (!swtpm_setup) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Could not find 'swtpm_setup' in PATH")); - return -1; - } - if (!virFileIsExecutable(swtpm_setup)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("'%s' is not an executable"), - swtpm_setup); - VIR_FREE(swtpm_setup); - return -1; - } - } - - if (!swtpm_ioctl) { - swtpm_ioctl =3D virFindFileInPath("swtpm_ioctl"); - if (!swtpm_ioctl) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Could not find swtpm_ioctl in PATH")); - return -1; - } - if (!virFileIsExecutable(swtpm_ioctl)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("swtpm_ioctl program %s is not an executable"= ), - swtpm_ioctl); - VIR_FREE(swtpm_ioctl); - return -1; - } - } - - return 0; -} - - /* * qemuTPMCreateEmulatorStoragePath * @@ -350,7 +283,7 @@ qemuTPMEmulatorGetPid(const char *swtpmStateDir, if (!pidfile) return -ENOMEM; =20 - ret =3D virPidFileReadPathIfAlive(pidfile, pid, swtpm_path); + ret =3D virPidFileReadPathIfAlive(pidfile, pid, virTPMGetSwtpm()); =20 VIR_FREE(pidfile); =20 @@ -386,7 +319,7 @@ qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm, { int ret =3D -1; =20 - if (qemuTPMEmulatorInit() < 0) + if (virTPMEmulatorInit() < 0) return -1; =20 /* create log dir ... allow 'tss' user to cd into it */ @@ -478,7 +411,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath, "this requires privileged mode for a " "TPM 1.2\n"), 0600); =20 - cmd =3D virCommandNew(swtpm_setup); + cmd =3D virCommandNew(virTPMGetSwtpmSetup()); if (!cmd) goto cleanup; =20 @@ -518,7 +451,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath, virReportError(VIR_ERR_INTERNAL_ERROR, _("Could not run '%s'. exitstatus: %d; " "Check error log '%s' for details."), - swtpm_setup, exitstatus, logfile); + virTPMGetSwtpmSetup(), exitstatus, logfile); goto cleanup; } =20 @@ -575,7 +508,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, =20 unlink(tpm->data.emulator.source.data.nix.path); =20 - cmd =3D virCommandNew(swtpm_path); + cmd =3D virCommandNew(virTPMGetSwtpm()); if (!cmd) goto error; =20 @@ -640,7 +573,7 @@ qemuTPMEmulatorStop(const char *swtpmStateDir, char *pathname; char *errbuf =3D NULL; =20 - if (qemuTPMEmulatorInit() < 0) + if (virTPMEmulatorInit() < 0) return; =20 if (!(pathname =3D qemuTPMCreateEmulatorSocket(swtpmStateDir, shortNam= e))) @@ -649,7 +582,7 @@ qemuTPMEmulatorStop(const char *swtpmStateDir, if (!virFileExists(pathname)) goto cleanup; =20 - cmd =3D virCommandNew(swtpm_ioctl); + cmd =3D virCommandNew(virTPMGetSwtpmIoctl()); if (!cmd) goto cleanup; =20 diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c index 583b9a64a4..4635d8add0 100644 --- a/src/tpm/virtpm.c +++ b/src/tpm/virtpm.c @@ -72,3 +72,94 @@ virTPMCreateCancelPath(const char *devpath) cleanup: return path; } + +/* + * executables for the swtpm; to be found on the host + */ +static char *swtpm_path; +static char *swtpm_setup; +static char *swtpm_ioctl; + +const char * +virTPMGetSwtpm(void) +{ + if (!swtpm_path) + virTPMEmulatorInit(); + return swtpm_path; +} + +const char * +virTPMGetSwtpmSetup(void) +{ + if (!swtpm_setup) + virTPMEmulatorInit(); + return swtpm_setup; +} + +const char * +virTPMGetSwtpmIoctl(void) +{ + if (!swtpm_ioctl) + virTPMEmulatorInit(); + return swtpm_ioctl; +} + +/* + * virTPMEmulatorInit + * + * Initialize the Emulator functions by searching for necessary + * executables that we will use to start and setup the swtpm + */ +int +virTPMEmulatorInit(void) +{ + if (!swtpm_path) { + swtpm_path =3D virFindFileInPath("swtpm"); + if (!swtpm_path) { + virReportSystemError(ENOENT, "%s", + _("Unable to find 'swtpm' binary in $PATH= ")); + return -1; + } + if (!virFileIsExecutable(swtpm_path)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("TPM emulator %s is not an executable"), + swtpm_path); + VIR_FREE(swtpm_path); + return -1; + } + } + + if (!swtpm_setup) { + swtpm_setup =3D virFindFileInPath("swtpm_setup"); + if (!swtpm_setup) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Could not find 'swtpm_setup' in PATH")); + return -1; + } + if (!virFileIsExecutable(swtpm_setup)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("'%s' is not an executable"), + swtpm_setup); + VIR_FREE(swtpm_setup); + return -1; + } + } + + if (!swtpm_ioctl) { + swtpm_ioctl =3D virFindFileInPath("swtpm_ioctl"); + if (!swtpm_ioctl) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Could not find swtpm_ioctl in PATH")); + return -1; + } + if (!virFileIsExecutable(swtpm_ioctl)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("swtpm_ioctl program %s is not an executable"= ), + swtpm_ioctl); + VIR_FREE(swtpm_ioctl); + return -1; + } + } + + return 0; +} diff --git a/src/tpm/virtpm.h b/src/tpm/virtpm.h index 4408bdb217..66d55fb231 100644 --- a/src/tpm/virtpm.h +++ b/src/tpm/virtpm.h @@ -21,3 +21,8 @@ #pragma once =20 char *virTPMCreateCancelPath(const char *devpath) ATTRIBUTE_NOINLINE; + +const char *virTPMGetSwtpm(void); +const char *virTPMGetSwtpmSetup(void); +const char *virTPMGetSwtpmIoctl(void); +int virTPMEmulatorInit(void); --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562694744; cv=none; d=zoho.com; s=zohoarc; b=I0CoT0J6K2SAOTazch1M3k7Nr7b2XbBTbCYdsXXda/BKPRdUb3H8CIepdoH0CP1zog25W3GJLCJrbHw3KpNvK8WIgpSVMM1nZqYnmlpmMyS7wPZMVjYOl/6SAAJ9KyFp4HfPN9ZlOW6u3tFFodRepx4KlUW8C1R2R0NR7K2oiMA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562694744; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=QMaaMa3mwUrD7+nc8eVRp9qqmxFTJd7ls6lTCrGc8Yc=; b=TGtkwjOGkAFeGmSH061F+FIiHux51QdwCfJIxqcSFTwcgqia2HSaqU3NYEak8IhZDPtOdr0VCZL056qB4VpubRHfus12DDkWNm+Cy843MxPDNhMVa2R5aijQhRIXqYqUiWKQnkyMavfp93I1DQrolr6iPpI9x6BnCD9csRwQDBY= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562694744029495.31353162324433; Tue, 9 Jul 2019 10:52:24 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 029CA300147C; Tue, 9 Jul 2019 17:52:15 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D34851001DDB; Tue, 9 Jul 2019 17:52:13 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 726F5206D1; Tue, 9 Jul 2019 17:52:10 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69HpkH1032478 for ; Tue, 9 Jul 2019 13:51:46 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1280960852; Tue, 9 Jul 2019 17:51:46 +0000 (UTC) Received: from mx1.redhat.com (ext-mx19.extmail.prod.ext.phx2.redhat.com [10.5.110.48]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0842892AC0 for ; Tue, 9 Jul 2019 17:51:43 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6304E307D9CE for ; Tue, 9 Jul 2019 17:51:35 +0000 (UTC) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HN2N7093542; Tue, 9 Jul 2019 13:23:46 -0400 Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com with ESMTP id 2tmxrmhdsf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Jul 2019 13:23:46 -0400 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id x69HJmpk029734; Tue, 9 Jul 2019 17:23:44 GMT Received: from b01cxnp22036.gho.pok.ibm.com (b01cxnp22036.gho.pok.ibm.com [9.57.198.26]) by ppma01dal.us.ibm.com with ESMTP id 2tjk976jk4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Jul 2019 17:23:44 +0000 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNhGZ32506128 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:43 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C2597112064; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B56EC112063; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:34 -0400 Message-Id: <20190709172341.3063264-12-stefanb@linux.vnet.ibm.com> In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=848 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: Delayed for 00:27:49 by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Tue, 09 Jul 2019 17:51:35 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Tue, 09 Jul 2019 17:51:35 +0000 (UTC) for IP:'148.163.156.1' DOMAIN:'mx0a-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.156.1 mx0a-001b2d01.pphosted.com 148.163.156.1 mx0a-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.48 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 11/18] tpm: Refactor virTPMEmulatorInit to use loop X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Tue, 09 Jul 2019 17:52:22 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Refactor virTPMEmulatorInit to use a loop with parameters. This allows for easier extension later on. