From nobody Sun Dec 22 06:29:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1726765391632970.8979822820249; Thu, 19 Sep 2024 10:03:11 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 824351646; Thu, 19 Sep 2024 13:01:30 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 244D21471; Thu, 19 Sep 2024 13:00:46 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 0D4D21445; Thu, 19 Sep 2024 13:00:43 -0400 (EDT) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 7627D1399 for ; Thu, 19 Sep 2024 13:00:42 -0400 (EDT) Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48JEPK3e006895 for ; Thu, 19 Sep 2024 17:00:41 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41n3ujmxuf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 19 Sep 2024 17:00:41 +0000 (GMT) Received: from m0353729.ppops.net (m0353729.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 48JH0e7A031386 for ; Thu, 19 Sep 2024 17:00:41 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41n3ujmxub-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Sep 2024 17:00:40 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 48JGd3Mf000762; Thu, 19 Sep 2024 17:00:39 GMT Received: from smtprelay07.wdc07v.mail.ibm.com ([172.16.1.74]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 41nntqjj0h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Sep 2024 17:00:39 +0000 Received: from smtpav01.wdc07v.mail.ibm.com (smtpav01.wdc07v.mail.ibm.com [10.39.53.228]) by smtprelay07.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 48JH0dYU19071558 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 19 Sep 2024 17:00:39 GMT Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 549D15805B; Thu, 19 Sep 2024 17:00:39 +0000 (GMT) Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D1EEA58067; Thu, 19 Sep 2024 17:00:38 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav01.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 19 Sep 2024 17:00:38 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=xXqNFG6vdR0FH mrMP4ehkzEa23/P6+KamrLMJL5b/fA=; b=nRvr8R17SI47vUmB03i11+KNcSx46 1A0KlkKSLYvicFs1M7e+fJsIyRlWUgArN2ZqxLRsrcfi/Efj9gTZ554DOF1a8sKv mxqq6g4GBucIgKyAcq96qGPUQOVnC8fOcfyPbfVcDpuO98QtVjIMKXbleHoGIuGI sqIABnNyP5rOF/EW88OImFfSspBkpGPTJcreAnUiNAofoaCjpQ0UPg2vvrvcDEjb G8HCnN12RtTC6MYl1uuSIPZ3PXIgt/te6WkRmERd9NqgqAiFNuOzeQXbPOyI1zHw VrADS589NSaz09/wMXFaEg2C98F4+VO+WEruUcp+q/jEG2H0L2sV9LaYQ== From: Stefan Berger To: devel@lists.libvirt.org Subject: [RFC PATCH v1 1/6] util: Add parsing support for swtpm_setup's cmdarg-profile capability Date: Thu, 19 Sep 2024 13:00:31 -0400 Message-ID: <20240919170036.1970886-2-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240919170036.1970886-1-stefanb@linux.ibm.com> References: <20240919170036.1970886-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: KBhpbUf8B1xShNBvCpV7wACzf76oGqVd X-Proofpoint-GUID: goKl1IOCp7FTg4cLpyseCLvTLTzwiSiq X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-19_14,2024-09-19_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 mlxlogscore=747 adultscore=0 phishscore=0 spamscore=0 lowpriorityscore=0 clxscore=1015 bulkscore=0 suspectscore=0 mlxscore=0 impostorscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2408220000 definitions=main-2409190112 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: T7PK2HWHJ6REIMR736GHX6LTUU4PF5MC X-Message-ID-Hash: T7PK2HWHJ6REIMR736GHX6LTUU4PF5MC X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1726765397348116600 Content-Type: text/plain; charset="utf-8" Add support for parsing swtpm_setup 'cmdarg-profile' capability (since v0.10). Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + tests/testutilsqemu.c | 1 + 3 files changed, 3 insertions(+) diff --git a/src/util/virtpm.c b/src/util/virtpm.c index 81fd6166cf..d991657696 100644 --- a/src/util/virtpm.c +++ b/src/util/virtpm.c @@ -50,6 +50,7 @@ VIR_ENUM_IMPL(virTPMSwtpmSetupFeature, "cmdarg-reconfigure-pcr-banks", "tpm-1.2", "tpm-2.0", + "cmdarg-profile", ); =20 /** diff --git a/src/util/virtpm.h b/src/util/virtpm.h index fb330effa8..18c2877c03 100644 --- a/src/util/virtpm.h +++ b/src/util/virtpm.h @@ -42,6 +42,7 @@ typedef enum { VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS, VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2, VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0, + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE, =20 VIR_TPM_SWTPM_SETUP_FEATURE_LAST } virTPMSwtpmSetupFeature; diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c index ee6cae218a..ba4677fb4c 100644 --- a/tests/testutilsqemu.c +++ b/tests/testutilsqemu.c @@ -71,6 +71,7 @@ virTPMSwtpmSetupCapsGet(virTPMSwtpmSetupFeature cap) case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES: case VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT: case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS: + case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE: case VIR_TPM_SWTPM_SETUP_FEATURE_LAST: break; } --=20 2.46.0 From nobody Sun Dec 22 06:29:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1726765397209359.6858763958095; Thu, 19 Sep 2024 10:03:17 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 1588CA31; Thu, 19 Sep 2024 13:03:14 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id B49AA164A; Thu, 19 Sep 2024 13:02:07 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id BCB6615B5; Thu, 19 Sep 2024 13:02:02 -0400 (EDT) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 2AF7E16DB for ; Thu, 19 Sep 2024 13:01:43 -0400 (EDT) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48JEK4HW023245 for ; Thu, 19 Sep 2024 17:01:42 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41n3vdw0bc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 19 Sep 2024 17:01:42 +0000 (GMT) Received: from m0356517.ppops.net (m0356517.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 48JH1fGV025505 for ; Thu, 19 Sep 2024 17:01:41 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41n3vdw0b9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Sep 2024 17:01:41 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 48JGuUvH025033; Thu, 19 Sep 2024 17:00:40 GMT Received: from smtprelay03.dal12v.mail.ibm.com ([172.16.1.5]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 41nq1nab76-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Sep 2024 17:00:40 +0000 Received: from smtpav01.wdc07v.mail.ibm.com (smtpav01.wdc07v.mail.ibm.com [10.39.53.228]) by smtprelay03.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 48JH0eVq46137690 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 19 Sep 2024 17:00:40 GMT Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F0E0C5806C; Thu, 19 Sep 2024 17:00:39 +0000 (GMT) Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 798A75806A; Thu, 19 Sep 2024 17:00:39 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav01.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 19 Sep 2024 17:00:39 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=C/Z53mXNDkU65 1OUPy/ui2+eTLOFhO5TAm04FdqBkv4=; b=hM4eYgiWoKPmP0UXPevjqmVnW3UnB R5SdjXbdxiciYi04EZ+D0+Ywnfh6Ky9jMogoHF/7CabBDQ27or6GieRHnwF6823S ZdTfCtyzaSXyZbvq1Azan65M4g04NRDWL0D/JtwZlBQSQA0aWr0mrXbH/tVoaTSj VNE9t2vYuxJjs3hE9LTGbK+rMZKHU0U8rQRTK4StRTxhWD5IvOdqcHjkZv6wGIub fljo9LA0OZItXrUE+wE0LP7+pXcvLOajJG9UxLymNzI7qIJJJPMofK+du5JxiWfX MkRsQTC2/XSJw+wwR5CZvEgmI8xI7jaG3j1zGsV9kleZvb6oiob8azkIg== From: Stefan Berger To: devel@lists.libvirt.org Subject: [RFC PATCH v1 2/6] conf: Define enum virDomainTPMProfileRemoveDisabled Date: Thu, 19 Sep 2024 13:00:32 -0400 Message-ID: <20240919170036.1970886-3-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240919170036.1970886-1-stefanb@linux.ibm.com> References: <20240919170036.1970886-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: zf8jMEat81VFyFzhj6SjX_d2rjuDDMe4 X-Proofpoint-GUID: UW6vFqx4HFij2W_4m7mxcgdIaptY7mb0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-19_14,2024-09-19_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 spamscore=0 lowpriorityscore=0 suspectscore=0 bulkscore=0 clxscore=1015 mlxscore=0 malwarescore=0 mlxlogscore=667 priorityscore=1501 phishscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2408220000 