From nobody Sun Dec 22 06:13:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1727379194202720.1600736175437; Thu, 26 Sep 2024 12:33:14 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id D30FD1270; Thu, 26 Sep 2024 15:33:12 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 1FE721365; Thu, 26 Sep 2024 15:32:21 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 8B03312AA; Thu, 26 Sep 2024 15:32:16 -0400 (EDT) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 9BE1C12A8 for ; Thu, 26 Sep 2024 15:32:15 -0400 (EDT) Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48QEeGEP014810 for ; Thu, 26 Sep 2024 19:32:14 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41smjk80gh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 26 Sep 2024 19:32:14 +0000 (GMT) Received: from m0353725.ppops.net (m0353725.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 48QJWEHS007614 for ; Thu, 26 Sep 2024 19:32:14 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41smjk80gf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:14 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 48QJE6f2020824; Thu, 26 Sep 2024 19:32:13 GMT Received: from smtprelay06.wdc07v.mail.ibm.com ([172.16.1.73]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 41tb63gnc8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:13 +0000 Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232]) by smtprelay06.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 48QJWCd310158830 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Sep 2024 19:32:12 GMT Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9C1F95805D; Thu, 26 Sep 2024 19:32:12 +0000 (GMT) Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2BCB558053; Thu, 26 Sep 2024 19:32:12 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Sep 2024 19:32:12 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=iRib3+jhdfmKt MnXihNp6J4pRItPKIjcMquPhGryLCI=; b=CucYpipBKuUL5uSBbUS4RsNtuiXLK IWvMseRYa3UXQ/0BNGnMLsZ74PyJy+0c3pZe1aKk4632jOc64rNi72bYTg0f0pG3 oLsK9rk0pvF4IXS053EwWXDv06cjQ9fTPli1Jvilblmsa4zUuZy6AFxG4nN0zdOP tk/GoX0ubM6yJDLUKBzO22y4+xAFtankPqFI0dZZKDBXWQZWwYqsG5Z3w55bb7oG OVhupQn2vbcf0gt1GNvMMnW0G2pBR/QZ1bcMJyKuzl2JoGfokKvy49aaza45+xqR Kf9E6ptiDwfWis+PS0KaGa+4fRkWEyU35leE1QC3eZRYzCcWx11jdk4Yg== From: Stefan Berger To: devel@lists.libvirt.org Subject: [RFC PATCH v2 1/8] conf: Move TPM emulator parameters into own struct Date: Thu, 26 Sep 2024 15:32:01 -0400 Message-ID: <20240926193208.8192-2-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20240926193208.8192-1-stefanb@linux.ibm.com> References: <20240926193208.8192-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: PzZ1TB4clWuFMc2vj39gn1UC-JqK40u0 X-Proofpoint-GUID: mohcdbbArKhNmd0AR1_boVZc2O2GPKyr X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-26_04,2024-09-26_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 impostorscore=0 adultscore=0 malwarescore=0 suspectscore=0 bulkscore=0 spamscore=0 mlxscore=0 lowpriorityscore=0 phishscore=0 clxscore=1015 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2408220000 definitions=main-2409260135 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: UPK66ECMZEAFP5OGR23242KMAMZSAHYB X-Message-ID-Hash: UPK66ECMZEAFP5OGR23242KMAMZSAHYB X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1727379194786116600 Content-Type: text/plain; charset="utf-8" To avoid passing TPM emulator parameters around individually, move them into a structure and pass around the structure. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- src/conf/domain_conf.h | 24 ++++++++++++---------- src/conf/virconftypes.h | 2 ++ src/qemu/qemu_tpm.c | 45 ++++++++++++++++------------------------- 3 files changed, 32 insertions(+), 39 deletions(-) diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index a15af4fae3..e5aee3c2cf 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1465,6 +1465,18 @@ typedef enum { =20 #define VIR_DOMAIN_TPM_DEFAULT_DEVICE "/dev/tpm0" =20 +struct _virDomainTPMEmulatorDef { + virDomainTPMVersion version; + virDomainChrSourceDef *source; + char *storagepath; + char *logfile; + unsigned int debug; + unsigned char secretuuid[VIR_UUID_BUFLEN]; + bool hassecretuuid; + bool persistent_state; + virBitmap *activePcrBanks; +}; + struct _virDomainTPMDef { virObject *privateData; =20 @@ -1475,17 +1487,7 @@ struct _virDomainTPMDef { struct { virDomainChrSourceDef *source; } passthrough; - struct { - virDomainTPMVersion version; - virDomainChrSourceDef *source; - char *storagepath; - char *logfile; - unsigned int debug; - unsigned char secretuuid[VIR_UUID_BUFLEN]; - bool hassecretuuid; - bool persistent_state; - virBitmap *activePcrBanks; - } emulator; + virDomainTPMEmulatorDef emulator; struct { virDomainChrSourceDef *source; } external; diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index f18ebcca10..59be61cea4 100644 --- a/src/conf/virconftypes.h +++ b/src/conf/virconftypes.h @@ -234,6 +234,8 @@ typedef struct _virDomainAudioDef virDomainAudioDef; =20 typedef struct _virDomainTPMDef virDomainTPMDef; =20 +typedef struct _virDomainTPMEmulatorDef virDomainTPMEmulatorDef; + typedef struct _virDomainThreadSchedParam virDomainThreadSchedParam; =20 typedef struct _virDomainTimerCatchupDef virDomainTimerCatchupDef; diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 2f17918cbb..592fcc62fa 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -350,10 +350,8 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd, * @swtpm_user: The userid to switch to when setting up the TPM; * typically this should be the uid of 'tss' or 'root' * @swtpm_group: The group id to switch to - * @logfile: The file to write the log into; it must be writable - * for the user given by userid or 'tss' - * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2 - * @encryption: pointer to virStorageEncryption holding secret + * @emulator: emulator parameters + * @secretuuid: UUID describing virStorageEncryption holding secret * @incomingMigration: whether we have an incoming migration * * Setup the external swtpm by creating endorsement key and @@ -366,8 +364,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath, bool privileged, uid_t swtpm_user, gid_t swtpm_group, - const char *logfile, - const virDomainTPMVersion tpmversion, + const virDomainTPMEmulatorDef *emulator, const unsigned char *secretuuid, bool incomingMigration) { @@ -380,9 +377,9 @@ qemuTPMEmulatorRunSetup(const char *storagepath, if (!swtpm_setup) return -1; =20 - if (!privileged && tpmversion =3D=3D VIR_DOMAIN_TPM_VERSION_1_2 && + if (!privileged && emulator->version =3D=3D VIR_DOMAIN_TPM_VERSION_1_2= && !virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEE= D_ROOT)) { - return virFileWriteStr(logfile, + return virFileWriteStr(emulator->logfile, _("Did not create EK and certificates since= this requires privileged mode for a TPM 1.2\n"), 0600); } =20 @@ -397,7 +394,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath, virCommandSetUID(cmd, swtpm_user); virCommandSetGID(cmd, swtpm_group); =20 - switch (tpmversion) { + switch (emulator->version) { case VIR_DOMAIN_TPM_VERSION_1_2: break; case VIR_DOMAIN_TPM_VERSION_2_0: @@ -415,7 +412,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath, virCommandAddArgList(cmd, "--tpm-state", storagepath, "--vmid", vmid, - "--logfile", logfile, + "--logfile", emulator->logfile, "--createek", "--create-ek-cert", "--create-platform-cert", @@ -425,7 +422,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath, } else { virCommandAddArgList(cmd, "--tpm-state", storagepath, - "--logfile", logfile, + "--logfile", emulator->logfile, "--overwrite", NULL); } @@ -435,7 +432,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath, if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus !=3D 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Could not run '%1$s'. exitstatus: %2$d; Check er= ror log '%3$s' for details."), - swtpm_setup, exitstatus, logfile); + swtpm_setup, exitstatus, emulator->logfile); return -1; } =20 @@ -469,10 +466,7 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks) * @swtpm_user: The userid to switch to when setting up the TPM; * typically this should be the uid of 'tss' or 'root' * @swtpm_group: The group id to switch to - * @activePcrBanks: The string describing the active PCR banks - * @logfile: The file to write the log into; it must be writable - * for the user given by userid or 'tss' - * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2 + * @emulator: emulator parameters * @secretuuid: The secret's UUID needed for state encryption * * Reconfigure the active PCR banks of a TPM 2. @@ -481,9 +475,7 @@ static int qemuTPMEmulatorReconfigure(const char *storagepath, uid_t swtpm_user, gid_t swtpm_group, - virBitmap *activePcrBanks, - const char *logfile, - const virDomainTPMVersion tpmversion, + const virDomainTPMEmulatorDef *emulator, const unsigned char *secretuuid) { g_autoptr(virCommand) cmd =3D NULL; @@ -494,8 +486,8 @@ qemuTPMEmulatorReconfigure(const char *storagepath, if (!swtpm_setup) return -1; =20 - if (tpmversion !=3D VIR_DOMAIN_TPM_VERSION_2_0 || - (activePcrBanksStr =3D qemuTPMPcrBankBitmapToStr(activePcrBanks)) = =3D=3D NULL || + if (emulator->version !=3D VIR_DOMAIN_TPM_VERSION_2_0 || + (activePcrBanksStr =3D qemuTPMPcrBankBitmapToStr(emulator->activeP= crBanks)) =3D=3D NULL || !virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONF= IGURE_PCR_BANKS)) return 0; =20 @@ -511,7 +503,7 @@ qemuTPMEmulatorReconfigure(const char *storagepath, =20 virCommandAddArgList(cmd, "--tpm-state", storagepath, - "--logfile", logfile, + "--logfile", emulator->logfile, "--pcr-banks", activePcrBanksStr, "--reconfigure", NULL); @@ -521,7 +513,7 @@ qemuTPMEmulatorReconfigure(const char *storagepath, if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus !=3D 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Could not run '%1$s --reconfigure'. exitstatus: = %2$d; Check error log '%3$s' for details."), - swtpm_setup, exitstatus, logfile); + swtpm_setup, exitstatus, emulator->logfile); return -1; } =20 @@ -582,17 +574,14 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, if (created && qemuTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vm= uuid, privileged, swtpm_user, swtpm_group, - tpm->data.emulator.logfile, - tpm->data.emulator.version, + &tpm->data.emulator, secretuuid, incomingMigration) < 0) goto error; =20 if (!incomingMigration && qemuTPMEmulatorReconfigure(tpm->data.emulator.storagepath, swtpm_user, swtpm_group, - tpm->data.emulator.activePcrBanks, - tpm->data.emulator.logfile, - tpm->data.emulator.version, + &tpm->data.emulator, secretuuid) < 0) goto error; =20 --=20 2.46.1 From nobody Sun Dec 22 06:13:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1727379223522599.1334315974715; Thu, 26 Sep 2024 12:33:43 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 4E6D713E5; Thu, 26 Sep 2024 15:33:38 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 695B412F8; Thu, 26 Sep 2024 15:32:23 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id DE0E112A8; Thu, 26 Sep 2024 15:32:16 -0400 (EDT) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id CD30112AD for ; Thu, 26 Sep 2024 15:32:15 -0400 (EDT) Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48QESNbQ018950 for ; Thu, 26 Sep 2024 19:32:15 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41skjs04hf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 26 Sep 2024 19:32:15 +0000 (GMT) Received: from m0356516.ppops.net (m0356516.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 48QJWEeX000332 for ; Thu, 26 Sep 2024 19:32:14 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41skjs04hc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:14 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 48QIrcYK005816; Thu, 26 Sep 2024 19:32:14 GMT Received: from smtprelay07.wdc07v.mail.ibm.com ([172.16.1.74]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 41tapmrs8n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:13 +0000 Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232]) by smtprelay07.