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- src/tpm/virtpm.c | 80 ++++++++++++++++++++++-------------------------- 1 file changed, 37 insertions(+), 43 deletions(-) diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c index 4635d8add0..0179b1e8be 100644 --- a/src/tpm/virtpm.c +++ b/src/tpm/virtpm.c @@ -113,51 +113,45 @@ virTPMGetSwtpmIoctl(void) int virTPMEmulatorInit(void) { - if (!swtpm_path) { - swtpm_path =3D virFindFileInPath("swtpm"); - if (!swtpm_path) { - virReportSystemError(ENOENT, "%s", - _("Unable to find 'swtpm' binary in $PATH= ")); - return -1; + static const struct { + const char *name; + char **path; + } prgs[] =3D { + { + .name =3D "swtpm", + .path =3D &swtpm_path, + }, + { + .name =3D "swtpm_setup", + .path =3D &swtpm_setup, + }, + { + .name =3D "swtpm_ioctl", + .path =3D &swtpm_ioctl, } - if (!virFileIsExecutable(swtpm_path)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("TPM emulator %s is not an executable"), - swtpm_path); - VIR_FREE(swtpm_path); - return -1; - } - } - - if (!swtpm_setup) { - swtpm_setup =3D virFindFileInPath("swtpm_setup"); - if (!swtpm_setup) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Could not find 'swtpm_setup' in PATH")); - return -1; - } - if (!virFileIsExecutable(swtpm_setup)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("'%s' is not an executable"), - swtpm_setup); - VIR_FREE(swtpm_setup); - return -1; - } - } + }; + size_t i; =20 - if (!swtpm_ioctl) { - swtpm_ioctl =3D virFindFileInPath("swtpm_ioctl"); - if (!swtpm_ioctl) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Could not find swtpm_ioctl in PATH")); - return -1; - } - if (!virFileIsExecutable(swtpm_ioctl)) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("swtpm_ioctl program %s is not an executable"= ), - swtpm_ioctl); - VIR_FREE(swtpm_ioctl); - return -1; + for (i =3D 0; i < ARRAY_CARDINALITY(prgs); i++) { + char *path; + bool findit =3D *prgs[i].path =3D=3D NULL; + + if (findit) { + path =3D virFindFileInPath(prgs[i].name); + if (!path) { + virReportSystemError(ENOENT, + _("Unable to find '%s' binary in $PATH"), + prgs[i].name); + return -1; + } + if (!virFileIsExecutable(path)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("%s is not an executable"), + path); + VIR_FREE(path); + return -1; + } + *prgs[i].path =3D path; } } =20 --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562698144; cv=none; d=zoho.com; s=zohoarc; b=nvlCE0p18Yl9iENtOiSeuWnJDqolUdZeiI80Kkke9feJrlsbNCbaTQJ4XRhIWXi4rlaA/Xg0jxWzHD+ZiGF8fHZQdluS+L5qOnwQNh31b4wvFO0hk0vp4q3XBdh75cglj6CLyemmaxzUa8tQ5jpewVStvp8aW+4sBdtKJGqmRRQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562698144; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=iJEctJn6pCIG5dBeCcn3quTYcMBHlpHBhPVQfm0ADz4=; b=V3SM7XDP9gO8bJmpK8broPB2R/YHjzD7mYR5eCUXIeg2d1VosmjwSqgIcoaNmYMfV/2AZGc2ASNFlaL8+feICVopgCJsTvM2eeN7cYloCnngszvAufrs7UkeMYwXw2RCHWR/sNYrAFJXImRHUEG3HInlmEEdjh4Ssa1H6nccQc8= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562698144769157.17579565818016; Tue, 9 Jul 2019 11:49:04 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8F677A0B47; Tue, 9 Jul 2019 18:49:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 60FE35C306; Tue, 9 Jul 2019 18:49:00 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1C3CC1833002; Tue, 9 Jul 2019 18:48:59 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69ImvAU011180 for ; Tue, 9 Jul 2019 14:48:57 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5E7C08378A; Tue, 9 Jul 2019 18:48:57 +0000 (UTC) Received: from mx1.redhat.com (ext-mx05.extmail.prod.ext.phx2.redhat.com [10.5.110.29]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 596338703B for ; Tue, 9 Jul 2019 18:48:55 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4C3482E97CD for ; Tue, 9 Jul 2019 18:48:43 +0000 (UTC) Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HMQuF041997 for ; Tue, 9 Jul 2019 13:23:47 -0400 Received: from e14.ny.us.ibm.com (e14.ny.us.ibm.com [129.33.205.204]) by mx0b-001b2d01.pphosted.com with ESMTP id 2tmx29b527-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 09 Jul 2019 13:23:46 -0400 Received: from localhost by e14.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 9 Jul 2019 18:23:46 +0100 Received: from b01cxnp22036.gho.pok.ibm.com (9.57.198.26) by e14.ny.us.ibm.com (146.89.104.201) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 9 Jul 2019 18:23:44 +0100 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNhU37275268 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:44 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DA378112062; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CD453112061; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:35 -0400 In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19070917-0052-0000-0000-000003DC506D X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00011401; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000286; SDB=6.01229777; UDB=6.00647692; IPR=6.01011037; MB=3.00027654; MTD=3.00000008; XFM=3.00000015; UTC=2019-07-09 17:23:46 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19070917-0053-0000-0000-000061A01B65 Message-Id: <20190709172341.3063264-13-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=840 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: Delayed for 01:24:57 by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 09 Jul 2019 18:48:43 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 09 Jul 2019 18:48:43 +0000 (UTC) for IP:'148.163.158.5' DOMAIN:'mx0b-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.158.5 mx0b-001b2d01.pphosted.com 148.163.158.5 mx0b-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.29 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 12/18] tpm: Check whether previously found executables were updated X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 09 Jul 2019 18:49:02 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Check whether previously found executables were updated and if so look for them again. This helps to use updated features of swtpm and its tools upon updating them. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- src/qemu/qemu_tpm.c | 1 + src/tpm/virtpm.c | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 61b4f72320..2afa8db448 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -20,6 +20,7 @@ =20 #include =20 +#include #include #include #include diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c index 0179b1e8be..e4735f9c4d 100644 --- a/src/tpm/virtpm.c +++ b/src/tpm/virtpm.c @@ -77,8 +77,13 @@ virTPMCreateCancelPath(const char *devpath) * executables for the swtpm; to be found on the host */ static char *swtpm_path; +static struct stat swtpm_stat; + static char *swtpm_setup; +static struct stat swtpm_setup_stat; + static char *swtpm_ioctl; +static struct stat swtpm_ioctl_stat; =20 const char * virTPMGetSwtpm(void) @@ -116,18 +121,22 @@ virTPMEmulatorInit(void) static const struct { const char *name; char **path; + struct stat *stat; } prgs[] =3D { { .name =3D "swtpm", .path =3D &swtpm_path, + .stat =3D &swtpm_stat, }, { .name =3D "swtpm_setup", .path =3D &swtpm_setup, + .stat =3D &swtpm_setup_stat, }, { .name =3D "swtpm_ioctl", .path =3D &swtpm_ioctl, + .stat =3D &swtpm_ioctl_stat, } }; size_t i; @@ -135,6 +144,23 @@ virTPMEmulatorInit(void) for (i =3D 0; i < ARRAY_CARDINALITY(prgs); i++) { char *path; bool findit =3D *prgs[i].path =3D=3D NULL; + struct stat statbuf; + char *tmp; + + if (!findit) { + /* has executables changed? */ + if (stat(*prgs[i].path, &statbuf) < 0) { + virReportSystemError(errno, + _("Could not stat %s"), path); + findit =3D true; + } + if (!findit && + memcmp(&statbuf.st_mtim, + &prgs[i].stat->st_mtime, + sizeof(statbuf.st_mtim))) { + findit =3D true; + } + } =20 if (findit) { path =3D virFindFileInPath(prgs[i].name); @@ -151,7 +177,15 @@ virTPMEmulatorInit(void) VIR_FREE(path); return -1; } + if (stat(path, prgs[i].stat) < 0) { + virReportSystemError(errno, + _("Could not stat %s"), path); + VIR_FREE(path); + return -1; + } + tmp =3D *prgs[i].path; *prgs[i].path =3D path; + VIR_FREE(tmp); } } =20 --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562697575; cv=none; d=zoho.com; s=zohoarc; b=G1Hp3S4IotWwOjsltsgDH0Qiqgm3oeCf4a6syMxU+k2sDVauLFol6+xBn2t/LBAqGB6R8oeHzGTd1wtcV+fneRUij8FMPayUdVch776GyCrq7fvunQGMfmPPUF4okmLpjoslVRLjaNUS0OP1kmLf8UiKVaPmaImnpdZQ/W7xXbU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562697575; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=eInpu4flTwXhwu82uIH30XJY2BQcke5NTxh3YvBuryk=; b=M9tFGD9u6nSG2NuXpxjuwH1WLMxzxYIAhda0so6e3pEfVkOYaf4akL+gDtEJ4YddCw8s1WVzpGB0pRAJcF4GO1uCysYokdkPrdAtPNiAy3bpBQS0dZy+/nfwKQ14DDntrpigCETIGgkgObuE2KZU9lYY/oqdeS6HgSbyx8lAYpw= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 156269757598485.11003958514448; Tue, 9 Jul 2019 11:39:35 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A6122C05FBCB; Tue, 9 Jul 2019 18:39:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6887D5F9A7; Tue, 9 Jul 2019 18:38:55 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 74AD51833003; Tue, 9 Jul 2019 18:38:50 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69IclfA009499 for ; Tue, 9 Jul 2019 14:38:47 -0400 Received: by smtp.corp.redhat.com (Postfix) id 209B25F7DD; Tue, 9 Jul 2019 18:38:47 +0000 (UTC) Received: from mx1.redhat.com (ext-mx11.extmail.prod.ext.phx2.redhat.com [10.5.110.40]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 19D7392D2C for ; Tue, 9 Jul 2019 18:38:47 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 26F7F30BDE49 for ; Tue, 9 Jul 2019 18:38:37 +0000 (UTC) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HNbm2056402 for ; Tue, 9 Jul 2019 13:23:48 -0400 Received: from e14.ny.us.ibm.com (e14.ny.us.ibm.com [129.33.205.204]) by mx0a-001b2d01.pphosted.com with ESMTP id 2tmx8ctsf6-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 09 Jul 2019 13:23:48 -0400 Received: from localhost by e14.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 9 Jul 2019 18:23:46 +0100 Received: from b01cxnp23032.gho.pok.ibm.com (9.57.198.27) by e14.ny.us.ibm.com (146.89.104.201) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 9 Jul 2019 18:23:45 +0100 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNig042992086 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:44 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 09503112061; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E5431112063; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:36 -0400 In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19070917-0052-0000-0000-000003DC506E X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00011401; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000286; SDB=6.01229777; UDB=6.00647692; IPR=6.01011037; MB=3.00027654; MTD=3.00000008; XFM=3.00000015; UTC=2019-07-09 17:23:46 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19070917-0053-0000-0000-000061A01B66 Message-Id: <20190709172341.3063264-14-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=4 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: Delayed for 01:14:51 by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Tue, 09 Jul 2019 18:38:37 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Tue, 09 Jul 2019 18:38:37 +0000 (UTC) for IP:'148.163.156.1' DOMAIN:'mx0a-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.156.1 mx0a-001b2d01.pphosted.com 148.163.156.1 mx0a-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.40 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 13/18] tpm: Parse the capabilities supported by swtpm and swtpm_setup X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Tue, 09 Jul 2019 18:39:32 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Run 'swtpm socket --print-capabilities' and 'swtpm_setup --print-capabilities' to get the JSON object of the features the programs are supporting and parse them into a bitmap. Signed-off-by: Stefan Berger --- src/conf/Makefile.inc.am | 6 ++ src/conf/virtpm_conf.c | 36 ++++++++++++ src/conf/virtpm_conf.h | 36 ++++++++++++ src/libvirt_private.syms | 5 ++ src/tpm/Makefile.inc.am | 5 +- src/tpm/virtpm.c | 123 ++++++++++++++++++++++++++++++++++++++- 6 files changed, 209 insertions(+), 2 deletions(-) create mode 100644 src/conf/virtpm_conf.c create mode 100644 src/conf/virtpm_conf.h diff --git a/src/conf/Makefile.inc.am b/src/conf/Makefile.inc.am index 08c7c9da7f..e42425fcc5 100644 --- a/src/conf/Makefile.inc.am +++ b/src/conf/Makefile.inc.am @@ -153,6 +153,11 @@ DEVICE_CONF_SOURCES =3D \ conf/device_conf.h \ $(NULL) =20 +TPM_CONF_SOURCES =3D \ + conf/virtpm_conf.c \ + conf/virtpm_conf.h \ + $(NULL) + CONF_SOURCES =3D \ $(NETDEV_CONF_SOURCES) \ $(DOMAIN_CONF_SOURCES) \ @@ -171,6 +176,7 @@ CONF_SOURCES =3D \ $(CPU_CONF_SOURCES) \ $(CHRDEV_CONF_SOURCES) \ $(DEVICE_CONF_SOURCES) \ + $(TPM_CONF_SOURCES) \ $(NULL) =20 noinst_LTLIBRARIES +=3D libvirt_conf.la diff --git a/src/conf/virtpm_conf.c b/src/conf/virtpm_conf.c new file mode 100644 index 0000000000..12e69e67b3 --- /dev/null +++ b/src/conf/virtpm_conf.c @@ -0,0 +1,36 @@ +/* + * virtpm_conf.c: vTPM XML processing + * + * Copyright (C) 2019 IBM Corporation + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#include + +#include "virenum.h" +#include "virtpm_conf.h" + +#define VIR_FROM_THIS VIR_FROM_NONE + +VIR_ENUM_IMPL(virTPMSwtpmFeature, + VIR_TPM_SWTPM_FEATURE_LAST, + "cmdarg-pwd-fd", +); + +VIR_ENUM_IMPL(virTPMSwtpmSetupFeature, + VIR_TPM_SWTPM_SETUP_FEATURE_LAST, + "cmdarg-pwdfile-fd", +); diff --git a/src/conf/virtpm_conf.h b/src/conf/virtpm_conf.h new file mode 100644 index 0000000000..73c6c67271 --- /dev/null +++ b/src/conf/virtpm_conf.h @@ -0,0 +1,36 @@ +/* + * virtpm_conf.h: vTPM XML processing + * + * Copyright (C) 2019 IBM Corporation + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#pragma once + +typedef enum { + VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD, + + VIR_TPM_SWTPM_FEATURE_LAST +} virTPMSwtpmFeature; + +typedef enum { + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD, + + VIR_TPM_SWTPM_SETUP_FEATURE_LAST +} virTPMSwtpmSetupFeature; + +VIR_ENUM_DECL(virTPMSwtpmFeature); +VIR_ENUM_DECL(virTPMSwtpmSetupFeature); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index e33d7d9f14..d2045895a1 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1236,6 +1236,11 @@ virStoragePoolObjVolumeGetNames; virStoragePoolObjVolumeListExport; =20 =20 +# conf/virtpm_conf.h +virTPMSwtpmFeatureTypeFromString; +virTPMSwtpmSetupFeatureTypeFromString; + + # cpu/cpu.h cpuDecode; cpuEncode; diff --git a/src/tpm/Makefile.inc.am b/src/tpm/Makefile.inc.am index 1f5131bf34..d8a15c406c 100644 --- a/src/tpm/Makefile.inc.am +++ b/src/tpm/Makefile.inc.am @@ -12,6 +12,9 @@ EXTRA_DIST +=3D \ =20 noinst_LTLIBRARIES +=3D libvirt_tpm.la libvirt_la_BUILT_LIBADD +=3D libvirt_tpm.la -libvirt_tpm_la_CFLAGS =3D $(AM_CFLAGS) +libvirt_tpm_la_CFLAGS =3D \ + -I$(srcdir)/conf \ + $(AM_CFLAGS) \ + $(NULL) libvirt_tpm_la_LDFLAGS =3D $(AM_LDFLAGS) libvirt_tpm_la_SOURCES =3D $(TPM_UTIL_SOURCES) diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c index e4735f9c4d..42dd2b1bb2 100644 --- a/src/tpm/virtpm.c +++ b/src/tpm/virtpm.c @@ -27,6 +27,10 @@ #include "viralloc.h" #include "virfile.h" #include "virtpm.h" +#include "vircommand.h" +#include "virbitmap.h" +#include "virjson.h" +#include "virtpm_conf.h" =20 #define VIR_FROM_THIS VIR_FROM_NONE =20 @@ -74,17 +78,22 @@ virTPMCreateCancelPath(const char *devpath) } =20 /* - * executables for the swtpm; to be found on the host + * executables for the swtpm; to be found on the host along with + * capabilties bitmap */ static char *swtpm_path; static struct stat swtpm_stat; +static virBitmapPtr swtpm_caps; =20 static char *swtpm_setup; static struct stat swtpm_setup_stat; +static virBitmapPtr swtpm_setup_caps; =20 static char *swtpm_ioctl; static struct stat swtpm_ioctl_stat; =20 +typedef int (*TypeFromStringFn)(const char *); + const char * virTPMGetSwtpm(void) { @@ -109,6 +118,106 @@ virTPMGetSwtpmIoctl(void) return swtpm_ioctl; } =20 +/* virTPMExecGetCaps + * + * Execute the prepared command and parse the returned JSON object + * to get the capabilities supported by the executable. + * A JSON object like this is expected: + * + * { + * "type": "swtpm", + * "features": [ + * "cmdarg-seccomp", + * "cmdarg-key-fd", + * "cmdarg-pwd-fd" + * ] + * } + */ +static virBitmapPtr +virTPMExecGetCaps(virCommandPtr cmd, + TypeFromStringFn typeFromStringFn) +{ + int exitstatus; + virBitmapPtr bitmap; + char *outbuf =3D NULL; + virJSONValuePtr json =3D NULL; + virJSONValuePtr featureList; + virJSONValuePtr item; + size_t idx; + const char *str; + int typ; + + if (!(bitmap =3D virBitmapNewEmpty())) + return NULL; + + virCommandSetOutputBuffer(cmd, &outbuf); + /* We allow the command to fail since older versions of it may + * not support --print-capabilities + */ + if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus !=3D 0) + goto cleanup; + + json =3D virJSONValueFromString(outbuf); + if (!json) + goto error_bad_json; + + featureList =3D virJSONValueObjectGetArray(json, "features"); + if (!featureList) + goto error_bad_json; + + if (!virJSONValueIsArray(featureList)) + goto error_bad_json; + + for (idx =3D 0; idx < virJSONValueArraySize(featureList); idx++) { + item =3D virJSONValueArrayGet(featureList, idx); + if (!item) + continue; + + str =3D virJSONValueGetString(item); + if (!str) + goto error_bad_json; + typ =3D typeFromStringFn(str); + if (typ < 0) + continue; + + if (virBitmapSetBitExpand(bitmap, typ) < 0) + goto cleanup; + } + + cleanup: + VIR_FREE(outbuf); + virJSONValueFree(json); + + return bitmap; + + error_bad_json: + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unexpected JSON format: %s"), outbuf); + goto cleanup; +} + +static virBitmapPtr +virTPMGetCaps(TypeFromStringFn typeFromStringFn, + const char *exec, const char *param1) +{ + virCommandPtr cmd; + virBitmapPtr bitmap; + + cmd =3D virCommandNew(exec); + if (!cmd) + return NULL; + if (param1) + virCommandAddArg(cmd, param1); + virCommandAddArg(cmd, "--print-capabilities"); + virCommandClearCaps(cmd); + + bitmap =3D virTPMExecGetCaps(cmd, typeFromStringFn); + + virCommandFree(cmd); + + return bitmap; +} + /* * virTPMEmulatorInit * @@ -122,16 +231,24 @@ virTPMEmulatorInit(void) const char *name; char **path; struct stat *stat; + const char *parm; + virBitmapPtr *caps; + TypeFromStringFn typeFromStringFn; } prgs[] =3D { { .name =3D "swtpm", .path =3D &swtpm_path, .stat =3D &swtpm_stat, + .parm =3D "socket", + .caps =3D &swtpm_caps, + .typeFromStringFn =3D virTPMSwtpmFeatureTypeFromString, }, { .name =3D "swtpm_setup", .path =3D &swtpm_setup, .stat =3D &swtpm_setup_stat, + .caps =3D &swtpm_setup_caps, + .typeFromStringFn =3D virTPMSwtpmSetupFeatureTypeFromString, }, { .name =3D "swtpm_ioctl", @@ -186,6 +303,10 @@ virTPMEmulatorInit(void) tmp =3D *prgs[i].path; *prgs[i].path =3D path; VIR_FREE(tmp); + + if (prgs[i].caps) + *prgs[i].caps =3D virTPMGetCaps(prgs[i].typeFromStringFn, + path, prgs[i].parm); } } =20 --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562694774; cv=none; d=zoho.com; s=zohoarc; b=hJ6my/nHAxnYC1m/T869Y+RmK9fLihsJskC6SMly78jWNhYxEGgsBzvOOhKz2o584vl7jK0eXoMYoWp0XSSLy4OHhcrWOxa61Drjuwkt90EblekAa6uVuR9oX1rZHAbE+7EImTKOWiKh5eXc+T3L2AgtE2qJliojDfc+PtXdSAA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562694774; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=I5uWwp0o7uxKeGNxVsD6P1Sp5b4zGaRI9v345EbbLjw=; b=O+w6/aVRXuZxMd7sN+FbqKVVWRc89SyeRrZue0wSvHl/rZaV94WGUszAH1jc1Lr0kUVuiUgrJAkIi9xZRsJ8Ny1ZVyGZaqNoCgSLYt53qc4uuCPZ7aO+3qLpFxxhkebYx4VeuCv6j5d6fGW2ogSHGLYrioMAv5W0osKHOI90m/w= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562694774794689.0256237227459; Tue, 9 Jul 2019 10:52:54 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id ED2592EF16E; Tue, 9 Jul 2019 17:52:47 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C76052BFA0; Tue, 9 Jul 2019 17:52:45 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5DD9F1833002; Tue, 9 Jul 2019 17:52:43 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69HqeQ9000703 for ; Tue, 9 Jul 2019 13:52:40 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1F2272BFA0; Tue, 9 Jul 2019 17:52:40 +0000 (UTC) Received: from mx1.redhat.com (ext-mx09.extmail.prod.ext.phx2.redhat.com [10.5.110.38]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1AA7C5B80B for ; Tue, 9 Jul 2019 17:52:37 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 50838F9E8E for ; Tue, 9 Jul 2019 17:52:21 +0000 (UTC) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HMO05114817; Tue, 9 Jul 2019 13:23:46 -0400 Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com with ESMTP id 2tmy5d87yc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Jul 2019 13:23:46 -0400 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id x69HJmQI002093; Tue, 9 Jul 2019 17:23:45 GMT Received: from b01cxnp23032.gho.pok.ibm.com (b01cxnp23032.gho.pok.ibm.com [9.57.198.27]) by ppma03dal.us.ibm.com with ESMTP id 2tjk96pk98-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Jul 2019 17:23:45 +0000 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNigo42992088 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:44 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2DF60112061; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0CA10112062; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:43 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:37 -0400 Message-Id: <20190709172341.3063264-15-stefanb@linux.vnet.ibm.com> In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: Delayed for 00:28:35 by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 09 Jul 2019 17:52:21 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 09 Jul 2019 17:52:21 +0000 (UTC) for IP:'148.163.156.1' DOMAIN:'mx0a-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.156.1 mx0a-001b2d01.pphosted.com 148.163.156.1 mx0a-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.38 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 14/18] tpm: Use fd to pass password to swtpm_setup and swtpm X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 09 Jul 2019 17:52:53 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Allow vTPM state encryption when swtpm_setup and swtpm support passing a passphrase using a file descriptor. This patch enables the encryption of the vTPM state only. It does not encrypt the state during migration, so the destination secret does not need to have the same password at this point. Signed-off-by: Stefan Berger --- src/libvirt_private.syms | 2 + src/qemu/qemu_tpm.c | 101 ++++++++++++++++++++++++++++++++++++++- src/tpm/virtpm.c | 16 +++++++ src/tpm/virtpm.h | 3 ++ 4 files changed, 120 insertions(+), 2 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index d2045895a1..d693f7facb 