definitions=main-2409190112 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: CCO4TWGGEQKQ6SKJRD6HGJZGDJNBP44E X-Message-ID-Hash: CCO4TWGGEQKQ6SKJRD6HGJZGDJNBP44E X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1726765398325116600 Content-Type: text/plain; charset="utf-8" Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- src/conf/domain_conf.c | 7 +++++++ src/conf/domain_conf.h | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 7f6a91c427..1c8fffdfa5 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1330,6 +1330,13 @@ VIR_ENUM_IMPL(virDomainTPMPcrBank, "sha512", ); =20 +VIR_ENUM_IMPL(virDomainTPMProfileRemoveDisabled, + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_LAST, + "none", + "check", + "fips-host", +); + VIR_ENUM_IMPL(virDomainIOMMUModel, VIR_DOMAIN_IOMMU_MODEL_LAST, "intel", diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index a15af4fae3..97972f9909 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1463,6 +1463,14 @@ typedef enum { VIR_DOMAIN_TPM_PCR_BANK_LAST } virDomainPcrBank; =20 +typedef enum { + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_NONE =3D 0, + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_CHECK, + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_FIPS_HOST, + + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_LAST +} virDomainTPMProfileRemoveDisabled; + #define VIR_DOMAIN_TPM_DEFAULT_DEVICE "/dev/tpm0" =20 struct _virDomainTPMDef { @@ -4278,6 +4286,7 @@ VIR_ENUM_DECL(virDomainTPMModel); VIR_ENUM_DECL(virDomainTPMBackend); VIR_ENUM_DECL(virDomainTPMVersion); VIR_ENUM_DECL(virDomainTPMPcrBank); +VIR_ENUM_DECL(virDomainTPMProfileRemoveDisabled); VIR_ENUM_DECL(virDomainMemoryModel); VIR_ENUM_DECL(virDomainMemoryBackingModel); VIR_ENUM_DECL(virDomainMemorySource); --=20 2.46.0 From nobody Sun Dec 22 06:29:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1726765353966284.53541999387244; Thu, 19 Sep 2024 10:02:33 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 59B5F1491; Thu, 19 Sep 2024 13:02:14 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id C5CC11495; Thu, 19 Sep 2024 13:00:50 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 0F13D1392; Thu, 19 Sep 2024 13:00:45 -0400 (EDT) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 772631392 for ; Thu, 19 Sep 2024 13:00:44 -0400 (EDT) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48JEPKXb032194 for ; Thu, 19 Sep 2024 17:00:43 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41n3vdw081-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 19 Sep 2024 17:00:43 +0000 (GMT) Received: from m0356517.ppops.net (m0356517.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 48JH0gWL024359 for ; Thu, 19 Sep 2024 17:00:43 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41n3vdw07w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Sep 2024 17:00:42 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 48JFWg9A000628; Thu, 19 Sep 2024 17:00:41 GMT Received: from smtprelay03.dal12v.mail.ibm.com ([172.16.1.5]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 41nn71js2b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Sep 2024 17:00:41 +0000 Received: from smtpav01.wdc07v.mail.ibm.com (smtpav01.wdc07v.mail.ibm.com [10.39.53.228]) by smtprelay03.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 48JH0eIN38207996 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 19 Sep 2024 17:00:41 GMT Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8F5C958071; Thu, 19 Sep 2024 17:00:40 +0000 (GMT) Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 222785805B; Thu, 19 Sep 2024 17:00:40 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav01.