[PATCH v5 00/10] Introducing TPM Proxy device support for PPC64

Daniel Henrique Barboza posted 10 patches 5 days ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20200521130730.3426950-1-danielhb413@gmail.com
Test syntax-check failed
docs/formatdomain.html.in                     | 19 ++++-
docs/news.xml                                 | 17 +++++
docs/schemas/domaincommon.rng                 |  1 +
src/conf/domain_audit.c                       |  4 +-
src/conf/domain_conf.c                        | 50 +++++++-----
src/conf/domain_conf.h                        |  6 +-
src/qemu/qemu_alias.c                         |  9 ++-
src/qemu/qemu_capabilities.c                  |  4 +
src/qemu/qemu_capabilities.h                  |  3 +
src/qemu/qemu_cgroup.c                        | 10 ++-
src/qemu/qemu_command.c                       | 59 +++++++++++---
src/qemu/qemu_domain.c                        | 68 ++++++++++++++---
src/qemu/qemu_domain_address.c                | 11 ++-
src/qemu/qemu_extdevice.c                     | 24 +++---
src/qemu/qemu_tpm.c                           | 76 +++++++++----------
src/qemu/qemu_validate.c                      | 19 +++++
src/security/security_dac.c                   |  8 +-
src/security/security_selinux.c               | 44 +++++------
src/security/virt-aa-helper.c                 | 14 ++--
.../qemucapabilitiesdata/caps_4.2.0.ppc64.xml |  1 +
.../qemucapabilitiesdata/caps_5.0.0.ppc64.xml |  1 +
tests/qemuxml2argvdata/ppc64-tpm-double.xml   | 34 +++++++++
.../ppc64-tpmproxy-double.xml                 | 38 ++++++++++
.../ppc64-tpmproxy-single.ppc64-latest.args   | 34 +++++++++
.../ppc64-tpmproxy-single.xml                 | 33 ++++++++
.../ppc64-tpmproxy-with-tpm.ppc64-latest.args | 37 +++++++++
.../ppc64-tpmproxy-with-tpm.xml               | 36 +++++++++
tests/qemuxml2argvtest.c                      | 33 +++++---
.../ppc64-tpmproxy-single.ppc64-latest.xml    | 42 ++++++++++
.../ppc64-tpmproxy-with-tpm.ppc64-latest.xml  | 46 +++++++++++
tests/qemuxml2xmltest.c                       |  2 +
31 files changed, 631 insertions(+), 152 deletions(-)
create mode 100644 tests/qemuxml2argvdata/ppc64-tpm-double.xml
create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-double.xml
create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-single.ppc64-latest.args
create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-single.xml
create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-with-tpm.ppc64-latest.args
create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-with-tpm.xml
create mode 100644 tests/qemuxml2xmloutdata/ppc64-tpmproxy-single.ppc64-latest.xml
create mode 100644 tests/qemuxml2xmloutdata/ppc64-tpmproxy-with-tpm.ppc64-latest.xml

[PATCH v5 00/10] Introducing TPM Proxy device support for PPC64

Posted by Daniel Henrique Barboza 5 days ago
changes in v5:
- rebased and fixed commits to master at d265171b5784
- moved two TPMs validation from domain_conf.c (patch 05) to
  qemu_domain.c (patch 06)

Gitlab tree: https://gitlab.com/danielhb/libvirt/tree/spapr_tpm_proxy_v5

v4 link: https://www.redhat.com/archives/libvir-list/2020-May/msg00814.html
v3 link: https://www.redhat.com/archives/libvir-list/2020-May/msg00642.html
v2 link: https://www.redhat.com/archives/libvir-list/2020-May/msg00604.html
v1 link: https://www.redhat.com/archives/libvir-list/2020-May/msg00604.html

Daniel Henrique Barboza (10):
  docs: documentation and schema for the new TPM Proxy model
  qemu: Extend QEMU capabilities with 'spapr-tpm-proxy'
  qemu_extdevice.c: remove unneeded 'ret' variable
  qemu_tpm, security, tests: change 'switch' clauses for 'if'
  conf, qemu, security, tests: introducing 'def->tpms' array
  qemu: add validations after TPM Proxy model introduction
  tests: add XML schema tests for the TPM Proxy device
  qemu: build command line for the TPM Proxy device
  tests/qemuxml2argvtest.c: add TPM Proxy command line tests
  docs/news.xml: update for the new TPM Proxy device