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1456,6 +1456,8 @@ virTPMEmulatorInit; virTPMGetSwtpm; virTPMGetSwtpmIoctl; virTPMGetSwtpmSetup; +virTPMSwtpmCapsGet; +virTPMSwtpmSetupCapsGet; =20 =20 # util/viralloc.h diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 2afa8db448..6e7d38b7e0 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -43,6 +43,8 @@ #include "dirname.h" #include "qemu_tpm.h" #include "virtpm.h" +#include "secret_util.h" +#include "virtpm_conf.h" =20 #define VIR_FROM_THIS VIR_FROM_NONE =20 @@ -372,6 +374,60 @@ qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm, return ret; } =20 +/* + * qemuTPMSetupEncryption + * + * @encryption: pointer to virStorageEncryption holding secret + * + * Returns file descriptor representing the read-end of a pipe. + * The passphrase can be read from this pipe. Returns < 0 in case + * of error. + * + * This function reads the passphrase and writes it into the + * write-end of a pipe so that the read-end of the pipe can be + * passed to the emulator for reading the passphrase from. + */ +static int +qemuTPMSetupEncryption(virStorageEncryptionPtr encryption) +{ + int ret =3D -1; + int pipefd[2] =3D { -1, -1 }; + virConnectPtr conn; + uint8_t *secret =3D NULL; + size_t secret_len; + + conn =3D virGetConnectSecret(); + if (!conn) + return -1; + + if (virSecretGetSecretString(conn, &encryption->secrets[0]->seclookupd= ef, + VIR_SECRET_USAGE_TYPE_VTPM, + &secret, &secret_len) < 0) + goto error; + + if (pipe(pipefd) =3D=3D -1) { + virReportSystemError(errno, "%s", + _("Unable to create pipe")); + goto error; + } + + if (safewrite(pipefd[1], secret, secret_len) !=3D secret_len) + goto error; + + ret =3D pipefd[0]; + + cleanup: + VIR_FREE(secret); + VIR_FORCE_CLOSE(pipefd[1]); + virObjectUnref(conn); + + return ret; + + error: + VIR_FORCE_CLOSE(pipefd[0]); + + goto cleanup; +} =20 /* * qemuTPMEmulatorRunSetup @@ -386,6 +442,7 @@ qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm, * @logfile: The file to write the log into; it must be writable * for the user given by userid or 'tss' * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2 + * @encryption: pointer to virStorageEncryption holding secret * * Setup the external swtpm by creating endorsement key and * certificates for it. @@ -398,13 +455,15 @@ qemuTPMEmulatorRunSetup(const char *storagepath, uid_t swtpm_user, gid_t swtpm_group, const char *logfile, - const virDomainTPMVersion tpmversion) + const virDomainTPMVersion tpmversion, + virStorageEncryptionPtr encryption) { virCommandPtr cmd =3D NULL; int exitstatus; int ret =3D -1; char uuid[VIR_UUID_STRING_BUFLEN]; char *vmid =3D NULL; + int pwdfile_fd =3D -1; =20 if (!privileged && tpmversion =3D=3D VIR_DOMAIN_TPM_VERSION_1_2) return virFileWriteStr(logfile, @@ -434,6 +493,22 @@ qemuTPMEmulatorRunSetup(const char *storagepath, break; } =20 + if (encryption) { + if (!virTPMSwtpmSetupCapsGet( + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD)) { + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, + _("%s does not support passing a passphrase using a file " + "descriptor"), virTPMGetSwtpmSetup()); + goto cleanup; + } + if ((pwdfile_fd =3D qemuTPMSetupEncryption(encryption)) < 0) + goto cleanup; + + virCommandAddArg(cmd, "--pwdfile-fd"); + virCommandAddArgFormat(cmd, "%d", pwdfile_fd); + virCommandAddArgList(cmd, "--cipher", "aes-256-cbc", NULL); + virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT= ); + } =20 virCommandAddArgList(cmd, "--tpm-state", storagepath, @@ -461,6 +536,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath, cleanup: VIR_FREE(vmid); virCommandFree(cmd); + VIR_FORCE_CLOSE(pwdfile_fd); =20 return ret; } @@ -496,6 +572,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, virCommandPtr cmd =3D NULL; bool created =3D false; char *pidfile; + int pwdfile_fd =3D -1; =20 if (qemuTPMCreateEmulatorStorage(tpm->data.emulator.storagepath, &created, swtpm_user, swtpm_group) < = 0) @@ -504,7 +581,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, if (created && qemuTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vm= uuid, privileged, swtpm_user, swtpm_group, - tpm->data.emulator.logfile, tpm->version) = < 0) + tpm->data.emulator.logfile, tpm->version, + tpm->data.emulator.encryption) < 0) goto error; =20 unlink(tpm->data.emulator.source.data.nix.path); @@ -547,11 +625,30 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, virCommandAddArgFormat(cmd, "file=3D%s", pidfile); VIR_FREE(pidfile); =20 + if (tpm->data.emulator.encryption) { + if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) { + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, + _("%s does not support passing passphrase via file descr= iptor"), + virTPMGetSwtpm()); + goto error; + } + + pwdfile_fd =3D qemuTPMSetupEncryption(tpm->data.emulator.encryptio= n); + if (pwdfile_fd < 0) + goto error; + + virCommandAddArg(cmd, "--key"); + virCommandAddArgFormat(cmd, "pwdfd=3D%d,mode=3Daes-256-cbc,kdf=3Dp= bkdf2", + pwdfile_fd); + virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT= ); + } + return cmd; =20 error: if (created) qemuTPMDeleteEmulatorStorage(tpm); + VIR_FORCE_CLOSE(pwdfile_fd); =20 virCommandFree(cmd); =20 diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c index 42dd2b1bb2..7e95dbad6f 100644 --- a/src/tpm/virtpm.c +++ b/src/tpm/virtpm.c @@ -312,3 +312,19 @@ virTPMEmulatorInit(void) =20 return 0; } + +bool +virTPMSwtpmCapsGet(unsigned int cap) +{ + if (virTPMEmulatorInit() < 0) + return false; + return virBitmapIsBitSet(swtpm_caps, cap); +} + +bool +virTPMSwtpmSetupCapsGet(unsigned int cap) +{ + if (virTPMEmulatorInit() < 0) + return false; + return virBitmapIsBitSet(swtpm_setup_caps, cap); +} diff --git a/src/tpm/virtpm.h b/src/tpm/virtpm.h index 66d55fb231..a8bb6e1ba0 100644 --- a/src/tpm/virtpm.h +++ b/src/tpm/virtpm.h @@ -26,3 +26,6 @@ const char *virTPMGetSwtpm(void); const char *virTPMGetSwtpmSetup(void); const char *virTPMGetSwtpmIoctl(void); int virTPMEmulatorInit(void); + +bool virTPMSwtpmCapsGet(unsigned int cap); +bool virTPMSwtpmSetupCapsGet(unsigned int cap); --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562698983; cv=none; d=zoho.com; s=zohoarc; b=gus+0wurS7kkd723bp8nRFxjpavTgqUrAIsN9OozuqwLTiI5nxnX39h2CooFUgxePE8VMydgZdKps1HYx4oBtzy3S6IkDxYEcAk58Hdez4cGpwm+d2Bd8L1AuBH5IykaQKBbodrN9Hi7CPpKchp7Q1UD+ftumprVrO0VOTbcOSk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562698983; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=8X0PMN4JrcW2RX3tVTFyH2+w1lbADUqxB8t/Teq5ZWA=; b=V9ZT50H7gUlN3fuwIlsPKzcvxEAWbuEpwc1XtpUgfNftPlqAxThWeFBfxGI5oevTXOgt3YHTKquE6tsLig2yZANYc9ZbdwojRfjeOL3wV4z8ZmcUQsZH9F1MCKA86ovp+z3pN9RRbSAEShaBLavga8wu/RQvwowbDv+ZJkWqouI= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562698983169427.46544197646733; Tue, 9 Jul 2019 12:03:03 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DE6D1A3EB4; Tue, 9 Jul 2019 19:03:00 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A64CF7E493; Tue, 9 Jul 2019 19:03:00 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 44F721833002; Tue, 9 Jul 2019 19:03:00 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69J2wBE013532 for ; Tue, 9 Jul 2019 15:02:58 -0400 Received: by smtp.corp.redhat.com (Postfix) id 82BDE7E49B; Tue, 9 Jul 2019 19:02:58 +0000 (UTC) Received: from mx1.redhat.com (ext-mx06.extmail.prod.ext.phx2.redhat.com [10.5.110.30]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7CE787E499 for ; Tue, 9 Jul 2019 19:02:55 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8E289A3EA7 for ; Tue, 9 Jul 2019 19:02:51 +0000 (UTC) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HMPh9114919 for ; Tue, 9 Jul 2019 13:23:49 -0400 Received: from e12.ny.us.ibm.com (e12.ny.us.ibm.com [129.33.205.202]) by mx0a-001b2d01.pphosted.com with ESMTP id 2tmy5d882q-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 09 Jul 2019 13:23:49 -0400 Received: from localhost by e12.