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 48QJWDDH26870358 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Sep 2024 19:32:13 GMT Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3B14758059; Thu, 26 Sep 2024 19:32:13 +0000 (GMT) Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BEDC958053; Thu, 26 Sep 2024 19:32:12 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Sep 2024 19:32:12 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=yjOwD1cIKvaiv oVXfWOEdHZ/gDw91Wa8Eo3GA/dHDJA=; b=tr+ZVG2fypIMsAACX1mLTHdLNEFbG xWvU0axN/6CTa2dPXw3C356qsLkrEZoxnrO7evp+H9p8VwU4/1L5G547j3MNWY/u 5jGhMmrPNLDmSsFE6FaYMmWgNExk0zbO0yEa5oIriXr6vl3WmquPu/jQpBUmMOKr EVuoDam6F75yDNUdv4jkOTIhBvOHQWhi2zYRLHcx3KtE1egFF+OQJRJXhajg2gAg wKDT8F/uRMBA2qTv/Ru8SBL1CE56SRMo5xRrCzrSFJQkhh7lnj2NGZvDKAYeUX0i dQNZjTGD1D6JW9CCfSBlZ7ZQnt3z2XunbX15LPEUZWy/IuXZg4PJP7zCQ== From: Stefan Berger To: devel@lists.libvirt.org Subject: [RFC PATCH v2 2/8] qemu: Pass virQEMUDriverConfig rather than some of its fields Date: Thu, 26 Sep 2024 15:32:02 -0400 Message-ID: <20240926193208.8192-3-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20240926193208.8192-1-stefanb@linux.ibm.com> References: <20240926193208.8192-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 2cfaqh_U7rbBIdE9g5M-cRI78E54zXPL X-Proofpoint-ORIG-GUID: _1QOydQgHW-BkbKNIFR4cLgQWxD90Tn4 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-26_04,2024-09-26_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 priorityscore=1501 spamscore=0 adultscore=0 lowpriorityscore=0 impostorscore=0 phishscore=0 clxscore=1011 malwarescore=0 mlxlogscore=999 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2408220000 definitions=main-2409260135 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: XCMLAIYG3BH5LDJWV5E5RYO4E3UVV5KI X-Message-ID-Hash: XCMLAIYG3BH5LDJWV5E5RYO4E3UVV5KI X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1727379225011116600 Content-Type: text/plain; charset="utf-8" Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- src/qemu/qemu_tpm.c | 47 +++++++++++++++++---------------------------- 1 file changed, 18 insertions(+), 29 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 592fcc62fa..e8e7e8b5c1 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -347,9 +347,7 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd, * @vmname: the name of the VM * @vmuuid: the UUID of the VM * @privileged: whether we are running in privileged mode - * @swtpm_user: The userid to switch to when setting up the TPM; - * typically this should be the uid of 'tss' or 'root' - * @swtpm_group: The group id to switch to + * @cfg: virQEMUDriverConfig * @emulator: emulator parameters * @secretuuid: UUID describing virStorageEncryption holding secret * @incomingMigration: whether we have an incoming migration @@ -362,8 +360,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath, const char *vmname, const unsigned char *vmuuid, bool privileged, - uid_t swtpm_user, - gid_t swtpm_group, + const virQEMUDriverConfig *cfg, const virDomainTPMEmulatorDef *emulator, const unsigned char *secretuuid, bool incomingMigration) @@ -391,8 +388,8 @@ qemuTPMEmulatorRunSetup(const char *storagepath, virUUIDFormat(vmuuid, uuid); vmid =3D g_strdup_printf("%s:%s", vmname, uuid); =20 - virCommandSetUID(cmd, swtpm_user); - virCommandSetGID(cmd, swtpm_group); + virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or '= root' */ + virCommandSetGID(cmd, cfg->swtpm_group); =20 switch (emulator->version) { case VIR_DOMAIN_TPM_VERSION_1_2: @@ -463,9 +460,7 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks) * * * @storagepath: path to the directory for TPM state - * @swtpm_user: The userid to switch to when setting up the TPM; - * typically this should be the uid of 'tss' or 'root' - * @swtpm_group: The group id to switch to + * @cfg: virQEMUDriverConfig * @emulator: emulator parameters * @secretuuid: The secret's UUID needed for state encryption * @@ -473,8 +468,7 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks) */ static int qemuTPMEmulatorReconfigure(const char *storagepath, - uid_t swtpm_user, - gid_t swtpm_group, + const virQEMUDriverConfig *cfg, const virDomainTPMEmulatorDef *emulator, const unsigned char *secretuuid) { @@ -493,8 +487,8 @@ qemuTPMEmulatorReconfigure(const char *storagepath, =20 cmd =3D virCommandNew(swtpm_setup); =20 - virCommandSetUID(cmd, swtpm_user); - virCommandSetGID(cmd, swtpm_group); + virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or '= root' */ + virCommandSetGID(cmd, cfg->swtpm_group); =20 virCommandAddArgList(cmd, "--tpm2", NULL); =20 @@ -528,8 +522,7 @@ qemuTPMEmulatorReconfigure(const char *storagepath, * @vmname: The name of the VM * @vmuuid: The UUID of the VM * @privileged: whether we are running in privileged mode - * @swtpm_user: The uid for the swtpm to run as (drop privileges to from r= oot) - * @swtpm_group: The gid for the swtpm to run as + * @cfg: virQEMUDriverConfig * @incomingMigration: whether we have an incoming migration * * Create the virCommand use for starting the emulator @@ -541,8 +534,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, const char *vmname, const unsigned char *vmuuid, bool privileged, - uid_t swtpm_user, - gid_t swtpm_group, + const virQEMUDriverConfig *cfg, bool incomingMigration) { g_autoptr(virCommand) cmd =3D NULL; @@ -565,7 +557,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, create_storage =3D false; =20 if (create_storage && - qemuTPMEmulatorCreateStorage(tpm, &created, swtpm_user, swtpm_grou= p) < 0) + qemuTPMEmulatorCreateStorage(tpm, &created, + cfg->swtpm_user, cfg->swtpm_group) < = 0) return NULL; =20 if (tpm->data.emulator.hassecretuuid) @@ -573,16 +566,13 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, =20 if (created && qemuTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vm= uuid, - privileged, swtpm_user, swtpm_group, - &tpm->data.emulator, + privileged, cfg, &tpm->data.emulator, secretuuid, incomingMigration) < 0) goto error; =20 if (!incomingMigration && - qemuTPMEmulatorReconfigure(tpm->data.emulator.storagepath, - swtpm_user, swtpm_group, - &tpm->data.emulator, - secretuuid) < 0) + qemuTPMEmulatorReconfigure(tpm->data.emulator.storagepath, cfg, + &tpm->data.emulator, secretuuid) < 0) goto error; =20 unlink(tpm->data.emulator.source->data.nix.path); @@ -608,8 +598,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, =20 virCommandAddArg(cmd, "--terminate"); =20 - virCommandSetUID(cmd, swtpm_user); - virCommandSetGID(cmd, swtpm_group); + virCommandSetUID(cmd, cfg->swtpm_user); + virCommandSetGID(cmd, cfg->swtpm_group); =20 switch (tpm->data.emulator.version) { case VIR_DOMAIN_TPM_VERSION_1_2: @@ -926,8 +916,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, =20 if (!