From nobody Mon Dec 15 14:46:10 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 172928314209280.86929917710756; Fri, 18 Oct 2024 13:25:42 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 110B115BB; Fri, 18 Oct 2024 16:25:41 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 529CB161C; Fri, 18 Oct 2024 16:24:31 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 9562F146B; Fri, 18 Oct 2024 16:24:23 -0400 (EDT) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id AD7CB144C for ; Fri, 18 Oct 2024 16:24:22 -0400 (EDT) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49IBYplX013958; Fri, 18 Oct 2024 20:24:21 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42aqk2utqj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:21 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 49II4Mc8002452; Fri, 18 Oct 2024 20:24:20 GMT Received: from smtprelay05.wdc07v.mail.ibm.com ([172.16.1.72]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4284en6mbd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:20 +0000 Received: from smtpav04.dal12v.mail.ibm.com (smtpav04.dal12v.mail.ibm.com [10.241.53.103]) by smtprelay05.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 49IKOJ3W53281126 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Oct 2024 20:24:19 GMT Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 729E058056; Fri, 18 Oct 2024 20:24:19 +0000 (GMT) Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 28ADB58052; Fri, 18 Oct 2024 20:24:19 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav04.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 18 Oct 2024 20:24:19 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pp1; bh=XqAVhc AcU7BOMV6HTXVuUHX2VCtFFbQNAhtk73uXXcg=; b=ap5pOQeMwYLvL624KGR0EY 0ElmlnodV5HWd0J5X6LrumjQ2QlQVG6w6MA/SgvfoS+iJZUe8s1pq+Yi8L/EXrUG /GI8Fr0R+inUy3mse+ti3aQED7joYqUDCIXLYlnPU7R9LrsLbIzll7XyzOaNnu2E 7CF1DWd4BlHLXJedIhHJhQHAhL2kPhUEaOC1XOeJhk5fxY5+h+OpNGtq6+ehnlvY BoxhdQmFq5v/23mnukE9YvZdpKgcQhCpXWdiWCIQBqQ9/VUh6ZV2IhxTyO+iaB9V ucOGJ6s002yLFXdz6Lk4wKk5zJ9BFsmqDj2QhEc+KcTPdqhX7h/nbYvFRRvT1ZHg == From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v3 01/10] conf: Move TPM emulator parameters into own struct Date: Fri, 18 Oct 2024 16:24:05 -0400 Message-ID: <20241018202414.2430136-2-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241018202414.2430136-1-stefanb@linux.ibm.com> References: <20241018202414.2430136-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: NWAKuUvp45FqRffg2nLVlkEv3vDKiLOT X-Proofpoint-ORIG-GUID: NWAKuUvp45FqRffg2nLVlkEv3vDKiLOT X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 mlxscore=0 spamscore=0 priorityscore=1501 phishscore=0 clxscore=1015 mlxlogscore=999 impostorscore=0 bulkscore=0 malwarescore=0 lowpriorityscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2410180130 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: FBB6DRZFG23XLYJHTDFRDBWF3HK2QPX7 X-Message-ID-Hash: FBB6DRZFG23XLYJHTDFRDBWF3HK2QPX7 X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1729283142858116600 Content-Type: text/plain; charset="utf-8" To avoid passing TPM emulator parameters around individually, move them into a structure and pass around the structure. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Stefan Berger --- v3: - Made virDomainTPMEmulatorDef first parameter to functions - Applied Marc-Andr=C3=A9's R-b --- src/conf/domain_conf.h | 24 +++++++++-------- src/conf/virconftypes.h | 2 ++ src/qemu/qemu_tpm.c | 58 ++++++++++++++--------------------------- 3 files changed, 35 insertions(+), 49 deletions(-) diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index a15af4fae3..e5aee3c2cf 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1465,6 +1465,18 @@ typedef enum { =20 #define VIR_DOMAIN_TPM_DEFAULT_DEVICE "/dev/tpm0" =20 +struct _virDomainTPMEmulatorDef { + virDomainTPMVersion version; + virDomainChrSourceDef *source; + char *storagepath; + char *logfile; + unsigned int debug; + unsigned char secretuuid[VIR_UUID_BUFLEN]; + bool hassecretuuid; + bool persistent_state; + virBitmap *activePcrBanks; +}; + struct _virDomainTPMDef { virObject *privateData; =20 @@ -1475,17 +1487,7 @@ struct _virDomainTPMDef { struct { virDomainChrSourceDef *source; } passthrough; - struct { - virDomainTPMVersion version; - virDomainChrSourceDef *source; - char *storagepath; - char *logfile; - unsigned int debug; - unsigned char secretuuid[VIR_UUID_BUFLEN]; - bool hassecretuuid; - bool persistent_state; - virBitmap *activePcrBanks; - } emulator; + virDomainTPMEmulatorDef emulator; struct { virDomainChrSourceDef *source; } external; diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index f18ebcca10..59be61cea4 100644 --- a/src/conf/virconftypes.h +++ b/src/conf/virconftypes.h @@ -234,6 +234,8 @@ typedef struct _virDomainAudioDef virDomainAudioDef; =20 typedef struct _virDomainTPMDef virDomainTPMDef; =20 +typedef struct _virDomainTPMEmulatorDef virDomainTPMEmulatorDef; + typedef struct _virDomainThreadSchedParam virDomainThreadSchedParam; =20 typedef struct _virDomainTimerCatchupDef virDomainTimerCatchupDef; diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 749e4232b9..0a5643b42b 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -343,31 +343,26 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd, /* * qemuTPMEmulatorRunSetup * - * @storagepath: path to the directory for TPM state + * @emulator: emulator parameters * @vmname: the name of the VM * @vmuuid: the UUID of the VM * @privileged: whether we are running in privileged mode * @swtpm_user: The userid to switch to when setting up the TPM; * typically this should be the uid of 'tss' or 'root' * @swtpm_group: The group id to switch to - * @logfile: The file to write the log into; it must be writable - * for the user given by userid or 'tss' - * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2 - * @encryption: pointer to virStorageEncryption holding secret + * @secretuuid: UUID describing virStorageEncryption holding secret * @incomingMigration: whether we have an incoming migration * * Setup the external swtpm by creating endorsement key and * certificates for it. */ static int -qemuTPMEmulatorRunSetup(const char *storagepath, +qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *emulator, const char *vmname, const unsigned char *vmuuid, bool privileged, uid_t swtpm_user, gid_t swtpm_group, - const char *logfile, - const virDomainTPMVersion tpmversion, const unsigned char *secretuuid, bool incomingMigration) { @@ -380,9 +375,9 @@ qemuTPMEmulatorRunSetup(const char *storagepath, if (!swtpm_setup) return -1; =20 - if (!privileged && tpmversion =3D=3D VIR_DOMAIN_TPM_VERSION_1_2 && + if (!privileged && emulator->version =3D=3D VIR_DOMAIN_TPM_VERSION_1_2= && !virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEE= D_ROOT)) { - return virFileWriteStr(logfile, + return virFileWriteStr(emulator->logfile, _("Did not create EK and certificates since= this requires privileged mode for a TPM 1.2\n"), 0600); } =20 @@ -397,7 +392,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath, virCommandSetUID(cmd, swtpm_user); virCommandSetGID(cmd, swtpm_group); =20 - switch (tpmversion) { + switch (emulator->version) { case VIR_DOMAIN_TPM_VERSION_1_2: break; case VIR_DOMAIN_TPM_VERSION_2_0: @@ -413,9 +408,9 @@ qemuTPMEmulatorRunSetup(const char *storagepath, =20 if (!incomingMigration) { virCommandAddArgList(cmd, - "--tpm-state", storagepath, + "--tpm-state", emulator->storagepath, "--vmid", vmid, - "--logfile", logfile, + "--logfile", emulator->logfile, "--createek", "--create-ek-cert", "--create-platform-cert", @@ -424,8 +419,8 @@ qemuTPMEmulatorRunSetup(const char *storagepath, NULL); } else { virCommandAddArgList(cmd, - "--tpm-state", storagepath, - "--logfile", logfile, + "--tpm-state", emulator->storagepath, + "--logfile", emulator->logfile, "--overwrite", NULL); } @@ -435,7 +430,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath, if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus !=3D 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Could not run '%1$s'. exitstatus: %2$d; Check er= ror log '%3$s' for details."), - swtpm_setup, exitstatus, logfile); + swtpm_setup, exitstatus, emulator->logfile); return -1; } =20 @@ -464,26 +459,18 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks) /* * qemuTPMEmulatorReconfigure * - * - * @storagepath: path to the directory for TPM state + * @emulator: emulator parameters * @swtpm_user: The userid to switch to when setting up the TPM; * typically this should be the uid of 'tss' or 'root' * @swtpm_group: The group id to switch to - * @activePcrBanks: The string describing the active PCR banks - * @logfile: The file to write the log into; it must be writable - * for the user given by userid or 'tss' - * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2 * @secretuuid: The secret's UUID needed for state encryption * * Reconfigure the active PCR banks of a TPM 2. */ static int -qemuTPMEmulatorReconfigure(const char *storagepath, +qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDef *emulator, uid_t swtpm_user, gid_t swtpm_group, - virBitmap *activePcrBanks, - const char *logfile, - const virDomainTPMVersion tpmversion, const unsigned char *secretuuid) { g_autoptr(virCommand) cmd =3D NULL; @@ -494,8 +481,8 @@ qemuTPMEmulatorReconfigure(const char *storagepath, if (!swtpm_setup) return -1; =20 - if (tpmversion !=3D VIR_DOMAIN_TPM_VERSION_2_0 || - (activePcrBanksStr =3D qemuTPMPcrBankBitmapToStr(activePcrBanks)) = =3D=3D NULL || + if (emulator->version !=3D VIR_DOMAIN_TPM_VERSION_2_0 || + (activePcrBanksStr =3D qemuTPMPcrBankBitmapToStr(emulator->activeP= crBanks)) =3D=3D NULL || !virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONF= IGURE_PCR_BANKS)) return 0; =20 @@ -510,8 +497,8 @@ qemuTPMEmulatorReconfigure(const char *storagepath, return -1; =20 virCommandAddArgList(cmd, - "--tpm-state", storagepath, - "--logfile", logfile, + "--tpm-state", emulator->storagepath, + "--logfile", emulator->logfile, "--pcr-banks", activePcrBanksStr, "--reconfigure", NULL); @@ -521,7 +508,7 @@ qemuTPMEmulatorReconfigure(const char *storagepath, if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus !=3D 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Could not run '%1$s --reconfigure'. exitstatus: = %2$d; Check error log '%3$s' for details."), - swtpm_setup, exitstatus, logfile); + swtpm_setup, exitstatus, emulator->logfile); return -1; } =20 @@ -582,19 +569,14 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, secretuuid =3D tpm->data.emulator.secretuuid; =20 if (created && - qemuTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vm= uuid, + qemuTPMEmulatorRunSetup(&tpm->data.emulator, vmname, vmuuid, privileged, swtpm_user, swtpm_group, - tpm->data.emulator.logfile, - tpm->data.emulator.version, secretuuid, incomingMigration) < 0) goto error; =20 if (!incomingMigration && - qemuTPMEmulatorReconfigure(tpm->data.emulator.storagepath, + qemuTPMEmulatorReconfigure(&tpm->data.emulator, swtpm_user, swtpm_group, - tpm->data.emulator.activePcrBanks, - tpm->data.emulator.logfile, - tpm->data.emulator.version, secretuuid) < 0) goto error; =20 --=20 2.47.0 From nobody Mon Dec 15 14:46:10 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1729283168486119.45820585261629; Fri, 18 Oct 2024 13:26:08 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 640F0B31; Fri, 18 Oct 2024 16:26:07 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 2159E14CA; Fri, 18 Oct 2024 16:24:33 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id B47D3144C; Fri, 18 Oct 2024 16:24:23 -0400 (EDT) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id E19551451 for ; Fri, 18 Oct 2024 16:24:22 -0400 (EDT) Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49IGkXu5025103; Fri, 18 Oct 2024 20:24:22 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42asbdbeu2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:21 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 49IH5vxV027467; Fri, 18 Oct 2024 20:24:20 GMT Received: from smtprelay05.wdc07v.mail.ibm.com ([172.16.1.72]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4283ty6q35-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:20 +0000 Received: from smtpav04.dal12v.mail.ibm.com (smtpav04.dal12v.mail.ibm.com [10.241.53.103]) by smtprelay05.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 49IKOJgx53281128 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Oct 2024 20:24:20 GMT Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CF7BF5805A; Fri, 18 Oct 2024 20:24:19 +0000 (GMT) Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8846458052; Fri, 18 Oct 2024 20:24:19 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav04.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 18 Oct 2024 20:24:19 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pp1; bh=3ecBuH cwL7KibEBD4HA7Kb1Y1INsLpiUN07SeKem3Yo=; b=BxK5+/Fy7YlfsCgOzb4Xjl haAyufpoGJ4Ybtumml4M4hj2/jKzd3MVdaaMNmjepL3qfLao4lIARxazJSaatW1B /mpu4QNnReIl00bIbp9E1SJBkY3tg4PNFbTusoveMMomoiFPhy/mTMbpJW5jnJjl u9+isnl0KLSm//zhDQ8mHpR6Lnfpx2pMdrWT+FYdRT10yTdvhbUbipdt60JeebVJ 5jNCigEU2RoBoIpEGVohXs6Xg1Sq1Zo67CS3+Fm58mFhYIkC4MToSHi+DbjCPGxO /fEAKsLJO3eYPsaZYfWaJeGhK6iEOaBkaMEYUkudufREW0EJHn2n538aIAgELZYQ == From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v3 02/10] qemu: Pass virQEMUDriverConfig rather than some of its fields Date: Fri, 18 Oct 2024 16:24:06 -0400 Message-ID: <20241018202414.2430136-3-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241018202414.2430136-1-stefanb@linux.ibm.com> References: <20241018202414.2430136-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: c5-RtOqouhY5Ecq3bh9SVCaC-jgZGzXz X-Proofpoint-GUID: c5-RtOqouhY5Ecq3bh9SVCaC-jgZGzXz X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 suspectscore=0 malwarescore=0 spamscore=0 lowpriorityscore=0 phishscore=0 mlxscore=0 clxscore=1015 adultscore=0 priorityscore=1501 mlxlogscore=999 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2410180130 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: N73KJOPLBWO6PVLSS2IL4VPZ5UYC7ZIF X-Message-ID-Hash: N73KJOPLBWO6PVLSS2IL4VPZ5UYC7ZIF X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1729283168721116600 Content-Type: text/plain; charset="utf-8" Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Stefan Berger --- v3: - Adjustments due to rebase - Applied Marc-Andr=C3=A9's R-b --- src/qemu/qemu_tpm.c | 52 +++++++++++++++++---------------------------- 1 file changed, 20 insertions(+), 32 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 0a5643b42b..506743c268 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -347,9 +347,7 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd, * @vmname: the name of the VM * @vmuuid: the UUID of the VM * @privileged: whether we are running in privileged mode - * @swtpm_user: The userid to switch to when setting up the TPM; - * typically this should be the uid of 'tss' or 'root' - * @swtpm_group: The group id to switch to + * @cfg: virQEMUDriverConfig * @secretuuid: UUID describing virStorageEncryption holding secret * @incomingMigration: whether we have an incoming migration * @@ -361,8 +359,7 @@ qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *= emulator, const char *vmname, const unsigned char *vmuuid, bool privileged, - uid_t swtpm_user, - gid_t swtpm_group, + const virQEMUDriverConfig *cfg, const unsigned char *secretuuid, bool incomingMigration) { @@ -389,8 +386,8 @@ qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *= emulator, virUUIDFormat(vmuuid, uuid); vmid =3D g_strdup_printf("%s:%s", vmname, uuid); =20 - virCommandSetUID(cmd, swtpm_user); - virCommandSetGID(cmd, swtpm_group); + virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or '= root' */ + virCommandSetGID(cmd, cfg->swtpm_group); =20 switch (emulator->version) { case VIR_DOMAIN_TPM_VERSION_1_2: @@ -460,17 +457,14 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks) * qemuTPMEmulatorReconfigure * * @emulator: emulator parameters - * @swtpm_user: The userid to switch to when setting up the TPM; - * typically this should be the uid of 'tss' or 'root' - * @swtpm_group: The group id to switch to + * @cfg: virQEMUDriverConfig * @secretuuid: The secret's UUID needed for state encryption * * Reconfigure the active PCR banks of a TPM 2. */ static int qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDef *emulator, - uid_t swtpm_user, - gid_t swtpm_group, + const virQEMUDriverConfig *cfg, const unsigned char *secretuuid) { g_autoptr(virCommand) cmd =3D NULL; @@ -488,8 +482,8 @@ qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDe= f *emulator, =20 cmd =3D virCommandNew(swtpm_setup); =20 - virCommandSetUID(cmd, swtpm_user); - virCommandSetGID(cmd, swtpm_group); + virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or '= root' */ + virCommandSetGID(cmd, cfg->swtpm_group); =20 virCommandAddArgList(cmd, "--tpm2", NULL); =20 @@ -523,9 +517,7 @@ qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDe= f *emulator, * @vmname: The name of the VM * @vmuuid: The UUID of the VM * @privileged: whether we are running in privileged mode - * @swtpm_user: The uid for the swtpm to run as (drop privileges to from r= oot) - * @swtpm_group: The gid for the swtpm to run as - * @sharedFilesystems: list of filesystem to consider shared + * @cfg: virQEMUDriverConfig * @incomingMigration: whether we have an incoming migration * * Create the virCommand use for starting the emulator @@ -537,9 +529,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, const char *vmname, const unsigned char *vmuuid, bool privileged, - uid_t swtpm_user, - gid_t swtpm_group, - char *const *sharedFilesystems, + const virQEMUDriverConfig *cfg, bool incomingMigration) { g_autoptr(virCommand) cmd =3D NULL; @@ -557,12 +547,14 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, /* Do not create storage and run swtpm_setup on incoming migration over * shared storage */ - on_shared_storage =3D virFileIsSharedFS(tpm->data.emulator.storagepath= , sharedFilesystems) =3D=3D 1; + on_shared_storage =3D virFileIsSharedFS(tpm->data.emulator.storagepath, + cfg->sharedFilesystems) =3D=3D 1; if (incomingMigration && on_shared_storage) create_storage =3D false; =20 if (create_storage && - qemuTPMEmulatorCreateStorage(tpm, &created, swtpm_user, swtpm_grou= p) < 0) + qemuTPMEmulatorCreateStorage(tpm, &created, + cfg->swtpm_user, cfg->swtpm_group) < = 0) return NULL; =20 if (tpm->data.emulator.hassecretuuid) @@ -570,14 +562,12 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, =20 if (created && qemuTPMEmulatorRunSetup(&tpm->data.emulator, vmname, vmuuid, - privileged, swtpm_user, swtpm_group, - secretuuid, incomingMigration) < 0) + privileged, cfg, secretuuid, + incomingMigration) < 0) goto error; =20 if (!incomingMigration && - qemuTPMEmulatorReconfigure(&tpm->data.emulator, - swtpm_user, swtpm_group, - secretuuid) < 0) + qemuTPMEmulatorReconfigure(&tpm->data.emulator, cfg, secretuuid) <= 0) goto error; =20 unlink(tpm->data.emulator.source->data.nix.path); @@ -603,8 +593,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, =20 virCommandAddArg(cmd, "--terminate"); =20 - virCommandSetUID(cmd, swtpm_user); - virCommandSetGID(cmd, swtpm_group); + virCommandSetUID(cmd, cfg->swtpm_user); + virCommandSetGID(cmd, cfg->swtpm_group); =20 switch (tpm->data.emulator.version) { case VIR_DOMAIN_TPM_VERSION_1_2: @@ -925,9 +915,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, =20 if (!(cmd =3D qemuTPMEmulatorBuildCommand(tpm, vm->def->name, vm->def-= >uuid, driver->privileged, - cfg->swtpm_user, - cfg->swtpm_group, - cfg->sharedFilesystems, + cfg, incomingMigration))) return -1; =20 --=20 2.47.0 From nobody Mon Dec 15 14:46:10 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1729283194488313.48613467074165; Fri, 18 Oct 2024 13:26:34 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 6661F159C; Fri, 18 Oct 2024 16:26:33 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id BF5011665; Fri, 18 Oct 2024 16:24:36 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id D2BA3144C; Fri, 18 Oct 2024 16:24:23 -0400 (EDT) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 4A2D5145E for ; Fri, 18 Oct 2024 16:24:23 -0400 (EDT) Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49IHEbRh012581; Fri, 18 Oct 2024 20:24:22 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42bhnfcftt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:22 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 49IIdxLc005374; Fri, 18 Oct 2024 20:24:21 GMT Received: from smtprelay06.wdc07v.mail.ibm.com ([172.16.1.73]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4285njpb26-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:21 +0000 Received: from smtpav04.dal12v.mail.ibm.com (smtpav04.dal12v.mail.ibm.com [10.241.53.103]) by smtprelay06.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 49IKOKEp1114778 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Oct 2024 20:24:20 GMT Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 37F4758056; Fri, 18 Oct 2024 20:24:20 +0000 (GMT) Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E4CBD58052; Fri, 18 Oct 2024 20:24:19 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav04.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 18 Oct 2024 20:24:19 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pp1; bh=QLDlkk wW5zHGRhxYV1yp+GdvuxK0zfF+VFuGNqTlvnU=; b=h+GG1hx8VYvpfc+nSQh2at /UcBvcALbp3qA7PEzheoEgvEtJC9/1vnChnOh4BPUWsZzIqc8RIJpq7VSzH3fz41 eEnvOLywHJ9/s8Q8Fr4xvBywLYwLEBKv08U8Fj6b7DSp2QU4yfCUy7qFDn0HBL+o jiK+iyHMUlVBSeg2vMyNLgNTcMo8FGKZ5bs2gxAX/lbiVEq3xeyg5cCaVNlupfXE o2fiOdA97IH1AMQm/sNSfiBcTXSURLLrY/IgKnogEU+1RuiKTeTjEeukWDwd1D3j lR0Ta0vJyZZ9tjWjD4xuIcTuTwt2BztamNGNoLD03jR2ik3TUPxdoWW2V0p51StA == From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v3 03/10] util: Add parsing support for swtpm_setup's cmdarg-profile capability Date: Fri, 18 Oct 2024 16:24:07 -0400 Message-ID: <20241018202414.2430136-4-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241018202414.2430136-1-stefanb@linux.ibm.com> References: <20241018202414.2430136-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: Yug_bXgoAlqX3ujeaEPDRXPAWJbOPVbQ X-Proofpoint-ORIG-GUID: Yug_bXgoAlqX3ujeaEPDRXPAWJbOPVbQ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 lowpriorityscore=0 impostorscore=0 mlxlogscore=999 malwarescore=0 bulkscore=0 adultscore=0 spamscore=0 phishscore=0 clxscore=1015 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2410180130 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: GVZQ2LSEC2SSU4CUT5XL6H3XNG2RZ6WY X-Message-ID-Hash: GVZQ2LSEC2SSU4CUT5XL6H3XNG2RZ6WY X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1729283194882116600 Content-Type: text/plain; charset="utf-8" Add support for parsing swtpm_setup 'cmdarg-profile' capability (since v0.10). Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Stefan Berger --- src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + tests/testutilsqemu.c | 1 + 3 files changed, 3 insertions(+) diff --git a/src/util/virtpm.c b/src/util/virtpm.c index 81fd6166cf..d991657696 100644 --- a/src/util/virtpm.c +++ b/src/util/virtpm.c @@ -50,6 +50,7 @@ VIR_ENUM_IMPL(virTPMSwtpmSetupFeature, "cmdarg-reconfigure-pcr-banks", "tpm-1.2", "tpm-2.0", + "cmdarg-profile", ); =20 /** diff --git a/src/util/virtpm.h b/src/util/virtpm.h index fb330effa8..18c2877c03 100644 --- a/src/util/virtpm.h +++ b/src/util/virtpm.h @@ -42,6 +42,7 @@ typedef enum { VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS, VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2, VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0, + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE, =20 VIR_TPM_SWTPM_SETUP_FEATURE_LAST } virTPMSwtpmSetupFeature; diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c index 4daee432e5..abc425b9b7 100644 --- a/tests/testutilsqemu.c +++ b/tests/testutilsqemu.c @@ -71,6 +71,7 @@ virTPMSwtpmSetupCapsGet(virTPMSwtpmSetupFeature cap) case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES: case VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT: case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS: + case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE: case VIR_TPM_SWTPM_SETUP_FEATURE_LAST: break; } --=20 2.47.0 From nobody Mon Dec 15 14:46:10 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 172928321315128.736802227214298; Fri, 18 Oct 2024 13:26:53 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 2130A1451; Fri, 18 Oct 2024 16:26:52 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id AE2F3158A; Fri, 18 Oct 2024 16:24:37 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 32AF9144A; Fri, 18 Oct 2024 16:24:24 -0400 (EDT) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id A45A8144A for ; Fri, 18 Oct 2024 16:24:23 -0400 (EDT) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49IJZc7R014055; Fri, 18 Oct 2024 20:24:22 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42aqk2utqr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:22 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 49IJ2GUu005951; Fri, 18 Oct 2024 20:24:21 GMT Received: from smtprelay06.wdc07v.mail.ibm.com ([172.16.1.73]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 428651e7ut-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:21 +0000 Received: from smtpav04.dal12v.mail.ibm.com (smtpav04.dal12v.mail.ibm.com [10.241.53.103]) by smtprelay06.