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 9 Jul 2019 18:23:48 +0100 Received: from b01cxnp23032.gho.pok.ibm.com (9.57.198.27) by e12.ny.us.ibm.com (146.89.104.199) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 9 Jul 2019 18:23:45 +0100 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNi0x42992090 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:44 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 45C8E112062; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2F412112063; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:38 -0400 In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19070917-0060-0000-0000-0000035ADA43 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00011401; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000286; SDB=6.01229777; UDB=6.00647692; IPR=6.01011036; MB=3.00027654; MTD=3.00000008; XFM=3.00000015; UTC=2019-07-09 17:23:46 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19070917-0061-0000-0000-00004A124025 Message-Id: <20190709172341.3063264-16-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=841 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: Delayed for 01:39:05 by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 09 Jul 2019 19:02:51 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 09 Jul 2019 19:02:51 +0000 (UTC) for IP:'148.163.156.1' DOMAIN:'mx0a-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.156.1 mx0a-001b2d01.pphosted.com 148.163.156.1 mx0a-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.30 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 15/18] tpm: Pass migration key passphrase via fd to swtpm X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 09 Jul 2019 19:03:01 +0000 (UTC) Content-Type: text/plain; charset="utf-8" This patch now passes the passphrase as a migration key to swtpm. This now encrypts the state of the TPM while a VM is migrated between hosts or when suspended into a file. Since the migration key secret is the same as the state encryption secret, this now requires that the migration destination host has the same secret value. Signed-off-by: Stefan Berger --- src/qemu/qemu_tpm.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 6e7d38b7e0..8890647722 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -573,6 +573,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, bool created =3D false; char *pidfile; int pwdfile_fd =3D -1; + int migpwdfile_fd =3D -1; =20 if (qemuTPMCreateEmulatorStorage(tpm->data.emulator.storagepath, &created, swtpm_user, swtpm_group) < = 0) @@ -634,13 +635,19 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, } =20 pwdfile_fd =3D qemuTPMSetupEncryption(tpm->data.emulator.encryptio= n); - if (pwdfile_fd < 0) + migpwdfile_fd =3D qemuTPMSetupEncryption(tpm->data.emulator.encryp= tion); + if (pwdfile_fd < 0 || migpwdfile_fd < 0) goto error; =20 virCommandAddArg(cmd, "--key"); virCommandAddArgFormat(cmd, "pwdfd=3D%d,mode=3Daes-256-cbc,kdf=3Dp= bkdf2", pwdfile_fd); virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT= ); + + virCommandAddArg(cmd, "--migration-key"); + virCommandAddArgFormat(cmd, "pwdfd=3D%d,mode=3Daes-256-cbc,kdf=3Dp= bkdf2", + migpwdfile_fd); + virCommandPassFD(cmd, migpwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PAR= ENT); } =20 return cmd; @@ -649,6 +656,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, if (created) qemuTPMDeleteEmulatorStorage(tpm); VIR_FORCE_CLOSE(pwdfile_fd); + VIR_FORCE_CLOSE(migpwdfile_fd); =20 virCommandFree(cmd); =20 --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562693905; cv=none; d=zoho.com; s=zohoarc; b=N+8aDPLivWiIFis4e4jQloyPzQCC3zuMEfFH7tQw4JyIhfJ5RpbPedNWLvqqXS1OmTayGs+1ffS1MzqIK68ESuKY54U0/fg1wLlLaVpD2zg+DV0UerTSJkuvScTeu2f89UEAFj1XUlw0AqnrNe/r+6wiH15KTjm489Aq0vEaoN8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562693905; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=BRn4eew+WbquRKE2OQgR+ILP6fIbu6Y0nBfO/amdaeg=; b=lZFHZXIze4dTunVpYfbfjWHGsw1eVfHJxaAcrB6hFk0O4AFD1AAJjWQNetrFnzCuy66aEn9FyEq++EKXYQdBg18xSyxfB26yLcOEtQD0buLDv8iV6AdsU6yTfn3MGOHh4ySOnxM1vKbM3StEUfKUW8Wtkt2pPZh6ogksXGdRDM0= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562693905085240.97312849375885; Tue, 9 Jul 2019 10:38:25 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 43A2386679; Tue, 9 Jul 2019 17:37:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E16675DD6D; Tue, 9 Jul 2019 17:37:47 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D9BDC206D1; Tue, 9 Jul 2019 17:37:40 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69HbaZK030143 for ; Tue, 9 Jul 2019 13:37:36 -0400 Received: by smtp.corp.redhat.com (Postfix) id 4D3AC87053; Tue, 9 Jul 2019 17:37:36 +0000 (UTC) Received: from mx1.redhat.com (ext-mx08.extmail.prod.ext.phx2.redhat.com [10.5.110.32]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4734E8704D for ; Tue, 9 Jul 2019 17:37:29 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E6D22C0AF040 for ; Tue, 9 Jul 2019 17:37:25 +0000 (UTC) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HMQPV064056 for ; Tue, 9 Jul 2019 13:23:47 -0400 Received: from e13.ny.us.ibm.com (e13.ny.us.ibm.com [129.33.205.203]) by mx0b-001b2d01.pphosted.com with ESMTP id 2tmx3j2x09-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 09 Jul 2019 13:23:47 -0400 Received: from localhost by e13.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 9 Jul 2019 18:23:46 +0100 Received: from b01cxnp23032.gho.pok.ibm.com (9.57.198.27) by e13.ny.us.ibm.com (146.89.104.200) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 9 Jul 2019 18:23:45 +0100 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNiM130343602 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:44 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4AAC3112065; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 46E07112064; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:39 -0400 In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19070917-0064-0000-0000-000003F90402 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00011401; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000286; SDB=6.01229777; UDB=6.00647692; IPR=6.01011037; MB=3.00027654; MTD=3.00000008; XFM=3.00000015; UTC=2019-07-09 17:23:46 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19070917-0065-0000-0000-00003E323C4C Message-Id: <20190709172341.3063264-17-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: Delayed for 00:13:40 by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Tue, 09 Jul 2019 17:37:26 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Tue, 09 Jul 2019 17:37:26 +0000 (UTC) for IP:'148.163.158.5' DOMAIN:'mx0b-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.158.5 mx0b-001b2d01.pphosted.com 148.163.158.5 mx0b-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.32 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 16/18] tpm: Check TPM XML device configuration changes after edit X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 09 Jul 2019 17:38:19 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Since swtpm does not support getting started once it was created with encrypted enabled, we don't allow encryption to be removed. Similarly, we do not allow encrypted to be added once swtpm has run. Signed-off-by: Stefan Berger --- src/conf/domain_conf.c | 56 +++++++++++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 4 +++ src/libvirt_private.syms | 1 + src/qemu/qemu_driver.c | 28 ++++++++++++++++++++ src/qemu/qemu_extdevice.c | 2 +- src/qemu/qemu_extdevice.h | 3 +++ 6 files changed, 93 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index df6238c299..68ffdcd4df 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -31435,3 +31435,59 @@ virDomainGraphicsNeedsAutoRenderNode(const virDoma= inGraphicsDef *graphics) =20 return true; } + + +static int +virDomainCheckTPMChanges(virDomainDefPtr def, + virDomainDefPtr newDef) +{ + bool oldEnc, newEnc; + + if (!def->tpm) + return 0; + + switch (def->tpm->type) { + case VIR_DOMAIN_TPM_TYPE_EMULATOR: + if (virFileExists(def->tpm->data.emulator.storagepath)) { + /* VM has been started */ + /* Once a VM was started with an encrypted state we allow + * less configuration changes. + */ + oldEnc =3D def->tpm->data.emulator.encryption; + if (oldEnc && def->tpm->type !