(cmd =3D qemuTPMEmulatorBuildCommand(tpm, vm->def->name, vm->def-= >uuid, driver->privileged, - cfg->swtpm_user, - cfg->swtpm_group, + cfg, incomingMigration))) return -1; =20 --=20 2.46.1 From nobody Sun Dec 22 06:13:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1727379238354303.23929733842033; Thu, 26 Sep 2024 12:33:58 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 3A4C71416; Thu, 26 Sep 2024 15:33:57 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 74FDD13D2; Thu, 26 Sep 2024 15:32:25 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id E359012A8; Thu, 26 Sep 2024 15:32:17 -0400 (EDT) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 2921D1270 for ; Thu, 26 Sep 2024 15:32:17 -0400 (EDT) Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48QDcdoQ005707 for ; Thu, 26 Sep 2024 19:32:16 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41snnarghr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 26 Sep 2024 19:32:15 +0000 (GMT) Received: from m0360083.ppops.net (m0360083.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 48QJSaiK005630 for ; Thu, 26 Sep 2024 19:32:15 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41snnarghp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:15 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 48QJHPjZ020843; Thu, 26 Sep 2024 19:32:14 GMT Received: from smtprelay07.wdc07v.mail.ibm.com ([172.16.1.74]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 41tb63gnca-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:14 +0000 Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232]) by smtprelay07.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 48QJWDYZ28967602 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Sep 2024 19:32:13 GMT Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CE5A658059; Thu, 26 Sep 2024 19:32:13 +0000 (GMT) Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5DDCB58053; Thu, 26 Sep 2024 19:32:13 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Sep 2024 19:32:13 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=rzZ6VvS6GUePa Vpio1aFnowTPfV6Y9RjLRndVpxv43k=; b=Z0b+3Ryz5A+pH9k15lYL0SK6P77GC 2ndc7ew8xMGApdCsXYwv6Kv5xub/nRgOSrt6DWKQ5QS4XmiNcGv0Fq+3b6q8JIgN 6EujblmQ5+bpN9kw9twqYGPn/PcrjSLe3CFQ7BAQBtrz+GVysUGnxot/rAI8qACt ZEYJQgX8D0ebMr7r1cQMDsBPsLWGDh8PiMEUUZ1kAtXdKSjn2hOT6dYD5jJd8r2H U86brAbnuwPxh4r47EfHMK49du2v5FNFfskzUl88BI9N3w7WXbKqVaXFWWm4IXJg 84I1zBNdWOSPUxpLBz1z0EtwqLd7mHI4Hfg3gn6JVjLl5cZmcmOAH+dcA== From: Stefan Berger To: devel@lists.libvirt.org Subject: [RFC PATCH v2 3/8] util: Add parsing support for swtpm_setup's cmdarg-profile capability Date: Thu, 26 Sep 2024 15:32:03 -0400 Message-ID: <20240926193208.8192-4-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20240926193208.8192-1-stefanb@linux.ibm.com> References: <20240926193208.8192-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: y3A0Hwl6Wdf4VeTt4D3pdWsFh_M_G9JR X-Proofpoint-ORIG-GUID: IOBuCiwQwpn3Q3ToqnLy1zRtRAxI131L X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-26_04,2024-09-26_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 adultscore=0 mlxscore=0 mlxlogscore=740 spamscore=0 impostorscore=0 priorityscore=1501 phishscore=0 bulkscore=0 clxscore=1015 lowpriorityscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2408220000 definitions=main-2409260135 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 4MFO7TLMYFYOCA6VI36ONHFT5H366Z5S X-Message-ID-Hash: 4MFO7TLMYFYOCA6VI36ONHFT5H366Z5S X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1727379239009116600 Content-Type: text/plain; charset="utf-8" Add support for parsing swtpm_setup 'cmdarg-profile' capability (since v0.10). Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + tests/testutilsqemu.c | 1 + 3 files changed, 3 insertions(+) diff --git a/src/util/virtpm.c b/src/util/virtpm.c index 81fd6166cf..d991657696 100644 --- a/src/util/virtpm.c +++ b/src/util/virtpm.c @@ -50,6 +50,7 @@ VIR_ENUM_IMPL(virTPMSwtpmSetupFeature, "cmdarg-reconfigure-pcr-banks", "tpm-1.2", "tpm-2.0", + "cmdarg-profile", ); =20 /** diff --git a/src/util/virtpm.h b/src/util/virtpm.h index fb330effa8..18c2877c03 100644 --- a/src/util/virtpm.h +++ b/src/util/virtpm.h @@ -42,6 +42,7 @@ typedef enum { VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS, VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2, VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0, + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE, =20 VIR_TPM_SWTPM_SETUP_FEATURE_LAST } virTPMSwtpmSetupFeature; diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c index ee6cae218a..ba4677fb4c 100644 --- a/tests/testutilsqemu.c +++ b/tests/testutilsqemu.c @@ -71,6 +71,7 @@ virTPMSwtpmSetupCapsGet(virTPMSwtpmSetupFeature cap) case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES: case VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT: case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS: + case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE: case VIR_TPM_SWTPM_SETUP_FEATURE_LAST: break; } --=20 2.46.1 From nobody Sun Dec 22 06:13:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1727379265492975.9808869169391; Thu, 26 Sep 2024 12:34:25 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 10F8012FF; Thu, 26 Sep 2024 15:34:23 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id A5072133F; Thu, 26 Sep 2024 15:32:26 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id CAAD112A8; Thu, 26 Sep 2024 15:32:18 -0400 (EDT) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 37B7012A8 for ; Thu, 26 Sep 2024 15:32:18 -0400 (EDT) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48QEwtSU021165 for ; Thu, 26 Sep 2024 19:32:17 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41snvbgfv0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 26 Sep 2024 19:32:17 +0000 (GMT) Received: from m0356517.ppops.net (m0356517.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 48QJWGQv030131 for ; Thu, 26 Sep 2024 19:32:16 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41snvbgfus-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:16 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 48QIAsEf008722; Thu, 26 Sep 2024 19:32:15 GMT Received: from smtprelay02.dal12v.mail.ibm.com ([172.16.1.4]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 41t8v1h4wh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:15 +0000 Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232]) by smtprelay02.