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 49IKOKjG10027696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Oct 2024 20:24:20 GMT Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 94EBF5805E; Fri, 18 Oct 2024 20:24:20 +0000 (GMT) Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4D4AC58062; Fri, 18 Oct 2024 20:24:20 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav04.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 18 Oct 2024 20:24:20 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pp1; bh=zIW1at bocWEoDge8kedeqo4MgU9bCp0+o9gsOYWTdq8=; b=X5pw0zdOUj9uYbQbSVokTE 9nqzJJUo/fvsj52Ir2eON+gMunJVfrjuPB09PV9gMaRiOWGA/FvMiCO1uxjIOGHL +To2Skq831xCaidACS6SHUZVtY52XB5aU6g9iawzv9/zKN9AIQx6qgVjbuHe8BO4 ki7E6Nxx0Sylr16qIt7apQjWTfiAX9/Bgj1ATJHPTWDDAowuSimd621BXJAbQp1Q Jji7TcakkqYizFGnsnEcnOnUZ6QCgOnV2yLnYmTxvdPpNnA9OFu4Y+Kaa0Gt0TA8 AsEx45/gajaj/RNFoaLgmJW4yDDRoozQIByMdIjXNicU7lA8nMoXS6R+bDuffgyw == From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v3 04/10] conf: Define enum virDomainTPMProfileRemoveDisabled Date: Fri, 18 Oct 2024 16:24:08 -0400 Message-ID: <20241018202414.2430136-5-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241018202414.2430136-1-stefanb@linux.ibm.com> References: <20241018202414.2430136-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 7PbVg1iF4RWWKhwzPOEOly3mlQ2GIoJi X-Proofpoint-ORIG-GUID: 7PbVg1iF4RWWKhwzPOEOly3mlQ2GIoJi X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 mlxscore=0 spamscore=0 priorityscore=1501 phishscore=0 clxscore=1015 mlxlogscore=952 impostorscore=0 bulkscore=0 malwarescore=0 lowpriorityscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2410180130 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: OGIOITBOTEE3GMXZ5RW22GEWK4CMLKU3 X-Message-ID-Hash: OGIOITBOTEE3GMXZ5RW22GEWK4CMLKU3 X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1729283214846116600 Content-Type: text/plain; charset="utf-8" Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Stefan Berger --- src/conf/domain_conf.c | 7 +++++++ src/conf/domain_conf.h | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 6d7dee7956..9e9b9000a8 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1330,6 +1330,13 @@ VIR_ENUM_IMPL(virDomainTPMPcrBank, "sha512", ); =20 +VIR_ENUM_IMPL(virDomainTPMProfileRemoveDisabled, + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_LAST, + "none", + "check", + "fips-host", +); + VIR_ENUM_IMPL(virDomainIOMMUModel, VIR_DOMAIN_IOMMU_MODEL_LAST, "intel", diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index e5aee3c2cf..ec821ea6fc 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1463,6 +1463,14 @@ typedef enum { VIR_DOMAIN_TPM_PCR_BANK_LAST } virDomainPcrBank; =20 +typedef enum { + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_NONE =3D 0, + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_CHECK, + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_FIPS_HOST, + + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_LAST +} virDomainTPMProfileRemoveDisabled; + #define VIR_DOMAIN_TPM_DEFAULT_DEVICE "/dev/tpm0" =20 struct _virDomainTPMEmulatorDef { @@ -4280,6 +4288,7 @@ VIR_ENUM_DECL(virDomainTPMModel); VIR_ENUM_DECL(virDomainTPMBackend); VIR_ENUM_DECL(virDomainTPMVersion); VIR_ENUM_DECL(virDomainTPMPcrBank); +VIR_ENUM_DECL(virDomainTPMProfileRemoveDisabled); VIR_ENUM_DECL(virDomainMemoryModel); VIR_ENUM_DECL(virDomainMemoryBackingModel); VIR_ENUM_DECL(virDomainMemorySource); --=20 2.47.0 From nobody Mon Dec 15 14:46:10 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1729283110464897.5455765053495; Fri, 18 Oct 2024 13:25:10 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 5BE3615C3; Fri, 18 Oct 2024 16:25:09 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 1B5A11603; Fri, 18 Oct 2024 16:24:29 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 8E488DEE; Fri, 18 Oct 2024 16:24:23 -0400 (EDT) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id D1178144A for ; Fri, 18 Oct 2024 16:24:22 -0400 (EDT) Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49IA0vOn014451; Fri, 18 Oct 2024 20:24:22 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42aqgrb12v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:22 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 49IHboi1002473; Fri, 18 Oct 2024 20:24:21 GMT Received: from smtprelay07.wdc07v.mail.ibm.com ([172.16.1.74]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4284en6mbj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:21 +0000 Received: from smtpav04.dal12v.mail.ibm.com (smtpav04.dal12v.mail.ibm.com [10.241.53.103]) by smtprelay07.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 49IKOLRt19923526 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Oct 2024 20:24:21 GMT Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F13B75805A; Fri, 18 Oct 2024 20:24:20 +0000 (GMT) Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AA4FB58056; Fri, 18 Oct 2024 20:24:20 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav04.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 18 Oct 2024 20:24:20 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=/83lJhh70cCEiGpbz 3NUSyKgVlHqAMj3XTwJWQsudoY=; b=LsRamodorAFp6T9q3tCrk1CyHXSxv9oUP yl9BARzExAqKEdPGKLLLQy2EYuZizoVGG45qWtnu1VLeLF7NSRE4L7llNoe7j70q dVOYEPOVcddUUIdMV8bDZTOAT1LxgX5B3EFJMX1/Oxp+fDf9AQRpeYNMnAnM7DC/ nk44uvXX21TIyfpyjAY2tydc9BZrtNmaLgyKQ+MKNemIRPFZQHWFdQ5vAx7loB4a yrI1KSeSudyXwfErzLbtgf7pSFQo9gQPU4C66yO7IZGP3/PdhVBkKm2hFZxQKWgq ATNggfzBzvW/nqk/Trae3oCegzCyyIQ6DRexKK7TjEZ8qlciX/jXQ== From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v3 05/10] schema: Extend schema for TPM emulator profile node Date: Fri, 18 Oct 2024 16:24:09 -0400 Message-ID: <20241018202414.2430136-6-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241018202414.2430136-1-stefanb@linux.ibm.com> References: <20241018202414.2430136-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: nIZTvNZeVsrXpk1A10K0y3MFbMnOaSQu X-Proofpoint-GUID: nIZTvNZeVsrXpk1A10K0y3MFbMnOaSQu X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 phishscore=0 mlxlogscore=999 malwarescore=0 clxscore=1015 lowpriorityscore=0 adultscore=0 spamscore=0 mlxscore=0 suspectscore=0 impostorscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2410180130 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: J2LVIGM7XGXLJSQGWSNXSOP6ZCHOP7NO X-Message-ID-Hash: J2LVIGM7XGXLJSQGWSNXSOP6ZCHOP7NO X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1729283112430116600 Content-Type: text/plain; charset="utf-8" Extend the schema for the TPM emulator profile node. Require that the profile the user provides is describe in a name attribute. An optional remove_disabled attribute is also supported for swtpm to automatically remove algorithms from the 'custom' profile if they are disabled by FIPS mode on the host. Signed-off-by: Stefan Berger --- src/conf/schemas/domaincommon.rng | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom= mon.rng index efb5f00d77..862de141da 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -5923,6 +5923,7 @@ + @@ -6020,6 +6021,30 @@ =20 + + + [A-Za-z0-9.\-:]+ + + + + + + + + + + + + + check + fips-host + + + + + + + --=20 2.47.0 From nobody Mon Dec 15 14:46:10 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1729283277050768.7226026896437; Fri, 18 Oct 2024 13:27:57 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id E6CDF1630; Fri, 18 Oct 2024 16:27:55 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 11B6C1744; Fri, 18 Oct 2024 16:24:44 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 2D48E14E1; Fri, 18 Oct 2024 16:24:25 -0400 (EDT) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 75867144A for ; Fri, 18 Oct 2024 16:24:24 -0400 (EDT) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49IBblIf014082; Fri, 18 Oct 2024 20:24:23 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42aqk2utqv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:23 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 49IGvVM5006690; Fri, 18 Oct 2024 20:24:22 GMT Received: from smtprelay07.wdc07v.mail.ibm.com ([172.16.1.74]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4283esetan-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:22 +0000 Received: from smtpav04.dal12v.mail.ibm.com (smtpav04.dal12v.mail.ibm.com [10.241.53.103]) by smtprelay07.