=3D newDef->tpm->type) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Changing the type of TPM is not allowed"= )); + return -1; + } + if (oldEnc && !newDef->tpm) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Removing an encrypted TPM is not allowed= ")); + return -1; + } + newEnc =3D newDef->tpm->data.emulator.encryption; + if (oldEnc !=3D newEnc) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("TPM state encryption cannot be changed " + "once VM was started")); + return -1; + } + } + break; + case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: + case VIR_DOMAIN_TPM_TYPE_LAST: + break; + } + + return 0; +} + + +int +virDomainCheckDeviceChanges(virDomainDefPtr def, + virDomainDefPtr newDef) +{ + if (!def || !newDef) + return 0; + + return virDomainCheckTPMChanges(def, newDef); +} \ No newline at end of file diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index a03986623a..a61faa7d57 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -3623,3 +3623,7 @@ virDomainGraphicsGetRenderNode(const virDomainGraphic= sDef *graphics); =20 bool virDomainGraphicsNeedsAutoRenderNode(const virDomainGraphicsDef *graphics); + +int +virDomainCheckDeviceChanges(virDomainDefPtr def, virDomainDefPtr newDef) + ATTRIBUTE_NONNULL(2); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index d693f7facb..f6f05ab207 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -205,6 +205,7 @@ virDomainBootTypeFromString; virDomainBootTypeToString; virDomainCapabilitiesPolicyTypeToString; virDomainCapsFeatureTypeToString; +virDomainCheckDeviceChanges; virDomainChrConsoleTargetTypeFromString; virDomainChrConsoleTargetTypeToString; virDomainChrDefForeach; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index ef2e980216..8f224582b6 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -52,6 +52,7 @@ #include "qemu_migration_params.h" #include "qemu_blockjob.h" #include "qemu_security.h" +#include "qemu_extdevice.h" =20 #include "virerror.h" #include "virlog.h" @@ -7568,6 +7569,30 @@ qemuDomainCreate(virDomainPtr dom) return qemuDomainCreateWithFlags(dom, 0); } =20 +static int +qemuDomainCheckDeviceChanges(virQEMUDriverPtr driver, + virDomainDefPtr def) +{ + virDomainObjPtr vm; + int ret; + + vm =3D virDomainObjListFindByUUID(driver->domains, def->uuid); + if (!vm) + return 0; + + if (qemuExtDevicesInitPaths(driver, vm->def) < 0) { + ret =3D -1; + goto cleanup; + } + + ret =3D virDomainCheckDeviceChanges(vm->def, def); + + cleanup: + virDomainObjEndAPI(&vm); + + return ret; +} + static virDomainPtr qemuDomainDefineXMLFlags(virConnectPtr conn, const char *xml, @@ -7604,6 +7629,9 @@ qemuDomainDefineXMLFlags(virConnectPtr conn, if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) goto cleanup; =20 + if (qemuDomainCheckDeviceChanges(driver, def) < 0) + goto cleanup; + if (!(vm =3D virDomainObjListAdd(driver->domains, def, driver->xmlopt, 0, &oldDef))) diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c index a21caefaba..e576bca165 100644 --- a/src/qemu/qemu_extdevice.c +++ b/src/qemu/qemu_extdevice.c @@ -79,7 +79,7 @@ qemuExtDeviceLogCommand(qemuDomainLogContextPtr logCtxt, * stored and we can remove directories and files in case of domain XML * changes. */ -static int +int qemuExtDevicesInitPaths(virQEMUDriverPtr driver, virDomainDefPtr def) { diff --git a/src/qemu/qemu_extdevice.h b/src/qemu/qemu_extdevice.h index a72e05ce63..bbdb9a1cc2 100644 --- a/src/qemu/qemu_extdevice.h +++ b/src/qemu/qemu_extdevice.h @@ -53,3 +53,6 @@ bool qemuExtDevicesHasDevice(virDomainDefPtr def); int qemuExtDevicesSetupCgroup(virQEMUDriverPtr driver, virDomainDefPtr def, virCgroupPtr cgroup); + +int qemuExtDevicesInitPaths(virQEMUDriverPtr driver, + virDomainDefPtr def); --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562698401; cv=none; d=zoho.com; s=zohoarc; b=Rk0Rtwsfrtnsa3oX+/lJJdbNHEl9Bwq9GVEs/6Wo6Hi8rENYqDaawtGVzoIe2pMdonmhROP7zHr+nestHim2g+gPDCUHEefuPIcv4tfmGO1BZsu4UlXuiuaRkFjzq6LarIjMFuVbyloPfmBY9eqPuTCnlxyrxjOz5kQ5RWZWerU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562698401; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=3wwLachpxjq/Rq51Rk+jua/kfw/A83PWkKc7V5d/csE=; b=czdpzOCGWktQ0fboG2UpybQ8tGHuy8b5fGroyI1cvBbqZmhERd3vYDx5N0mNrrGVKfbCit8IYlkibwJhsOjDkCqMPThJ/BHsN2p4lNOsPrlVGAw4rGC1KDlTzLOEmlQqhpv6xgMGtZ8ECIvo3zP4y+SUHvKft5q51kccdfFTptk= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1562698401794922.3961705988131; Tue, 9 Jul 2019 11:53:21 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C93B43081244; Tue, 9 Jul 2019 18:53:09 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E6AF85F7C0; Tue, 9 Jul 2019 18:53:04 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 099B8206D2; Tue, 9 Jul 2019 18:52:59 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69IqwFR011939 for ; Tue, 9 Jul 2019 14:52:58 -0400 Received: by smtp.corp.redhat.com (Postfix) id F2CBC7E485; Tue, 9 Jul 2019 18:52:57 +0000 (UTC) Received: from mx1.redhat.com (ext-mx01.extmail.prod.ext.phx2.redhat.com [10.5.110.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ED0CD5DA99 for ; Tue, 9 Jul 2019 18:52:55 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D699488E59 for ; Tue, 9 Jul 2019 18:52:42 +0000 (UTC) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HNnG5051754; Tue, 9 Jul 2019 13:23:54 -0400 Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0b-001b2d01.pphosted.com with ESMTP id 2tmx3hk4wn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Jul 2019 13:23:50 -0400 Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id x69HJofL016622; Tue, 9 Jul 2019 17:23:44 GMT Received: from b01cxnp23032.gho.pok.ibm.com (b01cxnp23032.gho.pok.ibm.com [9.57.198.27]) by ppma01wdc.us.ibm.com with ESMTP id 2tjk96ek2g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 09 Jul 2019 17:23:44 +0000 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNik947972750 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:44 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 62715112063; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 55BB0112061; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:40 -0400 Message-Id: <20190709172341.3063264-18-stefanb@linux.vnet.ibm.com> In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=15 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 09 Jul 2019 18:52:43 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 09 Jul 2019 18:52:43 +0000 (UTC) for IP:'148.163.158.5' DOMAIN:'mx0b-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.158.5 mx0b-001b2d01.pphosted.com 148.163.158.5 mx0b-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.83 on 10.5.110.25 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 17/18] docs: Extend Secret XML documentation with vtpm usage type X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Tue, 09 Jul 2019 18:53:15 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Extend the Secret XML documentation with vtpm usage type. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- docs/formatsecret.html.in | 61 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 59 insertions(+), 2 deletions(-) diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in index defbe71731..aaa31bc76c 100644 --- a/docs/formatsecret.html.in +++ b/docs/formatsecret.html.in @@ -42,8 +42,8 @@ Specifies what this secret is used for. A mandatory type attribute specifies the usage category, currently only volume, ceph, iscsi, - and tls are defined. Specific usage categories - are described below. + tls, and vtpm are defined. Specific usage + categories are described below. =20 @@ -322,6 +322,63 @@ Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created 