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 48QJWE9L45285808 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Sep 2024 19:32:14 GMT Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6DBDF58059; Thu, 26 Sep 2024 19:32:14 +0000 (GMT) Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F14BF58053; Thu, 26 Sep 2024 19:32:13 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Sep 2024 19:32:13 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=plYLdFMtlcJUf BxR2Gaij6vCT76Wkc7RR1VUiotuJNk=; b=mt+3qOAmcAWuozJZUB6PL+gusx3Dw KuGAm9uOBLZhuoeiVyOp4cPbSEmNJOGfDQThdR/8E+WTc9KTKlEf1BvvMVWx9JyG ImXCRF27bxPiWmFNWeLfFFNh+IwToNzJA2GzikkuAPcqlkBjo/TLisOCKNL+9kEu zacwHDdLIjddfmf+u7S5xXTnh7s3kAZ1ywLhntche9iph2W0DpqDShMbO82o+acm ZOGftvWXK8Zeeae3RMt5hD8Ejj2s0XptlvuvYgJQXLDyW+xw+E1LNZbRhKCiOrh4 07vL3w8HEc8hylBKqh8qzv53262IlKYe4jY/AX/WHjyQU3Z/9lhGY2fYA== From: Stefan Berger To: devel@lists.libvirt.org Subject: [RFC PATCH v2 4/8] conf: Define enum virDomainTPMProfileRemoveDisabled Date: Thu, 26 Sep 2024 15:32:04 -0400 Message-ID: <20240926193208.8192-5-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20240926193208.8192-1-stefanb@linux.ibm.com> References: <20240926193208.8192-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: -WRMcCKOSEeEB-cS5ra17uWGcPeWrgrV X-Proofpoint-GUID: Xe0mCZC9oTL4EhR7QPdUH79BofLunOXs X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-26_04,2024-09-26_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 priorityscore=1501 phishscore=0 clxscore=1015 spamscore=0 mlxscore=0 adultscore=0 impostorscore=0 bulkscore=0 malwarescore=0 suspectscore=0 mlxlogscore=673 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2408220000 definitions=main-2409260135 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 62NKEKE3JQEYVAMYGZAT25EEDYLMD3PT X-Message-ID-Hash: 62NKEKE3JQEYVAMYGZAT25EEDYLMD3PT X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1727379267065116600 Content-Type: text/plain; charset="utf-8" Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- src/conf/domain_conf.c | 7 +++++++ src/conf/domain_conf.h | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 7f6a91c427..1c8fffdfa5 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1330,6 +1330,13 @@ VIR_ENUM_IMPL(virDomainTPMPcrBank, "sha512", ); =20 +VIR_ENUM_IMPL(virDomainTPMProfileRemoveDisabled, + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_LAST, + "none", + "check", + "fips-host", +); + VIR_ENUM_IMPL(virDomainIOMMUModel, VIR_DOMAIN_IOMMU_MODEL_LAST, "intel", diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index e5aee3c2cf..ec821ea6fc 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1463,6 +1463,14 @@ typedef enum { VIR_DOMAIN_TPM_PCR_BANK_LAST } virDomainPcrBank; =20 +typedef enum { + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_NONE =3D 0, + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_CHECK, + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_FIPS_HOST, + + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_LAST +} virDomainTPMProfileRemoveDisabled; + #define VIR_DOMAIN_TPM_DEFAULT_DEVICE "/dev/tpm0" =20 struct _virDomainTPMEmulatorDef { @@ -4280,6 +4288,7 @@ VIR_ENUM_DECL(virDomainTPMModel); VIR_ENUM_DECL(virDomainTPMBackend); VIR_ENUM_DECL(virDomainTPMVersion); VIR_ENUM_DECL(virDomainTPMPcrBank); +VIR_ENUM_DECL(virDomainTPMProfileRemoveDisabled); VIR_ENUM_DECL(virDomainMemoryModel); VIR_ENUM_DECL(virDomainMemoryBackingModel); VIR_ENUM_DECL(virDomainMemorySource); --=20 2.46.1 From nobody Sun Dec 22 06:13:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1727379301994599.6162745288234; Thu, 26 Sep 2024 12:35:01 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 8C09D13C5; Thu, 26 Sep 2024 15:35:00 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 066321360; Thu, 26 Sep 2024 15:32:31 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 376D01355; Thu, 26 Sep 2024 15:32:21 -0400 (EDT) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id E20A012AC for ; Thu, 26 Sep 2024 15:32:18 -0400 (EDT) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48QC75cw020944 for ; Thu, 26 Sep 2024 19:32:18 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41snvbgfv4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 26 Sep 2024 19:32:17 +0000 (GMT) Received: from m0356517.ppops.net (m0356517.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 48QJWGQx030131 for ; Thu, 26 Sep 2024 19:32:17 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41snvbgfuu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:17 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 48QI7r2N008701; Thu, 26 Sep 2024 19:32:16 GMT Received: from smtprelay03.dal12v.mail.ibm.com ([172.16.1.5]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 41t8v1h4wn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:16 +0000 Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232]) by smtprelay03.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 48QJWFtj38732238 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Sep 2024 19:32:15 GMT Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0BABD58059; Thu, 26 Sep 2024 19:32:15 +0000 (GMT) Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9010A58053; Thu, 26 Sep 2024 19:32:14 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Sep 2024 19:32:14 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=qCw9UJKZ5eJUy 5au9PTJ+6HrIiGThyPgMGwcra+cdvg=; b=csvwYG7iIIiJ8rZLNDU6EjjrQWauk OWcd3rAxGMkSm0gDQeJMByYLfVtEe8uApBFk8cCfWUqaO+UA7nwJI4vvZGW7DC85 ydWPr5b2E576bILFQIwO2YEiMrJZRap0rtJfcbCG+Z49yzdwWuD929WbEXRDbZBV Rlp+aahpVFnmd97F7xMBsW/M2Y5wZlHGvum4Qe07kR+PY0F4Qa6h/JIE5LxP4FGH 8g4ZCMPA1V6xgb1cS6UgBZlxqxLZ5mcLFsnUThQi03V4YdYKITUCdq9d13Sfm8jt R5voo0qH+svkxS4s8mQ7OatOdbHCMiqNo1Dewt5hGhUXd2AlAb6EJCTlw== From: Stefan Berger To: devel@lists.libvirt.org Subject: [RFC PATCH v2 5/8] schema: Extend schema for TPM emulator profile node Date: Thu, 26 Sep 2024 15:32:05 -0400 Message-ID: <20240926193208.8192-6-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20240926193208.8192-1-stefanb@linux.ibm.com> References: <20240926193208.8192-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: D0z4u4AKN2UCdw98AkOZScR-2hQACDsf X-Proofpoint-GUID: dsTAqNh2tOCuYpY8twp8vGb1OKrYxcr- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-26_04,2024-09-26_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 priorityscore=1501 phishscore=0 clxscore=1015 spamscore=0 mlxscore=0 adultscore=0 impostorscore=0 bulkscore=0 malwarescore=0 suspectscore=0 mlxlogscore=952 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2408220000 definitions=main-2409260135 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: CVNH52K6G6QJMUU4ZNRY7HCRXQ3VR2PR X-Message-ID-Hash: CVNH52K6G6QJMUU4ZNRY7HCRXQ3VR2PR X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1727379303543116600 Content-Type: text/plain; charset="utf-8" Extend the schema for the TPM emulator profile node. Require that the profile the user provides is describe in a name attribute. An optional remove_disabled attribute is also supported for swtpm to automatically remove algorithms from the 'custom' profile if they are disabled by FIPS mode on the host. Signed-off-by: Stefan Berger --- src/conf/schemas/domaincommon.rng | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom= mon.rng index efb5f00d77..29e45d47e9 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -5923,6 +5923,7 @@ + @@ -6020,6 +6021,30 @@ =20 + + + [A-Za-z0-9\-\.]