From nobody Sat Nov 23 08:09:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 173151972719758.98251326620971; Wed, 13 Nov 2024 09:42:07 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 2103B19C3; Wed, 13 Nov 2024 12:42:06 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id E51D517F9; Wed, 13 Nov 2024 12:40:12 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id 7E497172B; Wed, 13 Nov 2024 12:40:04 -0500 (EST) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 9A36C1562 for ; Wed, 13 Nov 2024 12:40:03 -0500 (EST) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADGe53L022676; Wed, 13 Nov 2024 17:40:02 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42vyu3896v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:02 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADFCa6A007703; Wed, 13 Nov 2024 17:40:01 GMT Received: from smtprelay04.dal12v.mail.ibm.com ([172.16.1.6]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 42tm9jehnj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:01 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay04.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 4ADHe1Id55050668 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Nov 2024 17:40:01 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0DE2058059; Wed, 13 Nov 2024 17:40:01 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B444B58055; Wed, 13 Nov 2024 17:40:00 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 13 Nov 2024 17:40:00 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pp1; bh=sGJEPS 68P/OYr3s0Fj6CUCpzsrIJTBJeHXMIPNha9qE=; b=cI2o7iwiGb20coGxqw2faR ChkRqFShDj08r0OT536iMxSYCAGp04SJlMjKr38Y1MpY+UGGSJI+TgiHy57L1LIM NZNQZN+sBHYNzeaOzkXWUgSna3TggznEsCkvUZdYsuMHNdy4HxJaN20Ou4PRf4FV bBNwC8pforgco4/k5HeJmO63TMixQ/EM33o/XzKbpoeDjTJmboQFXCUpqjN+qzeG eC5Pt6J7TIi+pc2Nd+1TtoAQExp60cKZemlzmccPvWNImXaDElz0Kxrfv8ew4IZI d4edH1DqcCLz9sg0qpwpVoEcyFALgmsphM8YhoPub9+LBcFgwRFQ7JO4Lu11z10w == From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v4 01/11] conf: Move TPM emulator parameters into own struct Date: Wed, 13 Nov 2024 12:39:41 -0500 Message-ID: <20241113173951.813781-2-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241113173951.813781-1-stefanb@linux.ibm.com> References: <20241113173951.813781-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: PQWWAePvXll_IeURIoxGCjxuEFzOU7sE X-Proofpoint-GUID: PQWWAePvXll_IeURIoxGCjxuEFzOU7sE X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 bulkscore=0 adultscore=0 mlxlogscore=999 priorityscore=1501 impostorscore=0 suspectscore=0 phishscore=0 malwarescore=0 mlxscore=0 spamscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2411130146 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 5N4NBRJU36J2E7LY26MARKKD2ZREC2L6 X-Message-ID-Hash: 5N4NBRJU36J2E7LY26MARKKD2ZREC2L6 X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1731519729030116600 Content-Type: text/plain; charset="utf-8" To avoid passing TPM emulator parameters around individually, move them into a structure and pass around the structure. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Stefan Berger Reviewed-by: Michal Privoznik --- v3: - Made virDomainTPMEmulatorDef first parameter to functions - Applied Marc-Andr=C3=A9's R-b --- src/conf/domain_conf.h | 26 +++++++++-------- src/conf/virconftypes.h | 2 ++ src/qemu/qemu_tpm.c | 64 ++++++++++++++--------------------------- 3 files changed, 37 insertions(+), 55 deletions(-) diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 45c52107e8..08c6526711 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1473,6 +1473,19 @@ typedef enum { =20 #define VIR_DOMAIN_TPM_DEFAULT_DEVICE "/dev/tpm0" =20 +struct _virDomainTPMEmulatorDef { + virDomainTPMVersion version; + virDomainChrSourceDef *source; + virDomainTPMSourceType source_type; + char *source_path; + char *logfile; + unsigned int debug; + unsigned char secretuuid[VIR_UUID_BUFLEN]; + bool hassecretuuid; + bool persistent_state; + virBitmap *activePcrBanks; +}; + struct _virDomainTPMDef { virObject *privateData; =20 @@ -1483,18 +1496,7 @@ struct _virDomainTPMDef { struct { virDomainChrSourceDef *source; } passthrough; - struct { - virDomainTPMVersion version; - virDomainChrSourceDef *source; - virDomainTPMSourceType source_type; - char *source_path; - char *logfile; - unsigned int debug; - unsigned char secretuuid[VIR_UUID_BUFLEN]; - bool hassecretuuid; - bool persistent_state; - virBitmap *activePcrBanks; - } emulator; + virDomainTPMEmulatorDef emulator; struct { virDomainChrSourceDef *source; } external; diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index f18ebcca10..59be61cea4 100644 --- a/src/conf/virconftypes.h +++ b/src/conf/virconftypes.h @@ -234,6 +234,8 @@ typedef struct _virDomainAudioDef virDomainAudioDef; =20 typedef struct _virDomainTPMDef virDomainTPMDef; =20 +typedef struct _virDomainTPMEmulatorDef virDomainTPMEmulatorDef; + typedef struct _virDomainThreadSchedParam virDomainThreadSchedParam; =20 typedef struct _virDomainTimerCatchupDef virDomainTimerCatchupDef; diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index edd10ca2f6..6d7625f6f4 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -368,33 +368,26 @@ qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSource= Type source_type, /* * qemuTPMEmulatorRunSetup * - * @source_type: type of storage - * @source_path: path to the directory for TPM state + * @emulator: emulator parameters * @vmname: the name of the VM * @vmuuid: the UUID of the VM * @privileged: whether we are running in privileged mode * @swtpm_user: The userid to switch to when setting up the TPM; * typically this should be the uid of 'tss' or 'root' * @swtpm_group: The group id to switch to - * @logfile: The file to write the log into; it must be writable - * for the user given by userid or 'tss' - * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2 - * @encryption: pointer to virStorageEncryption holding secret + * @secretuuid: UUID describing virStorageEncryption holding secret * @incomingMigration: whether we have an incoming migration * * Setup the external swtpm by creating endorsement key and * certificates for it. */ static int -qemuTPMEmulatorRunSetup(const virDomainTPMSourceType source_type, - const char *source_path, +qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *emulator, const char *vmname, const unsigned char *vmuuid, bool privileged, uid_t swtpm_user, gid_t swtpm_group, - const char *logfile, - const virDomainTPMVersion tpmversion, const unsigned char *secretuuid, bool incomingMigration) { @@ -403,14 +396,15 @@ qemuTPMEmulatorRunSetup(const virDomainTPMSourceType = source_type, char uuid[VIR_UUID_STRING_BUFLEN]; g_autofree char *vmid =3D NULL; g_autofree char *swtpm_setup =3D virTPMGetSwtpmSetup(); - g_autofree char *tpm_state =3D qemuTPMGetSwtpmSetupStateArg(source_typ= e, source_path); + g_autofree char *tpm_state =3D qemuTPMGetSwtpmSetupStateArg(emulator->= source_type, + emulator->so= urce_path); =20 if (!swtpm_setup) return -1; =20 - if (!privileged && tpmversion =3D=3D VIR_DOMAIN_TPM_VERSION_1_2 && + if (!privileged && emulator->version =3D=3D VIR_DOMAIN_TPM_VERSION_1_2= && !virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEE= D_ROOT)) { - return virFileWriteStr(logfile, + return virFileWriteStr(emulator->logfile, _("Did not create EK and certificates since= this requires privileged mode for a TPM 1.2\n"), 0600); } =20 @@ -425,7 +419,7 @@ qemuTPMEmulatorRunSetup(const virDomainTPMSourceType so= urce_type, virCommandSetUID(cmd, swtpm_user); virCommandSetGID(cmd, swtpm_group); =20 - switch (tpmversion) { + switch (emulator->version) { case VIR_DOMAIN_TPM_VERSION_1_2: break; case VIR_DOMAIN_TPM_VERSION_2_0: @@ -443,7 +437,7 @@ qemuTPMEmulatorRunSetup(const virDomainTPMSourceType so= urce_type, virCommandAddArgList(cmd, "--tpm-state", tpm_state, "--vmid", vmid, - "--logfile", logfile, + "--logfile", emulator->logfile, "--createek", "--create-ek-cert", "--create-platform-cert", @@ -453,7 +447,7 @@ qemuTPMEmulatorRunSetup(const virDomainTPMSourceType so= urce_type, } else { virCommandAddArgList(cmd, "--tpm-state", tpm_state, - "--logfile", logfile, + "--logfile", emulator->logfile, "--overwrite", NULL); } @@ -463,7 +457,7 @@ qemuTPMEmulatorRunSetup(const virDomainTPMSourceType so= urce_type, if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus !=3D 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Could not run '%1$s'. exitstatus: %2$d; Check er= ror log '%3$s' for details."), - swtpm_setup, exitstatus, logfile); + swtpm_setup, exitstatus, emulator->logfile); return -1; } =20 @@ -492,41 +486,32 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks) /* * qemuTPMEmulatorReconfigure * - * - * @source_type: type of storage - * @source_path: path to the directory for TPM state + * @emulator: emulator parameters * @swtpm_user: The userid to switch to when setting up the TPM; * typically this should be the uid of 'tss' or 'root' * @swtpm_group: The group id to switch to - * @activePcrBanks: The string describing the active PCR banks - * @logfile: The file to write the log into; it must be writable - * for the user given by userid or 'tss' - * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2 * @secretuuid: The secret's UUID needed for state encryption * * Reconfigure the active PCR banks of a TPM 2. */ static int -qemuTPMEmulatorReconfigure(const virDomainTPMSourceType source_type, - const char *source_path, +qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDef *emulator, uid_t swtpm_user, gid_t swtpm_group, - virBitmap *activePcrBanks, - const char *logfile, - const virDomainTPMVersion tpmversion, const unsigned char *secretuuid) { g_autoptr(virCommand) cmd =3D NULL; int exitstatus; g_autofree char *activePcrBanksStr =3D NULL; g_autofree char *swtpm_setup =3D virTPMGetSwtpmSetup(); - g_autofree char *tpm_state =3D qemuTPMGetSwtpmSetupStateArg(source_typ= e, source_path); + g_autofree char *tpm_state =3D qemuTPMGetSwtpmSetupStateArg(emulator->= source_type, + emulator->so= urce_path); =20 if (!swtpm_setup) return -1; =20 - if (tpmversion !=3D VIR_DOMAIN_TPM_VERSION_2_0 || - (activePcrBanksStr =3D qemuTPMPcrBankBitmapToStr(activePcrBanks)) = =3D=3D NULL || + if (emulator->version !=3D VIR_DOMAIN_TPM_VERSION_2_0 || + (activePcrBanksStr =3D qemuTPMPcrBankBitmapToStr(emulator->activeP= crBanks)) =3D=3D NULL || !virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONF= IGURE_PCR_BANKS)) return 0; =20 @@ -542,7 +527,7 @@ qemuTPMEmulatorReconfigure(const virDomainTPMSourceType= source_type, =20 virCommandAddArgList(cmd, "--tpm-state", tpm_state, - "--logfile", logfile, + "--logfile", emulator->logfile, "--pcr-banks", activePcrBanksStr, "--reconfigure", NULL); @@ -552,7 +537,7 @@ qemuTPMEmulatorReconfigure(const virDomainTPMSourceType= source_type, if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus !=3D 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Could not run '%1$s --reconfigure'. exitstatus: = %2$d; Check error log '%3$s' for details."), - swtpm_setup, exitstatus, logfile); + swtpm_setup, exitstatus, emulator->logfile); return -1; } =20 @@ -628,21 +613,14 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, secretuuid =3D tpm->data.emulator.secretuuid; =20 if (run_setup && - qemuTPMEmulatorRunSetup(tpm->data.emulator.source_type, - tpm->data.emulator.source_path, vmname, vm= uuid, + qemuTPMEmulatorRunSetup(&tpm->data.emulator, vmname, vmuuid, privileged, swtpm_user, swtpm_group, - tpm->data.emulator.logfile, - tpm->data.emulator.version, secretuuid, incomingMigration) < 0) goto error; =20 if (!incomingMigration && - qemuTPMEmulatorReconfigure(tpm->data.emulator.source_type, - tpm->data.emulator.source_path, + qemuTPMEmulatorReconfigure(&tpm->data.emulator, swtpm_user, swtpm_group, - tpm->data.emulator.activePcrBanks, - tpm->data.emulator.logfile, - tpm->data.emulator.version, secretuuid) < 0) goto error; =20 --=20 2.47.0 From nobody Sat Nov 23 08:09:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1731519666527890.8292530382784; Wed, 13 Nov 2024 09:41:06 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 7D17A19BD; Wed, 13 Nov 2024 12:41:05 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 425121878; Wed, 13 Nov 2024 12:40:08 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id B3DA61705; Wed, 13 Nov 2024 12:40:03 -0500 (EST) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 228A01725 for ; Wed, 13 Nov 2024 12:40:03 -0500 (EST) Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADFeEvP022317; Wed, 13 Nov 2024 17:40:02 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42vxxxgj57-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:02 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADHMfrF002784; Wed, 13 Nov 2024 17:40:01 GMT Received: from smtprelay04.dal12v.mail.ibm.com ([172.16.1.6]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 42tms16gh5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:01 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay04.