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 19 Sep 2024 17:00:40 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=AwhHYe3aKR28/ UNgmTcEs5jdL2MFxEa262Slmvbn/gw=; b=sz2F7zbD/yFI7LlfB3tJGfFKL0z9F HR94bED5As95ixpDkIwBwJFNf7opxkcPMrw+BXgCYUjJccezwP38/TwPtSHbtAbQ 3TNIUuF/01HBYQiADRhLUpWkuXXCLLRDBDG6+1bfViY58yoAunvEqelYxIw5Hzea dnWhdG0fjGOdbEpe9T7Ws+M39DNphh2fsd1YPr97RXwUiXQibABld5WhxgHVJfR7 /n0kkMYIMtRpy/tYs8Hw1d9K58qsjrEj5QiLpFFBG1QnT+lqvXN7Kb6bhVKfkj0p KmkQbUUWJ8pt3YJ3FqSitn7ziS+yfEer/z8FAVZpwGUKZTpFN4DxguwhA== From: Stefan Berger To: devel@lists.libvirt.org Subject: [RFC PATCH v1 3/6] schema: Extend schema for TPM emulator profile node Date: Thu, 19 Sep 2024 13:00:33 -0400 Message-ID: <20240919170036.1970886-4-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240919170036.1970886-1-stefanb@linux.ibm.com> References: <20240919170036.1970886-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: fc7-UPvrwMqprlBMDGhUkGO4oQHB8BHh X-Proofpoint-GUID: qvBjbrkSnZ4DMqLHhpw34Acsj-bZQneX X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-19_14,2024-09-19_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 spamscore=0 lowpriorityscore=0 suspectscore=0 bulkscore=0 clxscore=1015 mlxscore=0 malwarescore=0 mlxlogscore=849 priorityscore=1501 phishscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2408220000 definitions=main-2409190112 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: E3O2AIOJDKPYOI4BPRHUM33X4D4CJZPI X-Message-ID-Hash: E3O2AIOJDKPYOI4BPRHUM33X4D4CJZPI X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1726765356161116600 Content-Type: text/plain; charset="utf-8" Extend the schema for the TPM emulator profile node. Require that the profile the user provides looks like a JSON map that at least starts with '{' and ends with '}'. Signed-off-by: Stefan Berger --- src/conf/schemas/basictypes.rng | 6 ++++++ src/conf/schemas/domaincommon.rng | 17 +++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/src/conf/schemas/basictypes.rng b/src/conf/schemas/basictypes.= rng index 2931e316b7..06df0fe67e 100644 --- a/src/conf/schemas/basictypes.rng +++ b/src/conf/schemas/basictypes.rng @@ -677,4 +677,10 @@ =20 + + + \{.*\} + + + diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom= mon.rng index efb5f00d77..f80a6afc06 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -5923,6 +5923,7 @@ + @@ -6020,6 +6021,22 @@ =20 + + + + + + + check + fips-host + + + + + + + + --=20 2.46.0 From nobody Sun Dec 22 06:29:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1726765316932679.3071721876495; Thu, 19 Sep 2024 10:01:56 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id BFFD3161B; Thu, 19 Sep 2024 13:01:53 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id DF841161E; Thu, 19 Sep 2024 13:00:48 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 54006139F; Thu, 19 Sep 2024 13:00:44 -0400 (EDT) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id CA37D1399 for ; Thu, 19 Sep 2024 13:00:43 -0400 (EDT) Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48JDoctq025716 for ; Thu, 19 Sep 2024 17:00:43 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41pht8wrbg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 19 Sep 2024 17:00:43 +0000 (GMT) Received: from m0353725.ppops.net (m0353725.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 48JH0gkY007886 for ; Thu, 19 Sep 2024 17:00:42 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41pht8wrbd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Sep 2024 17:00:42 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 48JFSKl4001892; Thu, 19 Sep 2024 17:00:42 GMT Received: from smtprelay04.dal12v.mail.ibm.com ([172.16.1.6]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 41nmtv2tuf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Sep 2024 17:00:42 +0000 Received: from smtpav01.wdc07v.mail.ibm.com (smtpav01.wdc07v.mail.ibm.com [10.39.53.228]) by smtprelay04.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 48JH0f6Y42991920 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 19 Sep 2024 17:00:41 GMT Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4285758066; Thu, 19 Sep 2024 17:00:41 +0000 (GMT) Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BEE5A5805B; Thu, 19 Sep 2024 17:00:40 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav01.