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 49IKOLdt58655186 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Oct 2024 20:24:21 GMT Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5985958056; Fri, 18 Oct 2024 20:24:21 +0000 (GMT) Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 130335805E; Fri, 18 Oct 2024 20:24:21 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav04.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 18 Oct 2024 20:24:20 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=P9XLCufEoulHXXXt+ Ri9zNKVV4tUDyw/r5K6N7ckTAQ=; b=OkYdX9fT4u1cZvfuvreFcmdM0ApANhkqB +cRo4Npg92vdaJSjMMs6bNWpmIVKIPcXgMNswYYofObap7742qEAd3+nMEgELHRO BU2f1PkwYavXYTLilWwP/rHcJQM2wqrcqtsXUUsEBGLiKayzcoKTsoj9aAQRGOeZ 1rXfUgaEkSmbohEjl2Q9OGJPrWfX7DNKBRACNJImx7ikgw8dsleR92f3ImAXu2G4 2LYLk+mWWUDsXIU8ouWMpKf7hQqDyFlW52Q/6MZO1E6pTQUm9bjjW5O8M+OBxSkc vHe+dzIjyKROtLW1N9xO/YLku9hPql1OjKkFz/dcad7TnwpnRnlZw== From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v3 06/10] conf: Add support for profile parameter on TPM emulator in domain XML Date: Fri, 18 Oct 2024 16:24:10 -0400 Message-ID: <20241018202414.2430136-7-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241018202414.2430136-1-stefanb@linux.ibm.com> References: <20241018202414.2430136-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: EYWpvZkoEay2TAhG9_45WjzGoj2n5QXD X-Proofpoint-ORIG-GUID: EYWpvZkoEay2TAhG9_45WjzGoj2n5QXD X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 mlxscore=0 spamscore=0 priorityscore=1501 phishscore=0 clxscore=1015 mlxlogscore=999 impostorscore=0 bulkscore=0 malwarescore=0 lowpriorityscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2410180130 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: EHTDUXBZCT7YCKQEHFST6BXGHEGLUNEQ X-Message-ID-Hash: EHTDUXBZCT7YCKQEHFST6BXGHEGLUNEQ X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1729283277404116600 Content-Type: text/plain; charset="utf-8" Extend the parser and XML builder with support for the profile parameter and its remove_disabled attribute. Signed-off-by: Stefan Berger --- src/conf/domain_conf.c | 36 ++++++++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 2 ++ src/conf/domain_validate.c | 7 +++++++ 3 files changed, 45 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 9e9b9000a8..c372727111 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3471,6 +3471,7 @@ void virDomainTPMDefFree(virDomainTPMDef *def) g_free(def->data.emulator.storagepath); g_free(def->data.emulator.logfile); virBitmapFree(def->data.emulator.activePcrBanks); + g_free(def->data.emulator.profile_name); break; case VIR_DOMAIN_TPM_TYPE_EXTERNAL: virObjectUnref(def->data.external.source); @@ -10779,6 +10780,15 @@ virDomainSmartcardDefParseXML(virDomainXMLOption *= xmlopt, * * * + * + * A profile for a TPM 2.0 can be added like this: + * + * + * + * + * + * + * */ static virDomainTPMDef * virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, @@ -10797,6 +10807,8 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, g_autofree xmlNodePtr *backends =3D NULL; g_autofree xmlNodePtr *nodes =3D NULL; g_autofree char *type =3D NULL; + virDomainTPMProfileRemoveDisabled profile_remove_disabled; + xmlNodePtr profile; int bank; =20 if (!(def =3D virDomainTPMDefNew(xmlopt))) @@ -10887,6 +10899,22 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, } virBitmapSetBitExpand(def->data.emulator.activePcrBanks, bank); } + + if ((profile =3D virXPathNode("./backend/profile[1]", ctxt))) { + def->data.emulator.profile_name =3D virXMLPropString(profile, = "name"); + if (!def->data.emulator.profile_name) { + virReportError(VIR_ERR_XML_ERROR, "%s", _("missing profile= name")); + goto error; + } + if (virXMLPropEnum(profile, "remove_disabled", + virDomainTPMProfileRemoveDisabledTypeFromSt= ring, + VIR_XML_PROP_NONZERO, + &profile_remove_disabled) < 0) + goto error; + if (profile_remove_disabled !=3D VIR_DOMAIN_TPM_PROFILE_REMOVE= _DISABLED_NONE) + def->data.emulator.profile_remove_disabled =3D + virDomainTPMProfileRemoveDisabledTypeToString(profile_= remove_disabled); + } break; case VIR_DOMAIN_TPM_TYPE_EXTERNAL: if (!(type =3D virXPathString("string(./backend/source/@type)", ct= xt))) { @@ -25077,6 +25105,14 @@ virDomainTPMDefFormat(virBuffer *buf, =20 virXMLFormatElement(&backendChildBuf, "active_pcr_banks", NULL= , &activePcrBanksBuf); } + if (def->data.emulator.profile_name) { + virBufferAsprintf(&backendChildBuf, "data.emulator.profile_name); + if (def->data.emulator.profile_remove_disabled) + virBufferAsprintf(&backendChildBuf, " remove_disabled=3D'%s= '", + def->data.emulator.profile_remove_disable= d); + virBufferAddLit(&backendChildBuf, "/>\n"); + } break; case VIR_DOMAIN_TPM_TYPE_EXTERNAL: if (def->data.external.source->type =3D=3D VIR_DOMAIN_CHR_TYPE_UNI= X) { diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index ec821ea6fc..6b08665bb7 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1483,6 +1483,8 @@ struct _virDomainTPMEmulatorDef { bool hassecretuuid; bool persistent_state; virBitmap *activePcrBanks; + char *profile_name; + const char *profile_remove_disabled; }; =20 struct _virDomainTPMDef { diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index b8ae9ed79d..4610bd8e4d 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -3026,6 +3026,13 @@ virDomainTPMDevValidate(const virDomainTPMDef *tpm) virDomainTPMVersionTypeToString(VIR_DOMAIN_TPM_= VERSION_2_0)); return -1; } + if (tpm->data.emulator.profile_name && + tpm->data.emulator.version !=3D VIR_DOMAIN_TPM_VERSION_2_0) { + virReportError(VIR_ERR_XML_ERROR, + _(" requires TPM version '%1$s'"), + virDomainTPMVersionTypeToString(VIR_DOMAIN_TPM_= VERSION_2_0)); + return -1; + } break; =20 case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: --=20 2.47.0 From nobody Mon Dec 15 14:46:10 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1729283254427595.4711229251167; Fri, 18 Oct 2024 13:27:34 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 43AB815BC; Fri, 18 Oct 2024 16:27:33 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id DD5FC15BE; Fri, 18 Oct 2024 16:24:40 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 954F2145B; Fri, 18 Oct 2024 16:24:24 -0400 (EDT) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 1D7EC145B for ; Fri, 18 Oct 2024 16:24:24 -0400 (EDT) Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49I8Xfhn017569; Fri, 18 Oct 2024 20:24:23 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42ar0uawek-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:23 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 49IHiFnB005218; Fri, 18 Oct 2024 20:24:22 GMT Received: from smtprelay07.wdc07v.mail.ibm.com ([172.16.1.74]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 4285njpb29-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:22 +0000 Received: from smtpav04.dal12v.mail.ibm.com (smtpav04.dal12v.mail.ibm.com [10.241.53.103]) by smtprelay07.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 49IKOLnA10879510 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Oct 2024 20:24:22 GMT Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B5C7858052; Fri, 18 Oct 2024 20:24:21 +0000 (GMT) Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6EB8F5805E; Fri, 18 Oct 2024 20:24:21 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav04.