docs/formatdomain.rst | 32 +++ src/conf/domain_conf.c | 47 ++++ src/conf/domain_conf.h | 38 ++-- src/conf/domain_validate.c | 7 + src/conf/schemas/domaincommon.rng | 32 +++ src/conf/virconftypes.h | 2 + src/qemu/qemu_extdevice.c | 5 +- src/qemu/qemu_tpm.c | 344 ++++++++++++++++++++---------- src/qemu/qemu_tpm.h | 3 +- src/util/virtpm.c | 2 + src/util/virtpm.h | 2 + tests/testutilsqemu.c | 1 + 12 files changed, 386 insertions(+), 129 deletions(-)
Upcoming libtpms v0.10 and swtpm v0.10 will have TPM profile support that
allows to restrict a TPM's provided set of crypto algorithms and commands
and through which backwards compatibility and migration from newer versions
of libtpms to older ones (up to libtpms v0.9) is supported. For the latter
to work it is necessary that the user chooses the right ('null') profile.
This series adds support for passing a profile choice to swtpm_setup by
setting it in the domain XML using the <profile/> XML node. An optional
attribute 'remove_disabled' can be set in this node and accepts two values:
"check": test a few crypto algorithms (tdes, camellia, unpadded encryption,
and others) for whether they are currently disabled due to FIPS
mode on the host and remove these algorithms in the 'custom'
profile if they are disabled;
"fips-host": do not test but remove all the possibly disabled crypto
algorithms (from list above)
Also extend the documentation but point the user to swtpm and libtpms
documentation for further details.
Follow Deniel's suggestions there's now a PR for swtpm_setup to support
searching for profiles though a configurable local directory, distro
directory and if no profile could be found there (with appended
".json" suffix) it will fall back to try to use a built-in profile by
the provided name: https://github.com/stefanberger/swtpm/pull/918
Stefan
v4:
- Renamed previous 'name' attribute in profile XML node to 'source'
to indicate that the profile was created from some sort of 'source'.
The 'name' is now set from the name of the profile read from the
swtpm instance's state once it has been created.
v3:
- 2/10: Adjustments to due rebase
- Applied Marc-André's R-b tags
- 10/10: Read back profile name from swtpm and adjust it in emulator defs
Stefan Berger (11):
conf: Move TPM emulator parameters into own struct
qemu: Pass virQEMUDriverConfig rather than some of its fields
util: Add parsing support for swtpm_setup's cmdarg-profile capability
conf: Define enum virDomainTPMProfileRemoveDisabled
schema: Extend schema for TPM emulator profile node
conf: Add support for profile parameter on TPM emulator in domain XML
docs: Add documentation for the TPM backend profile node
qemu: Extend swtpm_setup command line to set a profile by its name
qemu: Move adding of keys to swtpm command line into own function
qemu: Move adding --tpmstate to swtpm command line into own function
qemu: Read back the profile name after creation of a TPM instance
docs/formatdomain.rst | 32 +++
src/conf/domain_conf.c | 47 ++++
src/conf/domain_conf.h | 38 ++--
src/conf/domain_validate.c | 7 +
src/conf/schemas/domaincommon.rng | 32 +++
src/conf/virconftypes.h | 2 +
src/qemu/qemu_extdevice.c | 5 +-
src/qemu/qemu_tpm.c | 344 ++++++++++++++++++++----------
src/qemu/qemu_tpm.h | 3 +-
src/util/virtpm.c | 2 +
src/util/virtpm.h | 2 +
tests/testutilsqemu.c | 1 +
12 files changed, 386 insertions(+), 129 deletions(-)
--
2.47.0
On 11/13/24 18:39, Stefan Berger wrote:
> Upcoming libtpms v0.10 and swtpm v0.10 will have TPM profile support that
> allows to restrict a TPM's provided set of crypto algorithms and commands
> and through which backwards compatibility and migration from newer versions
> of libtpms to older ones (up to libtpms v0.9) is supported. For the latter
> to work it is necessary that the user chooses the right ('null') profile.
>
> This series adds support for passing a profile choice to swtpm_setup by
> setting it in the domain XML using the <profile/> XML node. An optional
> attribute 'remove_disabled' can be set in this node and accepts two values:
>
> "check": test a few crypto algorithms (tdes, camellia, unpadded encryption,
> and others) for whether they are currently disabled due to FIPS
> mode on the host and remove these algorithms in the 'custom'
> profile if they are disabled;
> "fips-host": do not test but remove all the possibly disabled crypto
> algorithms (from list above)
>
> Also extend the documentation but point the user to swtpm and libtpms
> documentation for further details.
>
> Follow Deniel's suggestions there's now a PR for swtpm_setup to support
> searching for profiles though a configurable local directory, distro
> directory and if no profile could be found there (with appended
> ".json" suffix) it will fall back to try to use a built-in profile by
> the provided name: https://github.com/stefanberger/swtpm/pull/918
>
> Stefan
>
> v4:
> - Renamed previous 'name' attribute in profile XML node to 'source'
> to indicate that the profile was created from some sort of 'source'.
> The 'name' is now set from the name of the profile read from the
> swtpm instance's state once it has been created.