+ + + + + + + + + + + + + + check + fips-host + + + + + + + --=20 2.46.1 From nobody Sun Dec 22 06:13:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1727379339893177.6725058423841; Thu, 26 Sep 2024 12:35:39 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 9502512AA; Thu, 26 Sep 2024 15:35:38 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 9EA2C144E; Thu, 26 Sep 2024 15:32:35 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id E482F12ED; Thu, 26 Sep 2024 15:32:27 -0400 (EDT) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id B83DA12ED for ; Thu, 26 Sep 2024 15:32:19 -0400 (EDT) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48QEpFoi021151 for ; Thu, 26 Sep 2024 19:32:18 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41snvbgfv6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 26 Sep 2024 19:32:18 +0000 (GMT) Received: from m0356517.ppops.net (m0356517.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 48QJWHn9030159 for ; Thu, 26 Sep 2024 19:32:17 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41snvbgfuy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:17 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 48QHpL7Y013953; Thu, 26 Sep 2024 19:32:16 GMT Received: from smtprelay03.dal12v.mail.ibm.com ([172.16.1.5]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 41t9yn909b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:16 +0000 Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232]) by smtprelay03.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 48QJWF7e39911856 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Sep 2024 19:32:16 GMT Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9E27158059; Thu, 26 Sep 2024 19:32:15 +0000 (GMT) Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2E68B58053; Thu, 26 Sep 2024 19:32:15 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Sep 2024 19:32:15 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=bYmfbgLB+JSkU zdSJyj9yI96x70ribGi5YxOozn3u/0=; b=tD/blj1ZutnVepLOFV/bFxD1kVc40 /9sbyrX1vyEO9Wne+T30PtKZuZfdRbD4m/Lc9YcM2AflWt5TWeOAoHlbL7RaHyTX g/L6vBs7ziMXwXgX/vzf58paBunDroulSRXKahVQ1Qilkukm7Ud/IlVs3/iVMkAN 6YNhnWp/PgY/Jx6nro/W8MU25Qhvh4lM43XzrnzUFcMN2LMqcbXAQlKO30NQxKyM Dk5Br856W8rMnY7WpASbWY3rw6gP4RyniITPnP3xm5DeFhRqNtlYevWfbAp+qG4Q MG6iP5834lw+T5om02aX3+kKkcFCuraDUGsIebZ4/jQ0IeV2T65h0Osrw== From: Stefan Berger To: devel@lists.libvirt.org Subject: [RFC PATCH v2 6/8] conf: Add support for profile parameter on TPM emulator in domain XML Date: Thu, 26 Sep 2024 15:32:06 -0400 Message-ID: <20240926193208.8192-7-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20240926193208.8192-1-stefanb@linux.ibm.com> References: <20240926193208.8192-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: O92McoNmP4hnOf6oN4TrW6pbzbC023ez X-Proofpoint-GUID: m1J83hqL3NE2YEbmfsMKmB-TQGPaog3u X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-26_04,2024-09-26_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 priorityscore=1501 phishscore=0 clxscore=1015 spamscore=0 mlxscore=0 adultscore=0 impostorscore=0 bulkscore=0 malwarescore=0 suspectscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2408220000 definitions=main-2409260135 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: HUAUUYSLTIVEC353LGZJW2SKSPMKSUU6 X-Message-ID-Hash: HUAUUYSLTIVEC353LGZJW2SKSPMKSUU6 X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1727379341450116600 Content-Type: text/plain; charset="utf-8" Extend the parser and XML builder with support for the profile parameter and its remove_disabled attribute. Signed-off-by: Stefan Berger --- src/conf/domain_conf.c | 36 ++++++++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 2 ++ src/conf/domain_validate.c | 7 +++++++ 3 files changed, 45 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 1c8fffdfa5..23bdfb51ca 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3471,6 +3471,7 @@ void virDomainTPMDefFree(virDomainTPMDef *def) g_free(def->data.emulator.storagepath); g_free(def->data.emulator.logfile); virBitmapFree(def->data.emulator.activePcrBanks); + g_free(def->data.emulator.profile_name); break; case VIR_DOMAIN_TPM_TYPE_EXTERNAL: virObjectUnref(def->data.external.source); @@ -10779,6 +10780,15 @@ virDomainSmartcardDefParseXML(virDomainXMLOption *= xmlopt, * * * + * + * A profile for a TPM 2.0 can be added like this: + * + * + * + * + * + * + * */ static virDomainTPMDef * virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, @@ -10797,6 +10807,8 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, g_autofree xmlNodePtr *backends =3D NULL; g_autofree xmlNodePtr *nodes =3D NULL; g_autofree char *type =3D NULL; + virDomainTPMProfileRemoveDisabled profile_remove_disabled; + xmlNodePtr profile; int bank; =20 if (!(def =3D virDomainTPMDefNew(xmlopt))) @@ -10887,6 +10899,22 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, } virBitmapSetBitExpand(def->data.emulator.activePcrBanks, bank); } + + if ((profile =3D virXPathNode("./backend/profile[1]", ctxt))) { + def->data.emulator.profile_name =3D virXMLPropString(profile, = "name"); + if (!def->data.emulator.profile_name) { + virReportError(VIR_ERR_XML_ERROR, "%s", _("missing profile= name")); + goto error; + } + if (virXMLPropEnum(profile, "remove_disabled", + virDomainTPMProfileRemoveDisabledTypeFromSt= ring, + VIR_XML_PROP_NONZERO, + &profile_remove_disabled) < 0) + goto error; + if (profile_remove_disabled !=3D VIR_DOMAIN_TPM_PROFILE_REMOVE= _DISABLED_NONE) + def->data.emulator.profile_remove_disabled =3D + virDomainTPMProfileRemoveDisabledTypeToString(profile_= remove_disabled); + } break; case VIR_DOMAIN_TPM_TYPE_EXTERNAL: if (!