 docs/formatdomain.html.in                     | 19 ++++-
 docs/news.xml                                 | 17 +++++
 docs/schemas/domaincommon.rng                 |  1 +
 src/conf/domain_audit.c                       |  4 +-
 src/conf/domain_conf.c                        | 50 +++++++-----
 src/conf/domain_conf.h                        |  6 +-
 src/qemu/qemu_alias.c                         |  9 ++-
 src/qemu/qemu_capabilities.c                  |  4 +
 src/qemu/qemu_capabilities.h                  |  3 +
 src/qemu/qemu_cgroup.c                        | 10 ++-
 src/qemu/qemu_command.c                       | 59 +++++++++++---
 src/qemu/qemu_domain.c                        | 68 ++++++++++++++---
 src/qemu/qemu_domain_address.c                | 11 ++-
 src/qemu/qemu_extdevice.c                     | 24 +++---
 src/qemu/qemu_tpm.c                           | 76 +++++++++----------
 src/qemu/qemu_validate.c                      | 19 +++++
 src/security/security_dac.c                   |  8 +-
 src/security/security_selinux.c               | 44 +++++------
 src/security/virt-aa-helper.c                 | 14 ++--
 .../qemucapabilitiesdata/caps_4.2.0.ppc64.xml |  1 +
 .../qemucapabilitiesdata/caps_5.0.0.ppc64.xml |  1 +
 tests/qemuxml2argvdata/ppc64-tpm-double.xml   | 34 +++++++++
 .../ppc64-tpmproxy-double.xml                 | 38 ++++++++++
 .../ppc64-tpmproxy-single.ppc64-latest.args   | 34 +++++++++
 .../ppc64-tpmproxy-single.xml                 | 33 ++++++++
 .../ppc64-tpmproxy-with-tpm.ppc64-latest.args | 37 +++++++++
 .../ppc64-tpmproxy-with-tpm.xml               | 36 +++++++++
 tests/qemuxml2argvtest.c                      | 33 +++++---
 .../ppc64-tpmproxy-single.ppc64-latest.xml    | 42 ++++++++++
 .../ppc64-tpmproxy-with-tpm.ppc64-latest.xml  | 46 +++++++++++
 tests/qemuxml2xmltest.c                       |  2 +
 31 files changed, 631 insertions(+), 152 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/ppc64-tpm-double.xml
 create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-double.xml
 create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-single.ppc64-latest.args
 create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-single.xml
 create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-with-tpm.ppc64-latest.args
 create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-with-tpm.xml
 create mode 100644 tests/qemuxml2xmloutdata/ppc64-tpmproxy-single.ppc64-latest.xml
 create mode 100644 tests/qemuxml2xmloutdata/ppc64-tpmproxy-with-tpm.ppc64-latest.xml

-- 
2.26.2

Re: [PATCH v5 00/10] Introducing TPM Proxy device support for PPC64

Posted by Satheesh Rajendran 4 days ago
On Thu, May 21, 2020 at 10:07:20AM -0300, Daniel Henrique Barboza wrote:
> changes in v5:
> - rebased and fixed commits to master at d265171b5784
> - moved two TPMs validation from domain_conf.c (patch 05) to
>   qemu_domain.c (patch 06)
> 
> Gitlab tree: https://gitlab.com/danielhb/libvirt/tree/spapr_tpm_proxy_v5
> 

Tested-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>


libvirt xml:
...
    <tpm model='spapr-tpm-proxy'>
      <backend type='passthrough'>
        <device path='/dev/tpm0'/>
      </backend>
      <alias name='tpmproxy0'/>
    </tpm>
...
<qemu:commandline>
    <qemu:arg value='-trace'/>
    <qemu:arg value='events=/home/sath/tpm_events_log/tpm_events'/>
</qemu:commandline>

...

$ cat /home/sath/tpm_events_log/tpm_events
spapr_tpm_execute
spapr_h_tpm_comm

qemu log, trace outputs:
...
4359@1590140133.539001:spapr_tpm_execute data_in=0x2ff40000, data_in_sz=63, data_out=0x2ff40000, data_out_sz=4096
4359@1590140133.556488:spapr_h_tpm_comm tpm_device_path=/dev/tpm0 operation=0x1
..
..
4359@1590140133.576494:spapr_tpm_execute data_in=0x2ff40000, data_in_sz=14, data_out=0x2ff40000, data_out_sz=4096
4359@1590140133.585730:spapr_h_tpm_comm tpm_device_path=/dev/tpm0 operation=0x1
...
4359@1590140133.585740:spapr_tpm_execute data_in=0x2ff40000, data_in_sz=86, data_out=0x2ff40000, data_out_sz=4096
4359@1590140133.602373:spapr_h_tpm_comm tpm_device_path=/dev/tpm0 operation=0x1
...
---

Regards,
-Satheesh.