 # MYSECRET=3D`printf %s "letmein" | base64`
 # virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
+Secret value set
+
+
+ +

Usage type "vtpm"

+ +

+ This secret is associated with a virtualized TPM (vTPM) and serves + as a passphrase for deriving a key from for encrypting the state + of the vTPM. + The <usage type=3D'vtpm'> element must contain + a single name element that specifies a usage name + for the secret. The vTPM secret can then be used by UUID or by + this usage name via the <encryption> element of + a tpm when using an + emulator. + Since 5.5.0. The following is an example + of the steps to be taken. First create a vtpm-secret.xml file: <= /p> + + 

+# cat vtpm-secret.xml
+<secret ephemeral=3D'no' private=3D'yes'>
+   <description>sample vTPM secret</description>
+   <usage type=3D'vtpm'>
+      <name>VTPM_example</name>
+   </usage>
+</secret>
+
+# virsh secret-define vtpm-secret.xml
+Secret 6dd3e4a5-1d76-44ce-961f-f119f5aad935 created
+
+# virsh secret-list
+ UUID                                   Usage
+--------------------------------------------------------------------------=
--------------
+ 6dd3e4a5-1d76-44ce-961f-f119f5aad935   vtpm VTPM_example
+
+#
+
+
+ +

+ A secret may also be defined via the + + virSecretDefineXML API. + + Once the secret is defined, a secret value will need to be set. The + secret would be the passphrase used to decrypt the vTPM state. + The following is a simple example of using + virsh secret-set-value to set the secret value. The + + virSecretSetValue API may also be used to set + a more secure secret without using printable/readable characters. +

+ + 
+# MYSECRET=3D`printf %s "open sesame" | base64`
+# virsh secret-set-value 6dd3e4a5-1d76-44ce-961f-f119f5aad935 $MYSECRET
 Secret value set
=20
--=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu Apr 25 10:40:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1562696994; cv=none; d=zoho.com; s=zohoarc; b=ep0vBvHk54EnqKhgipYUkNlzORg5ccADz0QLoldT1Tn8/YA915O4ysLuHAf+CaaS7bORHc4V41QrDI2hUm7J57vTuH+WPMS9T97BcXByxA37bLF6bAQxL8DUAOWChYD0K7havkubllKozRFPUhLvV1x1ZcNFhlQPuxYDplnpZq0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1562696994; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=yCqrvJ4BbCFVGv2pexXufiGm76Z5fa/3ASoEbg1BYi0=; b=kXiFdUaN1wvpeSrOLX5mrhRQAUd+gl6wUBiPyp5GcLqDsJ8jZxvOMS6WTGHqv8GSfuqWuxW8JGMsZsYHNGs2J1faLEkw3lyEFPPL5yYrOddExxTohWyRS3Vu9Ubr1B75HUi+znNaGj7JPZu9Taj5nk4aFR2YmJd5uIS95rcLFCA= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 156269699449889.92657569404776; Tue, 9 Jul 2019 11:29:54 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1C2022EED28; Tue, 9 Jul 2019 18:29:48 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E31FD5F7D9; Tue, 9 Jul 2019 18:29:46 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A2D4A1833002; Tue, 9 Jul 2019 18:29:45 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x69ITiVg007939 for ; Tue, 9 Jul 2019 14:29:44 -0400 Received: by smtp.corp.redhat.com (Postfix) id C75485DD6D; Tue, 9 Jul 2019 18:29:44 +0000 (UTC) Received: from mx1.redhat.com (ext-mx01.extmail.prod.ext.phx2.redhat.com [10.5.110.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C1A507E490 for ; Tue, 9 Jul 2019 18:29:40 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 08CA26E772 for ; Tue, 9 Jul 2019 18:29:11 +0000 (UTC) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x69HNcru056448 for ; Tue, 9 Jul 2019 13:23:49 -0400 Received: from e16.ny.us.ibm.com (e16.ny.us.ibm.com [129.33.205.206]) by mx0a-001b2d01.pphosted.com with ESMTP id 2tmx8ctsgs-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 09 Jul 2019 13:23:49 -0400 Received: from localhost by e16.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 9 Jul 2019 18:23:47 +0100 Received: from b01cxnp23032.gho.pok.ibm.com (9.57.198.27) by e16.ny.us.ibm.com (146.89.104.203) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 9 Jul 2019 18:23:45 +0100 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x69HNixN42992094 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 9 Jul 2019 17:23:44 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7030A112064; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6D67E112062; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 9 Jul 2019 17:23:44 +0000 (GMT) From: Stefan Berger To: libvir-list@redhat.com Date: Tue, 9 Jul 2019 13:23:41 -0400 In-Reply-To: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> References: <20190709172341.3063264-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19070917-0072-0000-0000-000004465417 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00011401; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000286; SDB=6.01229777; UDB=6.00647693; IPR=6.01011037; MB=3.00027654; MTD=3.00000008; XFM=3.00000015; UTC=2019-07-09 17:23:46 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19070917-0073-0000-0000-00004CB696AC Message-Id: <20190709172341.3063264-19-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-09_07:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=15 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907090205 X-Greylist: Delayed for 01:05:40 by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 09 Jul 2019 18:29:26 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 09 Jul 2019 18:29:26 +0000 (UTC) for IP:'148.163.156.1' DOMAIN:'mx0a-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.698 (RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE) 148.163.156.1 mx0a-001b2d01.pphosted.com 148.163.156.1 mx0a-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.83 on 10.5.110.25 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Cc: marcandre.lureau@redhat.com, Stefan Berger Subject: [libvirt] [PATCH 18/18] docs: Extend TPM docs with new encryption element X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 09 Jul 2019 18:29:53 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Describe the encryption element in the TPM's domain XML. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- docs/formatdomain.html.in | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index a7a6ec32a5..b53ea7d6f4 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -8212,6 +8212,9 @@ qemu-kvm -net nic,model=3D? /dev/null TPM functionality for each VM. QEMU talks to it over a Unix socket. = With the emulator device type each guest gets its own private TPM. 'emulator' since 4.5.0 + The state of the TPM emulator can be encrypted by providing an + encryption element. + 'encryption' since 5.5.0

Example: usage of the TPM Emulator @@ -8221,6 +8224,9 @@ qemu-kvm -net nic,model=3D? /dev/null <devices> <tpm model=3D'tpm-tis'> <backend type=3D'emulator' version=3D'2.0'> + <encryption format=3D'vtpm'> + <secret type=3D'passphrase' usage=3D'VTPM_example'/> + </encryption> </backend> </tpm> </devices> @@ -8283,6 +8289,16 @@ qemu-kvm -net nic,model=3D? /dev/null

  • '2.0' : creates a TPM 2.0
    • +
    encryption
    +
    +

    + The encryption element allows the state of a TPM em= ulator + to be encrypted. The format attribute must be vtpm. + The secret element must reference a secret object u= sing + either its usage or uuid. The ty= pe + attribute must be set to passphrase. +

    +
    =20

    NVRAM device

    --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list