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 18 Oct 2024 20:24:21 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=wlS2+7Z0ECzPsQXQ+ CIjk/TF0s5mhbxtZAYOYJGX8bY=; b=H/VnPHE38OrQBZaRPNjH40gA+Sc3It+DB UQlGWszmMwZw3UXJKjd2qllB39bjxiLjF9/zgUd4g20f2/+y1uCt5z/uPpvqOM7k 7eRCt7euy5yKvezroo+B1xuVTncMkWYlmyDJ1OgGCMB/Y4Dh8MKoDoty6ztS2X20 j7GiZDVrVQ672n54GSi5pceBS9v7+/wM8e8NDAOOicYrXJ6qQUZ+aSp4m4D6OA5l DfhdRPNIdphOFl+nFr+kFXvrdyeyXEmjiPICYemt394q47nKuvfCzoom/TY9qJvX 4Gn4Hv6+pnVo9Cmg3uILB4j0CG1LCsPnFCjYB9Q3XmVETwF0lfScQ== From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v3 07/10] docs: Add documentation for the TPM backend profile node Date: Fri, 18 Oct 2024 16:24:11 -0400 Message-ID: <20241018202414.2430136-8-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241018202414.2430136-1-stefanb@linux.ibm.com> References: <20241018202414.2430136-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: Q5PyDpZljtajVG1qJdzxcfs3Bv11wvLY X-Proofpoint-ORIG-GUID: Q5PyDpZljtajVG1qJdzxcfs3Bv11wvLY X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 mlxscore=0 spamscore=0 bulkscore=0 adultscore=0 mlxlogscore=833 phishscore=0 suspectscore=0 impostorscore=0 malwarescore=0 priorityscore=1501 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2410180130 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: XM7W66YI37FZVBJKEANZDEUMCU2JNQOI X-Message-ID-Hash: XM7W66YI37FZVBJKEANZDEUMCU2JNQOI X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1729283255116116600 Content-Type: text/plain; charset="utf-8" Add documentation for the TPM backend profile node and point the reader to further documentation about TPM profiles available in the swtpm and TPMLIB_SetProfile man pages. Signed-off-by: Stefan Berger --- docs/formatdomain.rst | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index e6f09a728f..b8071b299a 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -8120,6 +8120,7 @@ Example: usage of the TPM Emulator + @@ -8192,6 +8193,35 @@ Example: usage of the TPM Emulator and may not have any effect otherwise. The selection of PCR banks only = works with the ``emulator`` backend. :since:`Since 7.10.0` =20 +``profile`` + The ``profile`` node is used to set a profile for a TPM 2.0. This profi= le + will be set when the TPM is initially created and after that cannot be + changed anymore. If no profile is provided, then swtpm will use the lat= est + built-in 'default' profile or the default profile set in swtpm_setup.co= nf. + Otherwise swtpm_setup will search for a profile with the given name with + appended .json suffix in a configurable local and then in a distro + directory. If none could be found in either, it will fall back trying to + use a built-in one. + + The built-in 'null' profile provides backwards compatibility with + libtpms v0.9 but also restricts the user to use only TPM features that = were + available at the time of libtpms v0.9. The built-in 'custom' profile is= the + only profile that a user can modify and where the ``remove_disabled`` + attribute has any effect. This attribute is particularly useful when a = host + is running in FIPS mode and therefore some crypto algorithms (camellia, + tdes, unpadded RSA encryption, 1024-bit RSA keys, and others) are + disabled. When it is set to ``check`` (recommended) then only those + algorithms that are currently disabled will automatically be removed fr= om + the 'custom' profile, while when it is set to ``fips-host`` then all + potentially disabled algorithms will be removed. :since:`Since 10.??.0` + + TPM profiles provided by a distro can be referenced with the 'distro' + attribute. Locally created TPM profiles can be referenced with the + 'local' attribute. + + For further information about TPM profiles see the man pages for ``swtp= m`` + (swtpm v0.10) and libtpms's ``TPMLIB_SetProfile`` (libtpms v0.10). + ``encryption`` The ``encryption`` element allows the state of a TPM emulator to be encrypted. The ``secret`` must reference a secret object that holds the --=20 2.47.0 From nobody Mon Dec 15 14:46:10 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1729283233767773.8653023163947; Fri, 18 Oct 2024 13:27:13 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 9E31816B1; Fri, 18 Oct 2024 16:27:12 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 0500315E0; Fri, 18 Oct 2024 16:24:39 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 8F98B12F2; Fri, 18 Oct 2024 16:24:24 -0400 (EDT) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 1964BDEE for ; Fri, 18 Oct 2024 16:24:24 -0400 (EDT) Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49IIavkN008066; Fri, 18 Oct 2024 20:24:23 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42as8aaq0q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:23 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 49IIJ1Jl006843; Fri, 18 Oct 2024 20:24:22 GMT Received: from smtprelay02.dal12v.mail.ibm.com ([172.16.1.4]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4284xkpg8d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:22 +0000 Received: from smtpav04.dal12v.mail.ibm.com (smtpav04.dal12v.mail.ibm.com [10.241.53.103]) by smtprelay02.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 49IKOMd850397632 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Oct 2024 20:24:22 GMT Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 20D7658062; Fri, 18 Oct 2024 20:24:22 +0000 (GMT) Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CB1B05805E; Fri, 18 Oct 2024 20:24:21 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav04.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 18 Oct 2024 20:24:21 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=dGMG9noiS9sGJyEEp KhAI7c3GjlPX6+w96E0UBs3/+8=; b=pOJUFA8c4+aWjhNdUkNaYE5o0U32TKBBw JOHC2BSpV5FMBa5UxGBSeqr56W/mW97PPHb7T8C8mWZHc2Kba9ZPUH9i+DZmOnSI 27prk68xeqZbi3cbcRQM25ePBzXvBKU5VU194R0LrNeEFo5SJ/2++Tgnu2jg67bU zEuAeg/U1aS6LjvGLdDMA2JN7xz/5c1eNb5QJTQfoGGhj6EHY78al+EuJZnlxF8u XugGKcuUUYI6x/2HaJ4zjOnYYZmdmFW2n8L/F6OVi5bIhkUxoeCGYbkC0rQBLWvn BUUwD4TBPcCqz9vZfpU1xR2wffdfTmLTIZB1iqGJI3rTy+arMuZdQ== From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v3 08/10] qemu: Extend swtpm_setup command line to set a profile by its name Date: Fri, 18 Oct 2024 16:24:12 -0400 Message-ID: <20241018202414.2430136-9-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241018202414.2430136-1-stefanb@linux.ibm.com> References: <20241018202414.2430136-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: zl5cluy4ctrUvEWcsthF9cy3trFMYJZD X-Proofpoint-ORIG-GUID: zl5cluy4ctrUvEWcsthF9cy3trFMYJZD X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 mlxscore=0 lowpriorityscore=0 suspectscore=0 mlxlogscore=999 phishscore=0 adultscore=0 impostorscore=0 priorityscore=1501 spamscore=0 malwarescore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2410180127 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: HMEELJCZQHFCYHUAYLDIZGGZ7VJCGE7L X-Message-ID-Hash: HMEELJCZQHFCYHUAYLDIZGGZ7VJCGE7L X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1729283235030116600 Content-Type: text/plain; charset="utf-8" Run swtpm_setup with the --profile-name option if the user provided the name of a profile. swtpm_setup will try to load the profile from directories with local profiles and distro profiles and if no profile by this name with appended '.json' suffix could be found there, it will fall back to try to use an internal profile with the given name. Also set the --profile-remove-disabled option if the user provided a value in the remove_disabled attribute in the profile XML node. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- src/qemu/qemu_tpm.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 506743c268..f49276d9be 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -340,6 +340,41 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd, } =20 =20 +/* + * Add a (optional) profile to the swtpm_setup command line. + * + * @cmd: virCommand to add options to + * @emulator: emulator parameters + * + * Returns 0 on success, -1 on failure. + */ +static int +qemuTPMVirCommandAddProfile(virCommand *cmd, + const virDomainTPMEmulatorDef *emulator) +{ + if (!emulator->profile_name) + return 0; + + if (!virTPMSwtpmSetupCapsGet( + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE)) { + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s", + _("swtpm_setup has no support for profiles")); + return -1; + } + + virCommandAddArgList(cmd, + "--profile-name", emulator->profile_name, + NULL); + + if (emulator->profile_remove_disabled) + virCommandAddArgList(cmd, + "--profile-remove-disable", + emulator->profile_remove_disabled, + NULL); + return 0; +} + + /* * qemuTPMEmulatorRunSetup * @@ -414,6 +449,8 @@ qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *= emulator, "--lock-nvram", "--not-overwrite", NULL); + if (qemuTPMVirCommandAddProfile(cmd, emulator) < 0) + return -1; } else { virCommandAddArgList(cmd, "--tpm-state", emulator->storagepath, --=20 2.47.0 From nobody Mon Dec 15 14:46:10 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1729283332150220.8467204907953; Fri, 18 Oct 2024 13:28:52 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 142F31451; Fri, 18 Oct 2024 16:28:51 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 00A7B1791; Fri, 18 Oct 2024 16:24:47 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 480AB1527; Fri, 18 Oct 2024 16:24:26 -0400 (EDT) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id A6620145B for ; Fri, 18 Oct 2024 16:24:24 -0400 (EDT) Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49IIavkO008066; Fri, 18 Oct 2024 20:24:24 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42as8aaq0r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:24 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 49IHEcJB002426; Fri, 18 Oct 2024 20:24:23 GMT Received: from smtprelay02.dal12v.mail.ibm.com ([172.16.1.4]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4284en6mbm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:23 +0000 Received: from smtpav04.dal12v.mail.ibm.com (smtpav04.dal12v.mail.ibm.com [10.241.53.103]) by smtprelay02.