(type =3D virXPathString("string(./backend/source/@type)", ct= xt))) { @@ -25077,6 +25105,14 @@ virDomainTPMDefFormat(virBuffer *buf, =20 virXMLFormatElement(&backendChildBuf, "active_pcr_banks", NULL= , &activePcrBanksBuf); } + if (def->data.emulator.profile_name) { + virBufferAsprintf(&backendChildBuf, "data.emulator.profile_name); + if (def->data.emulator.profile_remove_disabled) + virBufferAsprintf(&backendChildBuf, " remove_disabled=3D'%s= '", + def->data.emulator.profile_remove_disable= d); + virBufferAddLit(&backendChildBuf, "/>\n"); + } break; case VIR_DOMAIN_TPM_TYPE_EXTERNAL: if (def->data.external.source->type =3D=3D VIR_DOMAIN_CHR_TYPE_UNI= X) { diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index ec821ea6fc..6b08665bb7 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1483,6 +1483,8 @@ struct _virDomainTPMEmulatorDef { bool hassecretuuid; bool persistent_state; virBitmap *activePcrBanks; + char *profile_name; + const char *profile_remove_disabled; }; =20 struct _virDomainTPMDef { diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index eddb4a5e74..4dc2b468f0 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -3025,6 +3025,13 @@ virDomainTPMDevValidate(const virDomainTPMDef *tpm) virDomainTPMVersionTypeToString(VIR_DOMAIN_TPM_= VERSION_2_0)); return -1; } + if (tpm->data.emulator.profile_name && + tpm->data.emulator.version !=3D VIR_DOMAIN_TPM_VERSION_2_0) { + virReportError(VIR_ERR_XML_ERROR, + _(" requires TPM version '%1$s'"), + virDomainTPMVersionTypeToString(VIR_DOMAIN_TPM_= VERSION_2_0)); + return -1; + } break; =20 case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: --=20 2.46.1 From nobody Sun Dec 22 06:13:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1727379283789834.0027736552142; Thu, 26 Sep 2024 12:34:43 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id B89801352; Thu, 26 Sep 2024 15:34:42 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 35FB71356; Thu, 26 Sep 2024 15:32:29 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 5428712E1; Thu, 26 Sep 2024 15:32:19 -0400 (EDT) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id BC4FF1270 for ; Thu, 26 Sep 2024 15:32:18 -0400 (EDT) Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48QGxfnu016237 for ; Thu, 26 Sep 2024 19:32:18 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41snt1qquv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 26 Sep 2024 19:32:18 +0000 (GMT) Received: from m0360072.ppops.net (m0360072.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 48QJWHLn015126 for ; Thu, 26 Sep 2024 19:32:17 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41snt1qqut-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:17 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 48QGDNh4020823; Thu, 26 Sep 2024 19:32:16 GMT Received: from smtprelay04.dal12v.mail.ibm.com ([172.16.1.6]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 41tb63gncg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:16 +0000 Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232]) by smtprelay04.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 48QJWGPE42926410 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Sep 2024 19:32:16 GMT Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3C43458059; Thu, 26 Sep 2024 19:32:16 +0000 (GMT) Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C0D7058053; Thu, 26 Sep 2024 19:32:15 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Sep 2024 19:32:15 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=p8+j5FBzcfGIT OkBjaH6qz+tzLDCo7bQnvKeq3ctS4o=; b=iEB5LMKaL50e0zJBdMTIN+VqPtJC9 sI4oC+KAO+hIpcrQsRCqHoiN8e0vbi0TcsSNSFLx2xNqfqv0lV9FQP6T5q83bHVj KlQCuMm58O+fu+/x9JLIZFjRHlPqJEfJlWIhv+05miIsfOzMj3bJTYsEn3fZdICK DYvZ4CyWdLY921bLO6dF9djJxvDxJBeeR2F5Npf6qJ4t8nyJdixeRUOy/CalB9bS pRQpttnXZwL3cVF+uA78/SWamiI20LlUj80p2N9objHRE1+2ALj0+o9s/BNtk/HU OrKEmf235IemlNTvYbG3/74PqYt6Wo8zpG+m2gb0OISeNmVczN4mz0Ytg== From: Stefan Berger To: devel@lists.libvirt.org Subject: [RFC PATCH v2 7/8] docs: Add documentation for the TPM backend profile node Date: Thu, 26 Sep 2024 15:32:07 -0400 Message-ID: <20240926193208.8192-8-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20240926193208.8192-1-stefanb@linux.ibm.com> References: <20240926193208.8192-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: -jSUWzw0cGaI64I1UBnRAClTomntDTsr X-Proofpoint-GUID: 2JxuHuqPaZsVzRhzbilrrbal5WAYOqr3 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-26_04,2024-09-26_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 mlxlogscore=697 priorityscore=1501 suspectscore=0 mlxscore=0 clxscore=1015 impostorscore=0 malwarescore=0 bulkscore=0 spamscore=0 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2408220000 definitions=main-2409260135 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 3P5MYTQL7NBZOFWCKIEUSMZ5IEEO7S5C X-Message-ID-Hash: 3P5MYTQL7NBZOFWCKIEUSMZ5IEEO7S5C X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1727379285265116600 Content-Type: text/plain; charset="utf-8" Add documentation for the TPM backend profile node and point the reader to further documentation about TPM profiles available in the swtpm and TPMLIB_SetProfile man pages. Signed-off-by: Stefan Berger --- docs/formatdomain.rst | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 4336cff3ac..fe6230f39b 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -8119,6 +8119,7 @@ Example: usage of the TPM Emulator + @@ -8191,6 +8192,35 @@ Example: usage of the TPM Emulator and may not have any effect otherwise. The selection of PCR banks only = works with the ``emulator`` backend. :since:`Since 7.10.0` =20 +``profile`` + The ``profile`` node is used to set a profile for a TPM 2.0. This profi= le + will be set when the TPM is initially created and after that cannot be + changed anymore. If no profile is provided, then swtpm will use the lat= est + built-in 'default' profile or the default profile set in swtpm_setup.co= nf. + Otherwise swtpm_setup will search for a profile with the given name with + appended .json suffix in a configurable local and then in a distro + directory. If none could be found in either, it will fall back trying to + use a built-in one. + + The built-in 'null' profile provides backwards compatibility with + libtpms v0.9 but also restricts the user to use only TPM features that = were + available at the time of libtpms v0.9. The