> v4 link: https://www.redhat.com/archives/libvir-list/2020-May/msg00814.html
> v3 link: https://www.redhat.com/archives/libvir-list/2020-May/msg00642.html
> v2 link: https://www.redhat.com/archives/libvir-list/2020-May/msg00604.html
> v1 link: https://www.redhat.com/archives/libvir-list/2020-May/msg00604.html
> 
> Daniel Henrique Barboza (10):
>   docs: documentation and schema for the new TPM Proxy model
>   qemu: Extend QEMU capabilities with 'spapr-tpm-proxy'
>   qemu_extdevice.c: remove unneeded 'ret' variable
>   qemu_tpm, security, tests: change 'switch' clauses for 'if'
>   conf, qemu, security, tests: introducing 'def->tpms' array
>   qemu: add validations after TPM Proxy model introduction
>   tests: add XML schema tests for the TPM Proxy device
>   qemu: build command line for the TPM Proxy device
>   tests/qemuxml2argvtest.c: add TPM Proxy command line tests
>   docs/news.xml: update for the new TPM Proxy device
> 
>  docs/formatdomain.html.in                     | 19 ++++-
>  docs/news.xml                                 | 17 +++++
>  docs/schemas/domaincommon.rng                 |  1 +
>  src/conf/domain_audit.c                       |  4 +-
>  src/conf/domain_conf.c                        | 50 +++++++-----
>  src/conf/domain_conf.h                        |  6 +-
>  src/qemu/qemu_alias.c                         |  9 ++-
>  src/qemu/qemu_capabilities.c                  |  4 +
>  src/qemu/qemu_capabilities.h                  |  3 +
>  src/qemu/qemu_cgroup.c                        | 10 ++-
>  src/qemu/qemu_command.c                       | 59 +++++++++++---
>  src/qemu/qemu_domain.c                        | 68 ++++++++++++++---
>  src/qemu/qemu_domain_address.c                | 11 ++-
>  src/qemu/qemu_extdevice.c                     | 24 +++---
>  src/qemu/qemu_tpm.c                           | 76 +++++++++----------
>  src/qemu/qemu_validate.c                      | 19 +++++
>  src/security/security_dac.c                   |  8 +-
>  src/security/security_selinux.c               | 44 +++++------
>  src/security/virt-aa-helper.c                 | 14 ++--
>  .../qemucapabilitiesdata/caps_4.2.0.ppc64.xml |  1 +
>  .../qemucapabilitiesdata/caps_5.0.0.ppc64.xml |  1 +
>  tests/qemuxml2argvdata/ppc64-tpm-double.xml   | 34 +++++++++
>  .../ppc64-tpmproxy-double.xml                 | 38 ++++++++++
>  .../ppc64-tpmproxy-single.ppc64-latest.args   | 34 +++++++++
>  .../ppc64-tpmproxy-single.xml                 | 33 ++++++++
>  .../ppc64-tpmproxy-with-tpm.ppc64-latest.args | 37 +++++++++
>  .../ppc64-tpmproxy-with-tpm.xml               | 36 +++++++++
>  tests/qemuxml2argvtest.c                      | 33 +++++---
>  .../ppc64-tpmproxy-single.ppc64-latest.xml    | 42 ++++++++++
>  .../ppc64-tpmproxy-with-tpm.ppc64-latest.xml  | 46 +++++++++++
>  tests/qemuxml2xmltest.c                       |  2 +
>  31 files changed, 631 insertions(+), 152 deletions(-)
>  create mode 100644 tests/qemuxml2argvdata/ppc64-tpm-double.xml
>  create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-double.xml
>  create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-single.ppc64-latest.args
>  create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-single.xml
>  create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-with-tpm.ppc64-latest.args
>  create mode 100644 tests/qemuxml2argvdata/ppc64-tpmproxy-with-tpm.xml
>  create mode 100644 tests/qemuxml2xmloutdata/ppc64-tpmproxy-single.ppc64-latest.xml
>  create mode 100644 tests/qemuxml2xmloutdata/ppc64-tpmproxy-with-tpm.ppc64-latest.xml
> 
> -- 
> 2.26.2
>