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 4ADHe1xB55050670 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Nov 2024 17:40:01 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 705485805E; Wed, 13 Nov 2024 17:40:01 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 24A2B58043; Wed, 13 Nov 2024 17:40:01 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 13 Nov 2024 17:40:01 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pp1; bh=L+D7OS Zr7cm/y3EM8ydZlEFnXOY/hRli/AXkT5Nns5Q=; b=GTv+J2JEgSBXdksdHqk6tn RB3Sm+KvG0UsPCkKX0O55ogzIDlYBYUXS7YT4lFq5hCQ70rdqLUfZ71yVzWIIIeD X6TcvWkQ+dCJo7h7T3NTXv6JhVxJVFalD/umALISVEjn5eLlamOpPCathbUhKZ4f P2Yk5yYmSy9289xtJoZ2dtYpP9GFS117WRGSw05v+5TQXz35lQDlnin1t/8+POwn oDeExjOSTShMhhULBWzpf09UDVZbCGRF+gJQqyUmGIiX+ZkQXDHlmwDI9zZfHYoH cNvpOfGNcoOHtoljZKefZEpCYUtVfaLPBj+6N+QUfg45ZNsSf3yiBXkrnkQqN59Q == From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v4 02/11] qemu: Pass virQEMUDriverConfig rather than some of its fields Date: Wed, 13 Nov 2024 12:39:42 -0500 Message-ID: <20241113173951.813781-3-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241113173951.813781-1-stefanb@linux.ibm.com> References: <20241113173951.813781-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: _wO_ygZMkaxPYCKubhK12lTXmSaT3_D4 X-Proofpoint-GUID: _wO_ygZMkaxPYCKubhK12lTXmSaT3_D4 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 mlxlogscore=999 spamscore=0 priorityscore=1501 clxscore=1015 malwarescore=0 lowpriorityscore=0 bulkscore=0 mlxscore=0 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2411130146 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: YROVZPB6XJ5DM33OXQJRBMEGF3JZBVXR X-Message-ID-Hash: YROVZPB6XJ5DM33OXQJRBMEGF3JZBVXR X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1731519668733116600 Content-Type: text/plain; charset="utf-8" Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Stefan Berger Reviewed-by: Michal Privoznik --- v3: - Adjustments due to rebase - Applied Marc-Andr=C3=A9's R-b --- src/qemu/qemu_tpm.c | 52 +++++++++++++++++---------------------------- 1 file changed, 20 insertions(+), 32 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 6d7625f6f4..757bb16d7b 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -372,9 +372,7 @@ qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSourceTy= pe source_type, * @vmname: the name of the VM * @vmuuid: the UUID of the VM * @privileged: whether we are running in privileged mode - * @swtpm_user: The userid to switch to when setting up the TPM; - * typically this should be the uid of 'tss' or 'root' - * @swtpm_group: The group id to switch to + * @cfg: virQEMUDriverConfig * @secretuuid: UUID describing virStorageEncryption holding secret * @incomingMigration: whether we have an incoming migration * @@ -386,8 +384,7 @@ qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *= emulator, const char *vmname, const unsigned char *vmuuid, bool privileged, - uid_t swtpm_user, - gid_t swtpm_group, + const virQEMUDriverConfig *cfg, const unsigned char *secretuuid, bool incomingMigration) { @@ -416,8 +413,8 @@ qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *= emulator, virUUIDFormat(vmuuid, uuid); vmid =3D g_strdup_printf("%s:%s", vmname, uuid); =20 - virCommandSetUID(cmd, swtpm_user); - virCommandSetGID(cmd, swtpm_group); + virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or '= root' */ + virCommandSetGID(cmd, cfg->swtpm_group); =20 switch (emulator->version) { case VIR_DOMAIN_TPM_VERSION_1_2: @@ -487,17 +484,14 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks) * qemuTPMEmulatorReconfigure * * @emulator: emulator parameters - * @swtpm_user: The userid to switch to when setting up the TPM; - * typically this should be the uid of 'tss' or 'root' - * @swtpm_group: The group id to switch to + * @cfg: virQEMUDriverConfig * @secretuuid: The secret's UUID needed for state encryption * * Reconfigure