built-in 'custom' profile is= the + only profile that a user can modify and where the ``remove_disabled`` + attribute has any effect. This attribute is particularly useful when a = host + is running in FIPS mode and therefore some crypto algorithms (camellia, + tdes, unpadded RSA encryption, 1024-bit RSA keys, and others) are + disabled. When it is set to ``check`` (recommended) then only those + algorithms that are currently disabled will automatically be removed fr= om + the 'custom' profile, while when it is set to ``fips-host`` then all + potentially disabled algorithms will be removed. :since:`Since 10.??.0` + + TPM profiles provided by a distro can be referenced with the 'distro' + attribute. Locally created TPM profiles can be referenced with the + 'local' attribute. + + For further information about TPM profiles see the man pages for ``swtp= m`` + (swtpm v0.10) and libtpms's ``TPMLIB_SetProfile`` (libtpms v0.10). + ``encryption`` The ``encryption`` element allows the state of a TPM emulator to be encrypted. The ``secret`` must reference a secret object that holds the --=20 2.46.1 From nobody Sun Dec 22 06:13:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1727379319977689.7488737383864; Thu, 26 Sep 2024 12:35:19 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 94EB812F9; Thu, 26 Sep 2024 15:35:18 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 26C101438; Thu, 26 Sep 2024 15:32:34 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id E165513EE; Thu, 26 Sep 2024 15:32:26 -0400 (EDT) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 6496B12E3 for ; Thu, 26 Sep 2024 15:32:19 -0400 (EDT) Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 48QF8LQt018841 for ; Thu, 26 Sep 2024 19:32:19 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41skjs04hq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 26 Sep 2024 19:32:18 +0000 (GMT) Received: from m0356516.ppops.net (m0356516.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 48QJWIUk000355 for ; Thu, 26 Sep 2024 19:32:18 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 41skjs04hn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:18 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 48QI8IBs000668; Thu, 26 Sep 2024 19:32:17 GMT Received: from smtprelay04.dal12v.mail.ibm.com ([172.16.1.6]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 41t8fv16wb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2024 19:32:17 +0000 Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232]) by smtprelay04.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 48QJWG1T44040630 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Sep 2024 19:32:17 GMT Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D044D58059; Thu, 26 Sep 2024 19:32:16 +0000 (GMT) Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5F2B458053; Thu, 26 Sep 2024 19:32:16 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 26 Sep 2024 19:32:16 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=pp1; bh=eQwcgBf69BGmr vZ28/G+ezYoHRBE/nfqY1set3PiP2k=; b=hXXKKGh3uLTYoerlfOrEX66qoAdcv ItaL/DAk6V/lMURg+6HFb5/0rxzElEL5uP+c9s1tuC0q84PJ4H9hkJEqDBGiGThk p/pDsUFxzKxatD+BsAjGIcQQnJeIXF1ZNFVCq1VL1mQX3xGpAJi0hIXgSYrxI2Tb erp+S3wTmN87JtUiSphd/ouMmBHrg1rj5C+SXMtIBYxKnD8wyodKT0XOQQe0DlYN qedZyuACoOa9mrNNqcQPC4NS+GxjqFijUVm9G1i07ILiIQtVNGNYU23r9mBdNPlF jNVk+t6bH/haixLLjvgTi47Afa92GcGZEozmBmuq43BLtDhTaMUXa0Rsw== From: Stefan Berger To: devel@lists.libvirt.org Subject: [RFC PATCH v2 8/8] qemu: Extend swtpm_setup command line to set a profile by its name Date: Thu, 26 Sep 2024 15:32:08 -0400 Message-ID: <20240926193208.8192-9-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.46.1 In-Reply-To: <20240926193208.8192-1-stefanb@linux.ibm.com> References: <20240926193208.8192-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: Cp8sU1SKVk1eiiewCOnLyGvgpnWWN0NW X-Proofpoint-ORIG-GUID: vP_r3VCNZvtmpWNCdwNxOFhUqcxA3cDl X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-26_04,2024-09-26_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 priorityscore=1501 spamscore=0 adultscore=0 lowpriorityscore=0 impostorscore=0 phishscore=0 clxscore=1015 malwarescore=0 mlxlogscore=860 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2408220000 definitions=main-2409260135 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: NGOY7D4DMDQP2OFN2MGHBCVBND44EKUU X-Message-ID-Hash: NGOY7D4DMDQP2OFN2MGHBCVBND44EKUU X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1727379321334116600 Content-Type: text/plain; charset="utf-8" Runs swtpm_setup with the --profile-name option if the user provided the name of a profile. swtpm_setup will try to load the profile from directories with local profiles and distro profiles and if no profile by this name with appended '.json' suffix could be found there, it will fall back to try to use an internal profile with the given name. Also set the --profile-remove-disabled option if the user provided a value in the remove_disabled attribute in the profile XML node. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- src/qemu/qemu_tpm.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index e8e7e8b5c1..48446cd631 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -340,6 +340,40 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd, } =20 =20 +/* + * Add a (optional) profile to the swtpm_setup command line. + * + * @cmd: virCommand to add options to + * @emulator: emulator parameters + * + * Returns 0 on success, -1 on failure. + */ +static int +qemuTPMVirCommandAddProfile(virCommand *cmd, + const virDomainTPMEmulatorDef *emulator) +{ + if (!emulator->profile_name) + return 0; + + if (!virTPMSwtpmSetupCapsGet( + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE)) { + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s", + _("swtpm_setup has no support for profiles")); + return -1; + } + + virCommandAddArgList(cmd, + "--profile-name", emulator->profile_name, + NULL); + + if (emulator->profile_remove_disabled) + virCommandAddArgList(cmd, + "--profile-remove-disable", + emulator->profile_remove_disabled, + NULL); + return 0; +} + /* * qemuTPMEmulatorRunSetup * @@ -416,6 +450,8 @@ qemuTPMEmulatorRunSetup(const char *storagepath, "--lock-nvram", "--not-overwrite", NULL); + if (qemuTPMVirCommandAddProfile(cmd, emulator) < 0) + return -1; } else { virCommandAddArgList(cmd, "--tpm-state", storagepath, --=20 2.46.1