1. Patchew
  2. Libvirt
  3. [PATCH v4 00/11] swtpm: Add support for profiles
  4. View patch

[PATCH v4 09/11] qemu: Move adding of keys to swtpm command line into own function

Stefan Berger posted 11 patches 1 week ago
[PATCH v4 09/11] qemu: Move adding of keys to swtpm command line into own function
Posted by Stefan Berger 1 week ago 
Factor-out code related to adding key to the swtpm command line into its
own function.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/qemu/qemu_tpm.c | 60 +++++++++++++++++++++++++++------------------
 1 file changed, 36 insertions(+), 24 deletions(-)

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 34db6494a5..bf07b86793 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -575,6 +575,38 @@ qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDef *emulator,
     return 0;
 }
 
+static int
+qemuTPMVirCommandSwtpmAddEncryption(virCommand *cmd,
+                                    const virDomainTPMEmulatorDef *emulator,
+                                    const char *swtpm)
+{
+    int pwdfile_fd = -1;
+    int migpwdfile_fd = -1;
+
+    if (emulator->hassecretuuid) {
+        if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) {
+            virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
+                           _("%1$s does not support passing passphrase via file descriptor"),
+                           swtpm);
+            return -1;
+        }
+
+        if (qemuTPMSetupEncryption(emulator->secretuuid,
+                                   cmd, &pwdfile_fd) < 0)
+            return -1;
+
+        if (qemuTPMSetupEncryption(emulator->secretuuid,
+                                   cmd, &migpwdfile_fd) < 0)
+            return -1;
+
+        virCommandAddArg(cmd, "--key");
+        virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", pwdfile_fd);
+
+        virCommandAddArg(cmd, "--migration-key");
+        virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", migpwdfile_fd);
+    }
+    return 0;
+}
 
 /*
  * qemuTPMEmulatorBuildCommand:
@@ -602,8 +634,6 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
     bool created = false;
     bool run_setup = false;
     g_autofree char *swtpm = virTPMGetSwtpm();
-    int pwdfile_fd = -1;
-    int migpwdfile_fd = -1;
     const unsigned char *secretuuid = NULL;
     bool create_storage = true;
     bool on_shared_storage;
@@ -698,28 +728,10 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
         break;
     }
 
-    if (tpm->data.emulator.hassecretuuid) {
-        if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) {
-            virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
-                           _("%1$s does not support passing passphrase via file descriptor"),
-                           swtpm);
-            goto error;
-        }
-
-        if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid,
-                                   cmd, &pwdfile_fd) < 0)
-            goto error;
-
-        if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid,
-                                   cmd, &migpwdfile_fd) < 0)
-            goto error;
-
-        virCommandAddArg(cmd, "--key");
-        virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", pwdfile_fd);
-
-        virCommandAddArg(cmd, "--migration-key");
-        virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", migpwdfile_fd);
-    }
+    if (qemuTPMVirCommandSwtpmAddEncryption(cmd,
+                                            &tpm->data.emulator,
+                                            swtpm) < 0)
+        goto error;
 
     /* If swtpm supports it and the TPM state is stored on shared storage,
      * start swtpm with --migration release-lock-outgoing so it can migrate
-- 
2.47.0
Re: [PATCH v4 09/11] qemu: Move adding of keys to swtpm command line into own function
Posted by Michal Prívozník 6 days, 3 hours ago 
On 11/13/24 18:39, Stefan Berger wrote:
> Factor-out code related to adding key to the swtpm command line into its
> own function.
> 
> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
>  src/qemu/qemu_tpm.c | 60 +++++++++++++++++++++++++++------------------
>  1 file changed, 36 insertions(+), 24 deletions(-)
> 
> diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
> index 34db6494a5..bf07b86793 100644
> --- a/src/qemu/qemu_tpm.c
> +++ b/src/qemu/qemu_tpm.c
> @@ -575,6 +575,38 @@ qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDef *emulator,
>      return 0;
>  }
>  
> +static int
> +qemuTPMVirCommandSwtpmAddEncryption(virCommand *cmd,
> +                                    const virDomainTPMEmulatorDef *emulator,
> +                                    const char *swtpm)
> +{
> +    int pwdfile_fd = -1;
> +    int migpwdfile_fd = -1;
> +
> +    if (emulator->hassecretuuid) {

Alternatively:

if (!emulator->hassecretuuid)
    return 0;

....

> +        if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) {
> +            virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
> +                           _("%1$s does not support passing passphrase via file descriptor"),
> +                           swtpm);
> +            return -1;
> +        }
> +
> +        if (qemuTPMSetupEncryption(emulator->secretuuid,
> +                                   cmd, &pwdfile_fd) < 0)
> +            return -1;
> +
> +        if (qemuTPMSetupEncryption(emulator->secretuuid,
> +                                   cmd, &migpwdfile_fd) < 0)
> +            return -1;
> +
> +        virCommandAddArg(cmd, "--key");
> +        virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", pwdfile_fd);
> +
> +        virCommandAddArg(cmd, "--migration-key");
> +        virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", migpwdfile_fd);
> +    }
> +    return 0;
> +}
>  
>  /*
>   * qemuTPMEmulatorBuildCommand:
> @@ -602,8 +634,6 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
>      bool created = false;
>      bool run_setup = false;
>      g_autofree char *swtpm = virTPMGetSwtpm();
> -    int pwdfile_fd = -1;
> -    int migpwdfile_fd = -1;
>      const unsigned char *secretuuid = NULL;
>      bool create_storage = true;
>      bool on_shared_storage;
> @@ -698,28 +728,10 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
>          break;
>      }
>  
> -    if (tpm->data.emulator.hassecretuuid) {
> -        if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) {
> -            virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
> -                           _("%1$s does not support passing passphrase via file descriptor"),
> -                           swtpm);
> -            goto error;
> -        }
> -
> -        if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid,
> -                                   cmd, &pwdfile_fd) < 0)
> -            goto error;
> -
> -        if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid,
> -                                   cmd, &migpwdfile_fd) < 0)
> -            goto error;
> -
> -        virCommandAddArg(cmd, "--key");
> -        virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", pwdfile_fd);
> -
> -        virCommandAddArg(cmd, "--migration-key");
> -        virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", migpwdfile_fd);
> -    }
> +    if (qemuTPMVirCommandSwtpmAddEncryption(cmd,
> +                                            &tpm->data.emulator,
> +                                            swtpm) < 0)
> +        goto error;
>  
>      /* If swtpm supports it and the TPM state is stored on shared storage,
>       * start swtpm with --migration release-lock-outgoing so it can migrate

Michal

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.