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 19 Sep 2024 17:00:40 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=p9a+ziYFacoFI 6iuvW+5T2IzEJ5qsS+Ba9Ca4c3F2kI=; b=tVbxDjiEb90XDy4ho6HmBWNgBRmbI HXYHdBxyQ1nEyMtLF/hnOGcTcwdxzuvC4ju4BbdgIWAQXMCBs9EQQrJPfRYT9UB4 7siVUAN9J54WjQt83NbJJr3fWG6YjmC4W7JoXoYulouCB5USinDThB9pL/n0OVcb DJt8ntid1nS0fxZMb5hIqzKvlC/wMAbbll3gDo2xzHuKSkfnzmvUDzwcoKqfPTvw iJ14UW2Vj6ldME1c5bVfb+vhAh/CQWZqidh5N4MfGdHLaY2IckEWixmy350O0Llu mozxSmmMIBVqdRX7kV4GXWMbY8i45KnVsANoPSbPhEpk2Hrkrtz6DvAuw== From: Stefan Berger To: devel@lists.libvirt.org Subject: [RFC PATCH v1 4/6] conf: Add support for profile parameter on TPM emulator in domain XML Date: Thu, 19 Sep 2024 13:00:34 -0400 Message-ID: <20240919170036.1970886-5-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240919170036.1970886-1-stefanb@linux.ibm.com> References: <20240919170036.1970886-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: Mn4TdaOycER-cngd6zB2VP03EbZr4xWs X-Proofpoint-ORIG-GUID: Lsd4D8mRBTt_Fnyycu4Bmfq4bkBKuzVb X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-19_14,2024-09-19_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 phishscore=0 bulkscore=0 suspectscore=0 priorityscore=1501 adultscore=0 mlxlogscore=999 mlxscore=0 clxscore=1015 malwarescore=0 spamscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2408220000 definitions=main-2409190112 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 3AVJPVSMC6NY3ZNFQFKHF5JQY7ASIRXP X-Message-ID-Hash: 3AVJPVSMC6NY3ZNFQFKHF5JQY7ASIRXP X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1726765318018116600 Content-Type: text/plain; charset="utf-8" Extend the parser and XML builder with support for the profile parameter and its remove_disabled attribute. Signed-off-by: Stefan Berger --- src/conf/domain_conf.c | 32 ++++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 2 ++ src/conf/domain_validate.c | 7 +++++++ 3 files changed, 41 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 1c8fffdfa5..8dab1cabea 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3471,6 +3471,7 @@ void virDomainTPMDefFree(virDomainTPMDef *def) g_free(def->data.emulator.storagepath); g_free(def->data.emulator.logfile); virBitmapFree(def->data.emulator.activePcrBanks); + g_free(def->data.emulator.profile); break; case VIR_DOMAIN_TPM_TYPE_EXTERNAL: virObjectUnref(def->data.external.source); @@ -10779,6 +10780,15 @@ virDomainSmartcardDefParseXML(virDomainXMLOption *= xmlopt, * * * + * + * A profile for a TPM 2.0 can be added like this: + * + * + * + * {"Name":"custom"} + * + * + * */ static virDomainTPMDef * virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, @@ -10797,6 +10807,9 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, g_autofree xmlNodePtr *backends =3D NULL; g_autofree xmlNodePtr *nodes =3D NULL; g_autofree char *type =3D NULL; + g_autofree char *profile =3D NULL; + virDomainTPMProfileRemoveDisabled profile_remove_disabled; + xmlNodePtr tmp; int bank; =20 if (!(def =3D virDomainTPMDefNew(xmlopt))) @@ -10887,6 +10900,18 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, } virBitmapSetBitExpand(def->data.emulator.activePcrBanks, bank); } + + def->data.emulator.profile =3D virXPathString("string(./backend/pr= ofile[1])", ctxt); + if ((tmp =3D virXPathNode("./backend/profile[1]", ctxt))) { + if (virXMLPropEnum(tmp, "remove_disabled", + virDomainTPMProfileRemoveDisabledTypeFromSt= ring, + VIR_XML_PROP_NONZERO, + &profile_remove_disabled) < 0) + goto error; + if (profile_remove_disabled !=3D VIR_DOMAIN_TPM_PROFILE_REMOVE= _DISABLED_NONE) + def->data.emulator.profile_remove_disabled =3D + virDomainTPMProfileRemoveDisabledTypeToString(profile_r= emove_disabled); + } break; case VIR_DOMAIN_TPM_TYPE_EXTERNAL: if (!