>
> v3:
> - 2/10: Adjustments to due rebase
> - Applied Marc-André's R-b tags
> - 10/10: Read back profile name from swtpm and adjust it in emulator defs
>
> Stefan Berger (11):
> conf: Move TPM emulator parameters into own struct
> qemu: Pass virQEMUDriverConfig rather than some of its fields
> util: Add parsing support for swtpm_setup's cmdarg-profile capability
> conf: Define enum virDomainTPMProfileRemoveDisabled
> schema: Extend schema for TPM emulator profile node
> conf: Add support for profile parameter on TPM emulator in domain XML
> docs: Add documentation for the TPM backend profile node
> qemu: Extend swtpm_setup command line to set a profile by its name
> qemu: Move adding of keys to swtpm command line into own function
> qemu: Move adding --tpmstate to swtpm command line into own function
> qemu: Read back the profile name after creation of a TPM instance
>
> docs/formatdomain.rst | 32 +++
> src/conf/domain_conf.c | 47 ++++
> src/conf/domain_conf.h | 38 ++--
> src/conf/domain_validate.c | 7 +
> src/conf/schemas/domaincommon.rng | 32 +++
> src/conf/virconftypes.h | 2 +
> src/qemu/qemu_extdevice.c | 5 +-
> src/qemu/qemu_tpm.c | 344 ++++++++++++++++++++----------
> src/qemu/qemu_tpm.h | 3 +-
> src/util/virtpm.c | 2 +
> src/util/virtpm.h | 2 +
> tests/testutilsqemu.c | 1 +
> 12 files changed, 386 insertions(+), 129 deletions(-)
>
This adds new XML element and attributes but is lacking corresponding
tests/qemuxmlconfdata/ addition to show parser/formatter working.
I've uploaded my suggestions here:
https://gitlab.com/MichalPrivoznik/libvirt/-/commits/review_swtpm?ref_type=heads
If you are fine with them, I can squash those fixup commits and merge.
Michal
On 11/15/24 4:19 AM, Michal Prívozník wrote:
> On 11/13/24 18:39, Stefan Berger wrote:
>> Upcoming libtpms v0.10 and swtpm v0.10 will have TPM profile support that
>> allows to restrict a TPM's provided set of crypto algorithms and commands
>> and through which backwards compatibility and migration from newer versions
>> of libtpms to older ones (up to libtpms v0.9) is supported. For the latter
>> to work it is necessary that the user chooses the right ('null') profile.
>>
>> This series adds support for passing a profile choice to swtpm_setup by
>> setting it in the domain XML using the <profile/> XML node. An optional
>> attribute 'remove_disabled' can be set in this node and accepts two values:
>>
>> "check": test a few crypto algorithms (tdes, camellia, unpadded encryption,
>> and others) for whether they are currently disabled due to FIPS
>> mode on the host and remove these algorithms in the 'custom'
>> profile if they are disabled;
>> "fips-host": do not test but remove all the possibly disabled crypto
>> algorithms (from list above)
>>
>> Also extend the documentation but point the user to swtpm and libtpms
>> documentation for further details.
>>
>> Follow Deniel's suggestions there's now a PR for swtpm_setup to support
>> searching for profiles though a configurable local directory, distro
>> directory and if no profile could be found there (with appended
>> ".json" suffix) it will fall back to try to use a built-in profile by
>> the provided name: https://github.com/stefanberger/swtpm/pull/918
>>
>> Stefan
>>
>> v4:
>> - Renamed previous 'name' attribute in profile XML node to 'source'
>> to indicate that the profile was created from some sort of 'source'.
>> The 'name' is now set from the name of the profile read from the
>> swtpm instance's state once it has been created.
>>
>> v3:
>> - 2/10: Adjustments to due rebase
>> - Applied Marc-André's R-b tags
>> - 10/10: Read back profile name from swtpm and adjust it in emulator defs
>>
>> Stefan Berger (11):
>> conf: Move TPM emulator parameters into own struct
>> qemu: Pass virQEMUDriverConfig rather than some of its fields
>> util: Add parsing support for swtpm_setup's cmdarg-profile capability
>> conf: Define enum virDomainTPMProfileRemoveDisabled
>> schema: Extend schema for TPM emulator profile node
>> conf: Add support for profile parameter on TPM emulator in domain XML
>> docs: Add documentation for the TPM backend profile node
>> qemu: Extend swtpm_setup command line to set a profile by its name
>> qemu: Move adding of keys to swtpm command line into own function
>> qemu: Move adding --tpmstate to swtpm command line into own function
>> qemu: Read back the profile name after creation of a TPM instance
>>
>> docs/formatdomain.rst | 32 +++
>> src/conf/domain_conf.c | 47 ++++
>> src/conf/domain_conf.h | 38 ++--
>> src/conf/domain_validate.c | 7 +
>> src/conf/schemas/domaincommon.rng | 32 +++
>> src/conf/virconftypes.h | 2 +
>> src/qemu/qemu_extdevice.c | 5 +-
>> src/qemu/qemu_tpm.c | 344 ++++++++++++++++++++----------
>> src/qemu/qemu_tpm.h | 3 +-
>> src/util/virtpm.c | 2 +
>> src/util/virtpm.h | 2 +
>> tests/testutilsqemu.c | 1 +
>> 12 files changed, 386 insertions(+), 129 deletions(-)
>>
>
> This adds new XML element and attributes but is lacking corresponding
> tests/qemuxmlconfdata/ addition to show parser/formatter working.
>
> I've uploaded my suggestions here:
>
> https://gitlab.com/MichalPrivoznik/libvirt/-/commits/review_swtpm?ref_type=heads
>
> If you are fine with them, I can squash those fixup commits and merge.
I tested it. The changes look good to me. Thanks also for the test case.
Stefan
>
> Michal
>
On 11/15/24 22:55, Stefan Berger wrote: > > > On 11/15/24 4:19 AM, Michal Prívozník wrote: >> >> I've uploaded my suggestions here: >> >> https://gitlab.com/MichalPrivoznik/libvirt/-/commits/review_swtpm? >> ref_type=heads >> >> If you are fine with them, I can squash those fixup commits and merge. > > I tested it. The changes look good to me. Thanks also for the test case. > > Stefan Awesome. Squashed in my suggestions and merged. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal
© 2016 - 2024 Red Hat, Inc.