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 49IKOMIJ49021294 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Oct 2024 20:24:22 GMT Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7D6F658052; Fri, 18 Oct 2024 20:24:22 +0000 (GMT) Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3693658056; Fri, 18 Oct 2024 20:24:22 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav04.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 18 Oct 2024 20:24:22 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=e3m8eXEhgHL5lIy6Z pt66DHqqHsfQxeZTFG8AZ9LDLE=; b=NprsuNWKxrUInIyjIIFbPbGesrhWJ5si4 nNN6sUKSgxx/16+IBUuZalA7MEqphWCnTQCAAqkCDLRSXLBi6330JTlVQ/XPXe0U h/uptOAcqw488zXTSky67k5O8qhxxi8MBxpmrLcjSmPirRBQMbWxq5iviumOUNe3 qoqZxhA+pWDN7qmbjDqCFFiywiAzojNjSChFMhftCbRT61zvhk4HbyGbhtHZvEwq 3iVuID6x7Sxb4SLBr8qSplRHmkEbgE7/WWYVi26soXJbFHPMpsr7PLIRAFHmbpRb 8+Y9UbXdg5PktBUvY8LtUIWThwu9w2sn/HevaKvckHCanqwg/gRPg== From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v3 09/10] qemu: Move adding of keys to swtpm command line into own function Date: Fri, 18 Oct 2024 16:24:13 -0400 Message-ID: <20241018202414.2430136-10-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241018202414.2430136-1-stefanb@linux.ibm.com> References: <20241018202414.2430136-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: -QRRrLL2qO0OMMOyVQr-W1lVqZzSd01d X-Proofpoint-ORIG-GUID: -QRRrLL2qO0OMMOyVQr-W1lVqZzSd01d X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 mlxscore=0 lowpriorityscore=0 suspectscore=0 mlxlogscore=754 phishscore=0 adultscore=0 impostorscore=0 priorityscore=1501 spamscore=0 malwarescore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2410180127 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: J76KP23MHVPRRC3UHNMAJ66RLGMF4YDO X-Message-ID-Hash: J76KP23MHVPRRC3UHNMAJ66RLGMF4YDO X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1729283333524116600 Content-Type: text/plain; charset="utf-8" Factor-out code related to adding key to the swtpm command line into its own function. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- src/qemu/qemu_tpm.c | 60 +++++++++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 24 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index f49276d9be..99473bba87 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -546,6 +546,38 @@ qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorD= ef *emulator, return 0; } =20 +static int +qemuTPMVirCommandSwtpmAddEncryption(virCommand *cmd, + const virDomainTPMEmulatorDef *emulato= r, + const char *swtpm) +{ + int pwdfile_fd =3D -1; + int migpwdfile_fd =3D -1; + + if (emulator->hassecretuuid) { + if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) { + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, + _("%1$s does not support passing passphrase via= file descriptor"), + swtpm); + return -1; + } + + if (qemuTPMSetupEncryption(emulator->secretuuid, + cmd, &pwdfile_fd) < 0) + return -1; + + if (qemuTPMSetupEncryption(emulator->secretuuid, + cmd, &migpwdfile_fd) < 0) + return -1; + + virCommandAddArg(cmd, "--key"); + virCommandAddArgFormat(cmd, "pwdfd=3D%d,mode=3Daes-256-cbc", pwdfi= le_fd); + + virCommandAddArg(cmd, "--migration-key"); + virCommandAddArgFormat(cmd, "pwdfd=3D%d,mode=3Daes-256-cbc", migpw= dfile_fd); + } + return 0; +} =20 /* * qemuTPMEmulatorBuildCommand: @@ -572,8 +604,6 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, g_autoptr(virCommand) cmd =3D NULL; bool created =3D false; g_autofree char *swtpm =3D virTPMGetSwtpm(); - int pwdfile_fd =3D -1; - int migpwdfile_fd =3D -1; const unsigned char *secretuuid =3D NULL; bool create_storage =3D true; bool on_shared_storage; @@ -644,28 +674,10 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, break; } =20 - if (tpm->data.emulator.hassecretuuid) { - if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) { - virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, - _("%1$s does not support passing passphrase via= file descriptor"), - swtpm); - goto error; - } - - if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, - cmd, &pwdfile_fd) < 0) - goto error; - - if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, - cmd, &migpwdfile_fd) < 0) - goto error; - - virCommandAddArg(cmd, "--key"); - virCommandAddArgFormat(cmd, "pwdfd=3D%d,mode=3Daes-256-cbc", pwdfi= le_fd); - - virCommandAddArg(cmd, "--migration-key"); - virCommandAddArgFormat(cmd, "pwdfd=3D%d,mode=3Daes-256-cbc", migpw= dfile_fd); - } + if (qemuTPMVirCommandSwtpmAddEncryption(cmd, + &tpm->data.emulator, + swtpm) < 0) + goto error; =20 /* If swtpm supports it and the TPM state is stored on shared storage, * start swtpm with --migration release-lock-outgoing so it can migrate --=20 2.47.0 From nobody Mon Dec 15 14:46:10 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1729283307867310.9635880143543; Fri, 18 Oct 2024 13:28:27 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id C6493162C; Fri, 18 Oct 2024 16:28:26 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id DC69E1540; Fri, 18 Oct 2024 16:24:45 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 5B19814F6; Fri, 18 Oct 2024 16:24:25 -0400 (EDT) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 9069BDEE for ; Fri, 18 Oct 2024 16:24:24 -0400 (EDT) Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49IA0vOo014451; Fri, 18 Oct 2024 20:24:24 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42aqgrb132-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:23 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 49IGvVM6006690; Fri, 18 Oct 2024 20:24:23 GMT Received: from smtprelay02.dal12v.mail.ibm.com ([172.16.1.4]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4283esetar-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Oct 2024 20:24:23 +0000 Received: from smtpav04.dal12v.mail.ibm.com (smtpav04.dal12v.mail.ibm.com [10.241.53.103]) by smtprelay02.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 49IKOMRS48496958 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Oct 2024 20:24:23 GMT Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DB90D5805E; Fri, 18 Oct 2024 20:24:22 +0000 (GMT) Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 92D8658056; Fri, 18 Oct 2024 20:24:22 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav04.dal12v.mail.ibm.com (Postfix) with ESMTP; Fri, 18 Oct 2024 20:24:22 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=NuGuwZpZmYsSRmFWu g1p4FA6YYToMW/4DpGW6YbAB1U=; b=MZw/NSQe0HfmughMwz1S4m3RPqkhaNY0t Dy3NsbPOepED4bSyG+HTdI4brYOmHnjqoErtBYblDa0tsqPtdrgcecuy3yTk17R2 wWncjisFy5TDlcXZS0ZQloSUZWP51kl2tlVnZyluK7Za8IK8Z5W6CNOhy6HmJEHF 0PMtA8mRTL6YKykPc5IkexE6pFVm5Zbydd4NXLXYJmsuXkTP3ijoHa9qTfZWbaPk lBy7+HJuRiMACTVhw51ISKgHpoPE45zxGPzYzAq8RTuFaV2uR+RGRAuEGf+0s5Mc sZp1IWIbylkxe8INAwHizXAK83qo8Q2Pqv1nYrKQTL6DuTM4FDdAQ== From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v3 10/10] qemu: Read the profile name after creation of TPM instance Date: Fri, 18 Oct 2024 16:24:14 -0400 Message-ID: <20241018202414.2430136-11-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241018202414.2430136-1-stefanb@linux.ibm.com> References: <20241018202414.2430136-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: EVz4cS4znKUIurdtQrVmqKRkQloz30L- X-Proofpoint-GUID: EVz4cS4znKUIurdtQrVmqKRkQloz30L- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 phishscore=0 mlxlogscore=999 malwarescore=0 clxscore=1015 lowpriorityscore=0 adultscore=0 spamscore=0 mlxscore=0 suspectscore=0 impostorscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2410180130 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: OZEGQPLBRPA5TFYRM7Z2UOXTTTPQIDGH X-Message-ID-Hash: OZEGQPLBRPA5TFYRM7Z2UOXTTTPQIDGH X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1729283309455116600 Content-Type: text/plain; charset="utf-8" Get the JSON profile that the swtpm instance was created with from the output of 'swtpm socket --tpm2 --print-info 0x20 --tpmstate ...'