(type =3D virXPathString("string(./backend/source/@type)", ct= xt))) { @@ -25077,6 +25102,13 @@ virDomainTPMDefFormat(virBuffer *buf, =20 virXMLFormatElement(&backendChildBuf, "active_pcr_banks", NULL= , &activePcrBanksBuf); } + if (def->data.emulator.profile) { + virBufferAddLit(&backendChildBuf, "data.emulator.profile_remove_disabled) + virBufferAsprintf(&backendChildBuf, " remove_disabled=3D'%s= '", + def->data.emulator.profile_remove_disable= d); + virBufferAsprintf(&backendChildBuf, ">%s\n", def->da= ta.emulator.profile); + } break; case VIR_DOMAIN_TPM_TYPE_EXTERNAL: if (def->data.external.source->type =3D=3D VIR_DOMAIN_CHR_TYPE_UNI= X) { diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 97972f9909..4a171ee4da 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1493,6 +1493,8 @@ struct _virDomainTPMDef { bool hassecretuuid; bool persistent_state; virBitmap *activePcrBanks; + char *profile; + const char *profile_remove_disabled; } emulator; struct { virDomainChrSourceDef *source; diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index eddb4a5e74..efab3aa958 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -3025,6 +3025,13 @@ virDomainTPMDevValidate(const virDomainTPMDef *tpm) virDomainTPMVersionTypeToString(VIR_DOMAIN_TPM_= VERSION_2_0)); return -1; } + if (tpm->data.emulator.profile && + tpm->data.emulator.version !=3D VIR_DOMAIN_TPM_VERSION_2_0) { + virReportError(VIR_ERR_XML_ERROR, + _(" requires TPM version '%1$s'"), + virDomainTPMVersionTypeToString(VIR_DOMAIN_TPM_= VERSION_2_0)); + return -1; + } break; =20 case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: --=20 2.46.0 From nobody Sun Dec 22 06:29:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1726765371358116.50071749971971; Thu, 19 Sep 2024 10:02:51 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id A643815F4; Thu, 19 Sep 2024 13:02:33 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 5A4391517; Thu, 19 Sep 2024 13:00:52 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 2E9B8139F; Thu, 19 Sep 2024 13:00:45 -0400 (EDT) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id AD3081445 for ; Thu, 19 Sep 2024 13:00:44 -0400 (EDT) Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48JDoejM019563 for ; Thu, 19 Sep 2024 17:00:44 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41n41ax3jc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 19 Sep 2024 17:00:43 +0000 (GMT) Received: from m0360072.ppops.net (m0360072.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 48JGvLPf023474 for ; Thu, 19 Sep 2024 17:00:43 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41n41ax3j6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Sep 2024 17:00:43 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 48JGuUvK025033; Thu, 19 Sep 2024 17:00:42 GMT Received: from smtprelay04.dal12v.mail.ibm.com ([172.16.1.6]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 41nq1nab79-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Sep 2024 17:00:42 +0000 Received: from smtpav01.wdc07v.mail.ibm.com (smtpav01.wdc07v.mail.ibm.com [10.39.53.228]) by smtprelay04.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 48JH0gVX42140010 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 19 Sep 2024 17:00:42 GMT Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DEE4B58063; Thu, 19 Sep 2024 17:00:41 +0000 (GMT) Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 67BA45806B; Thu, 19 Sep 2024 17:00:41 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav01.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 19 Sep 2024 17:00:41 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=50bSxfVSKsl9x 0kXNK4FHiXUyI2oZO6ztLjDrcpMQAk=; b=D4eGDzJMn7tr29Tai23xZ95Rk85B/ J27JTRfC+hCPTTAs7bkP1Y+KIzMN3v1OmXnZ6NpKx7zgjheWVQaHsrhF/KVCn/QO 200zr/58wKvAc/HGZCQTGyQzetuc3tOFYJHWbpn/5Zu1YdBk+6a7BdKryGIMEILa fV+ReEJ1Ahm0k4TGUtyBeAhmVNk/jh0nwmzd86kHX2w+aMlVZkS31ky4e9wQ4/Qa GemLlJNwCam1sywKkBMBEv5+gyWnnYZkDwO14ltjc728gATo823IoDJWaPSzZgEY XRHRlMh+npUp8wc9wZ7tulI6hUWj9PchZ2V7srHWYe89G8zKQQnLQxRaQ== From: Stefan Berger To: devel@lists.libvirt.org Subject: [RFC PATCH v1 5/6] docs: Add documentation for the TPM backend profile node Date: Thu, 19 Sep 2024 13:00:35 -0400 Message-ID: <20240919170036.1970886-6-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240919170036.1970886-1-stefanb@linux.ibm.com> References: <20240919170036.1970886-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: bqwUd4O8AsHlaGO-qESoTbAp-z2DNUEQ X-Proofpoint-ORIG-GUID: Oq3yl6ZYJEZa-2Z8BG11f5xSweEBttDK X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-19_14,2024-09-19_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 lowpriorityscore=0 suspectscore=0 mlxscore=0 mlxlogscore=594 bulkscore=0 impostorscore=0 phishscore=0 priorityscore=1501 spamscore=0 clxscore=1015 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2408220000 definitions=main-2409190112 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: TLZ3AQDUV7CBCKVZKTQPAVQXKEXHTRRQ X-Message-ID-Hash: TLZ3AQDUV7CBCKVZKTQPAVQXKEXHTRRQ X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1726765372258116600 Content-Type: text/plain; charset="utf-8" Add documentation for the TPM backend profile node and point the reader to further documentation about TPM profiles available in the swtpm and TPMLIB_SetProfile man pages. Signed-off-by: Stefan Berger --- docs/formatdomain.rst | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 4336cff3ac..abb16df6fc 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -8119,6 +8119,7 @@ Example: usage of the TPM Emulator + {"Name":"custom"} @@ -8191,6 +8192,25 @@ Example: usage of the TPM Emulator and may not have any effect otherwise. The selection of PCR banks only = works with the ``emulator`` backend. :since:`Since 7.10.0` =20 +``profile`` + The ``profile`` node is used to set a profile for a TPM 2.0. This profi= le + will be set when the TPM is initially created and after that cannot be + changed anymore. If no profile is provided, then swtpm will use the lat= est + 'default' profile. The 'null' profile provides backwards compatibility = with + libtpms v0.9 but also restricts the user to use only TPM features that = were + available at the time of libtpms v0.9. The 'custom' profile is the only + profile that a user can modify and where the ``remove_disabled`` attrib= ute + has any effect. This attribute is particularly useful when a host is ru= nning + in FIPS mode and therefore some crypto algorithms (camellia, tdes, + unpadded RSA encryption, and others) are disabled. When it is set to + ``check`` (recommended) then only those algorithms that are currently + disabled will automatically be removed from the 'custom' profile, while + when it is set to ``fips-host`` then all potentially disabled algorithms + will be removed. :since:`Since 10.???.0` + + For further information about TPM profiles see the man pages for ``swtp= m`` + (swtpm v0.10) and libtpms's ``TPMLIB_SetProfile`` (libtpms v0.10). + ``encryption`` The ``encryption`` element allows the state of a TPM emulator to be encrypted. The ``secret`` must reference a secret object that holds the --=20 2.46.0 From nobody Sun Dec 22 06:29:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1726765382212675.8478408409377; Thu, 19 Sep 2024 10:03:02 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id AC8BE1599; Thu, 19 Sep 2024 13:02:58 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 92179167A; Thu, 19 Sep 2024 13:00:56 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 7D147163E; Thu, 19 Sep 2024 13:00:52 -0400 (EDT) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id CD3E9146B for ; Thu, 19 Sep 2024 13:00:45 -0400 (EDT) Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48JEPKr2030695 for ; Thu, 19 Sep 2024 17:00:45 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41n3udmum1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 19 Sep 2024 17:00:44 +0000 (GMT) Received: from m0360083.ppops.net (m0360083.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 48JH0i9u021204 for ; Thu, 19 Sep 2024 17:00:44 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41n3udmukx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Sep 2024 17:00:44 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 48JDkqLC024395; Thu, 19 Sep 2024 17:00:43 GMT Received: from smtprelay05.dal12v.mail.ibm.com ([172.16.1.7]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 41nq1nab7d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Sep 2024 17:00:43 +0000 Received: from smtpav01.wdc07v.mail.ibm.com (smtpav01.wdc07v.mail.ibm.com [10.39.53.228]) by smtprelay05.