. Get the name of the profile from the JSON and if it differs from the original profile name then update the profile name in the current and persistent emulator descriptions and have the persistent stored with the update. Signed-off-by: Stefan Berger --- src/qemu/qemu_extdevice.c | 5 +- src/qemu/qemu_tpm.c | 105 ++++++++++++++++++++++++++++++++++++-- src/qemu/qemu_tpm.h | 3 +- src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + 5 files changed, 109 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c index dc1bb56237..a6f31f9773 100644 --- a/src/qemu/qemu_extdevice.c +++ b/src/qemu/qemu_extdevice.c @@ -175,6 +175,7 @@ qemuExtDevicesStart(virQEMUDriver *driver, virDomainObj *vm, bool incomingMigration) { + virDomainDef *persistentDef =3D vm->newDef; virDomainDef *def =3D vm->def; size_t i; =20 @@ -189,9 +190,11 @@ qemuExtDevicesStart(virQEMUDriver *driver, =20 for (i =3D 0; i < def->ntpms; i++) { virDomainTPMDef *tpm =3D def->tpms[i]; + virDomainTPMDef *persistentTPMDef =3D persistentDef->tpms[i]; =20 if (tpm->type =3D=3D VIR_DOMAIN_TPM_TYPE_EMULATOR && - qemuExtTPMStart(driver, vm, tpm, incomingMigration) < 0) + qemuExtTPMStart(driver, vm, tpm, persistentTPMDef, + incomingMigration) < 0) return -1; } =20 diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 99473bba87..cbb6af8314 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -579,15 +579,94 @@ qemuTPMVirCommandSwtpmAddEncryption(virCommand *cmd, return 0; } =20 + +/* qemuTPMEmulatorUpdateProfileName: + * + * @emulator: TPM emulator definition + * @persistentTPMDef: TPM definition from the persistent domain definition + * @cfg: virQEMUDriverConfig + * @saveDef: whether caller should save the persistent domain def + */ +static int +qemuTPMEmulatorUpdateProfileName(virDomainTPMEmulatorDef *emulator, + virDomainTPMDef *persistentTPMDef, + const virQEMUDriverConfig *cfg, + bool *saveDef) +{ + g_autoptr(virJSONValue) object =3D NULL; + g_autofree char *stderr_buf =3D NULL; + g_autofree char *stdout_buf =3D NULL; + g_autoptr(virCommand) cmd =3D NULL; + g_autofree char *swtpm =3D NULL; + virJSONValue *active_profile; + const char *profile_name; + int exitstatus; + + if (emulator->version !=3D VIR_DOMAIN_TPM_VERSION_2_0 || + !virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PRINT_INFO)) + return 0; + + swtpm =3D virTPMGetSwtpm(); + if (!swtpm) + return -1; + + cmd =3D virCommandNew(swtpm); + + virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or '= root' */ + virCommandSetGID(cmd, cfg->swtpm_group); + + virCommandAddArgList(cmd, "socket", "--print-info", "0x20", "--tpm2", = NULL); + + virCommandAddArg(cmd, "--tpmstate"); + virCommandAddArgFormat(cmd, "dir=3D%s", + emulator->storagepath); + + if (qemuTPMVirCommandSwtpmAddEncryption(cmd, emulator, swtpm) < 0) + return -1; + + virCommandClearCaps(cmd); + + virCommandSetOutputBuffer(cmd, &stdout_buf); + virCommandSetErrorBuffer(cmd, &stderr_buf); + + if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus !=3D 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Could not run '%1$s --print-info'. exitstatus: %= 2$d; stderr: %3$s\n"), + swtpm, exitstatus, stderr_buf); + return -1; + } + + if (!(object =3D virJSONValueFromString(stdout_buf))) + return -1; + + if (!(active_profile =3D virJSONValueObjectGetObject(object, "ActivePr= ofile"))) + return -1; + + profile_name =3D g_strdup(virJSONValueObjectGetString(active_profile, = "Name")); + if (STRNEQ_NULLABLE(emulator->profile_name, profile_name)) { + g_free(emulator->profile_name); + emulator->profile_name =3D g_strdup(profile_name); + } + if (STRNEQ_NULLABLE(persistentTPMDef->data.emulator.profile_name, prof= ile_name)) { + *saveDef =3D true; + g_free(persistentTPMDef->data.emulator.profile_name); + persistentTPMDef->data.emulator.profile_name =3D g_strdup(profile_= name); + } + + return 0; +} + /* * qemuTPMEmulatorBuildCommand: * * @tpm: TPM definition + * @persistentTPMDef: TPM definition from the persistent domain definition * @vmname: The name of the VM * @vmuuid: The UUID of the VM * @privileged: whether we are running in privileged mode * @cfg: virQEMUDriverConfig * @incomingMigration: whether we have an incoming migration + * @saveDef: whether caller should save the persistent domain def * * Create the virCommand use for starting the emulator * Do some initializations on the way, such as creation of storage @@ -595,11 +674,13 @@ qemuTPMVirCommandSwtpmAddEncryption(virCommand *cmd, */ static virCommand * qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, + virDomainTPMDef *persistentTPMDef, const char *vmname, const unsigned char *vmuuid, bool privileged, const virQEMUDriverConfig *cfg, - bool incomingMigration) + bool incomingMigration, + bool *saveDef) { g_autoptr(virCommand) cmd =3D NULL; bool created =3D false; @@ -633,6 +714,11 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, incomingMigration) < 0) goto error; =20 + if (created && !incomingMigration && + qemuTPMEmulatorUpdateProfileName(&tpm->data.emulator, persistentTP= MDef, + cfg, saveDef) < 0) + goto error; + if (!incomingMigration && qemuTPMEmulatorReconfigure(&tpm->data.emulator, cfg, secretuuid) <= 0) goto error; @@ -934,6 +1020,7 @@ qemuExtTPMEmulatorSetupCgroup(const char *swtpmStateDi= r, * @driver: QEMU driver * @vm: the domain object * @tpm: TPM definition + * @persistentTPMDef: TPM definition from persistent domain definition * @shortName: short and unique name of the domain * @incomingMigration: whether we have an incoming migration * @@ -946,6 +1033,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, virDomainObj *vm, const char *shortName, virDomainTPMDef *tpm, + virDomainTPMDef *persistentTPMDef, bool incomingMigration) { g_autoptr(virCommand) cmd =3D NULL; @@ -954,6 +1042,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, g_autofree char *pidfile =3D NULL; virTimeBackOffVar timebackoff; const unsigned long long timeout =3D 1000; /* ms */ + bool saveDef =3D false; pid_t pid =3D -1; bool lockMetadataException =3D false; =20 @@ -962,12 +1051,18 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, /* stop any left-over TPM emulator for this VM */ qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName); =20 - if (!(cmd =3D qemuTPMEmulatorBuildCommand(tpm, vm->def->name, vm->def-= >uuid, + if (!(cmd =3D qemuTPMEmulatorBuildCommand(tpm, persistentTPMDef, + vm->def->name, vm->def->uuid, driver->privileged, cfg, - incomingMigration))) + incomingMigration, + &saveDef))) return -1; =20 + if (saveDef && + virDomainDefSave(vm->newDef, driver->xmlopt, cfg->configDir) < 0) + goto error; + if (qemuExtDeviceLogCommand(driver, vm, cmd, "TPM Emulator") < 0) return -1; =20 @@ -1151,6 +1246,7 @@ int qemuExtTPMStart(virQEMUDriver *driver, virDomainObj *vm, virDomainTPMDef *tpm, + virDomainTPMDef *persistentTPMDef, bool incomingMigration) { g_autofree char *shortName =3D virDomainDefGetShortName(vm->def); @@ -1158,7 +1254,8 @@ qemuExtTPMStart(virQEMUDriver *driver, if (!shortName) return -1; =20 - return qemuTPMEmulatorStart(driver, vm, shortName, tpm, incomingMigrat= ion); + return qemuTPMEmulatorStart(driver, vm, shortName, tpm, persistentTPMD= ef, + incomingMigration); } =20 =20 diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h index 3071dc3f71..7096060a2a 100644 --- a/src/qemu/qemu_tpm.h +++ b/src/qemu/qemu_tpm.h @@ -44,9 +44,10 @@ void qemuExtTPMCleanupHost(virQEMUDriver *driver, int qemuExtTPMStart(virQEMUDriver *driver, virDomainObj *vm, virDomainTPMDef *def, + virDomainTPMDef *persistentDefTPM, bool incomingMigration) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) - ATTRIBUTE_NONNULL(3) + ATTRIBUTE_NONNULL(3) ATTRIBUTE_NONNULL(4) G_GNUC_WARN_UNUSED_RESULT; =20 void qemuExtTPMStop(virQEMUDriver *driver, diff --git a/src/util/virtpm.c b/src/util/virtpm.c index d991657696..d639271b4f 100644 --- a/src/util/virtpm.c +++ b/src/util/virtpm.c @@ -40,6 +40,7 @@ VIR_ENUM_IMPL(virTPMSwtpmFeature, VIR_TPM_SWTPM_FEATURE_LAST, "cmdarg-pwd-fd", "cmdarg-migration", + "cmdarg-print-info", ); =20 VIR_ENUM_IMPL(virTPMSwtpmSetupFeature, diff --git a/src/util/virtpm.h b/src/util/virtpm.h index 18c2877c03..a4ed9a3f95 100644 --- a/src/util/virtpm.h +++ b/src/util/virtpm.h @@ -31,6 +31,7 @@ bool virTPMHasSwtpm(void); typedef enum { VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD, VIR_TPM_SWTPM_FEATURE_CMDARG_MIGRATION, + VIR_TPM_SWTPM_FEATURE_CMDARG_PRINT_INFO, =20 VIR_TPM_SWTPM_FEATURE_LAST } virTPMSwtpmFeature; --=20 2.47.0