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 48JH0gF938404418 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 19 Sep 2024 17:00:43 GMT Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7D58458066; Thu, 19 Sep 2024 17:00:42 +0000 (GMT) Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0FE3558065; Thu, 19 Sep 2024 17:00:42 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav01.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 19 Sep 2024 17:00:41 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=ySb7u54Z6yDnT pGFa5FXFmSZ8ipLeDz3yLjzFrvNtqw=; b=Aty5h1l8TV061yjNLNbk7KLE+BZwe udz5IhAWYgiRQGyw2idCNL+uXS5lVXlz07kwVXr97YBUZI1HmtVNrRmruoHLNP0n E5LhfbilipLKwDN/VPMMbm6dqH1vpTYS1SZVFRpfskDk30cHodLnT7Xej2Z+89JK ucwTNYDR9xP6KxfhxLLQXa1M25dnDyHu5k7tM8pZ+2F1h4u0HtL4QJKpLzZ8zDYh Gq1AAYiuHwoInK97jQjTs4NSm1qMH5PXeOxFHvj5rGshfKzDOC/gjHpl5b49r+gV oRRb1XRSGgTEoUhvnQpbjxqHygWAKkt2hBcIPHVL+BqszprUYnfQMEEiA== From: Stefan Berger To: devel@lists.libvirt.org Subject: [RFC PATCH v1 6/6] qemu: Run swtpm_setup with --profile option if profile given Date: Thu, 19 Sep 2024 13:00:36 -0400 Message-ID: <20240919170036.1970886-7-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240919170036.1970886-1-stefanb@linux.ibm.com> References: <20240919170036.1970886-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: FrPKfuDcvoIEu99iXjxcpaGqQg0rvcjF X-Proofpoint-ORIG-GUID: aBgW-bTCmKSTTNfjcSVS-XJ071TGj8fI X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-19_14,2024-09-19_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 bulkscore=0 phishscore=0 impostorscore=0 spamscore=0 priorityscore=1501 suspectscore=0 adultscore=0 mlxscore=0 lowpriorityscore=0 malwarescore=0 mlxlogscore=935 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2408220000 definitions=main-2409190112 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: EEIXUWRWG5UX22KBGIAHVVRUDUYTQUNS X-Message-ID-Hash: EEIXUWRWG5UX22KBGIAHVVRUDUYTQUNS X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1726765384276116600 Content-Type: text/plain; charset="utf-8" Runs swtpm_setup with the --profile option if the user provided a profile and swtpm_setup supports the option. Also use the --profile-remove-disabled option if the user provided a value in the remove_disabled attribute in the profile XML node. Signed-off-by: Stefan Berger --- src/qemu/qemu_tpm.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 2f17918cbb..ec0e456163 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -355,6 +355,8 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd, * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2 * @encryption: pointer to virStorageEncryption holding secret * @incomingMigration: whether we have an incoming migration + * @profile: optional TPM 2 profile + * @profile_remove_disabled: value for remove_disabled option parameter * * Setup the external swtpm by creating endorsement key and * certificates for it. @@ -369,7 +371,9 @@ qemuTPMEmulatorRunSetup(const char *storagepath, const char *logfile, const virDomainTPMVersion tpmversion, const unsigned char *secretuuid, - bool incomingMigration) + bool incomingMigration, + const char *profile, + const char *profile_remove_disabled) { g_autoptr(virCommand) cmd =3D NULL; int exitstatus; @@ -422,6 +426,22 @@ qemuTPMEmulatorRunSetup(const char *storagepath, "--lock-nvram", "--not-overwrite", NULL); + if (profile) { + if (!virTPMSwtpmSetupCapsGet( + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE)) { + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s", + _("swtpm_setup has no support for profiles"= )); + return -1; + } + virCommandAddArgList(cmd, + "--profile", profile, + NULL); + if (profile_remove_disabled) + virCommandAddArgList(cmd, + "--profile-remove-disable", + profile_remove_disabled, + NULL); + } } else { virCommandAddArgList(cmd, "--tpm-state", storagepath, @@ -584,7 +604,9 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, privileged, swtpm_user, swtpm_group, tpm->data.emulator.logfile, tpm->data.emulator.version, - secretuuid, incomingMigration) < 0) + secretuuid, incomingMigration, + tpm->data.emulator.profile, + tpm->data.emulator.profile_remove_disabled= ) < 0) goto error; =20 if (!incomingMigration && --=20 2.46.0