the active PCR banks of a TPM 2. */ static int qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDef *emulator, - uid_t swtpm_user, - gid_t swtpm_group, + const virQEMUDriverConfig *cfg, const unsigned char *secretuuid) { g_autoptr(virCommand) cmd =3D NULL; @@ -517,8 +511,8 @@ qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDe= f *emulator, =20 cmd =3D virCommandNew(swtpm_setup); =20 - virCommandSetUID(cmd, swtpm_user); - virCommandSetGID(cmd, swtpm_group); + virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or '= root' */ + virCommandSetGID(cmd, cfg->swtpm_group); =20 virCommandAddArgList(cmd, "--tpm2", NULL); =20 @@ -552,9 +546,7 @@ qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDe= f *emulator, * @vmname: The name of the VM * @vmuuid: The UUID of the VM * @privileged: whether we are running in privileged mode - * @swtpm_user: The uid for the swtpm to run as (drop privileges to from r= oot) - * @swtpm_group: The gid for the swtpm to run as - * @sharedFilesystems: list of filesystem to consider shared + * @cfg: virQEMUDriverConfig * @incomingMigration: whether we have an incoming migration * * Create the virCommand use for starting the emulator @@ -566,9 +558,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, const char *vmname, const unsigned char *vmuuid, bool privileged, - uid_t swtpm_user, - gid_t swtpm_group, - char *const *sharedFilesystems, + const virQEMUDriverConfig *cfg, bool incomingMigration) { g_autoptr(virCommand) cmd =3D NULL; @@ -599,12 +589,14 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, /* Do not create storage and run swtpm_setup on incoming migration over * shared storage */ - on_shared_storage =3D virFileIsSharedFS(tpm->data.emulator.source_path= , sharedFilesystems) =3D=3D 1; + on_shared_storage =3D virFileIsSharedFS(tpm->data.emulator.source_path, + cfg->sharedFilesystems) =3D=3D 1; if (incomingMigration && on_shared_storage) create_storage =3D false; =20 if (create_storage) { - if (qemuTPMEmulatorCreateStorage(tpm, &created, swtpm_user, swtpm_= group) < 0) + if (qemuTPMEmulatorCreateStorage(tpm, &created, + cfg->swtpm_user, cfg->swtpm_group= ) < 0) return NULL; run_setup =3D created; } @@ -614,14 +606,12 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, =20 if (run_setup && qemuTPMEmulatorRunSetup(&tpm->data.emulator, vmname, vmuuid, - privileged, swtpm_user, swtpm_group, - secretuuid, incomingMigration) < 0) + privileged, cfg, secretuuid, + incomingMigration) < 0) goto error; =20 if (!incomingMigration && - qemuTPMEmulatorReconfigure(&tpm->data.emulator, - swtpm_user, swtpm_group, - secretuuid) < 0) + qemuTPMEmulatorReconfigure(&tpm->data.emulator, cfg, secretuuid) <= 0) goto error; =20 unlink(tpm->data.emulator.source->data.nix.path); @@ -657,8 +647,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, =20 virCommandAddArg(cmd, "--terminate"); =20 - virCommandSetUID(cmd, swtpm_user); - virCommandSetGID(cmd, swtpm_group); + virCommandSetUID(cmd, cfg->swtpm_user); + virCommandSetGID(cmd, cfg->swtpm_group); =20 switch (tpm->data.emulator.version) { case VIR_DOMAIN_TPM_VERSION_1_2: @@ -979,9 +969,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, =20 if (!(cmd =3D qemuTPMEmulatorBuildCommand(tpm, vm->def->name, vm->def-= >uuid, driver->privileged, - cfg->swtpm_user, - cfg->swtpm_group, - cfg->sharedFilesystems, + cfg, incomingMigration))) return -1; =20 --=20 2.47.0 From nobody Sat Nov 23 08:09:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1731519693283186.12490888639263; Wed, 13 Nov 2024 09:41:33 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 3DEDF17ED; Wed, 13 Nov 2024 12:41:32 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id CD34619A3; Wed, 13 Nov 2024 12:40:10 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id 218F7172B; Wed, 13 Nov 2024 12:40:04 -0500 (EST) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id B48191725 for ; Wed, 13 Nov 2024 12:40:03 -0500 (EST) Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADFe2E4022266; Wed, 13 Nov 2024 17:40:03 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42vxxxgj5c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:03 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADDtav4017511; Wed, 13 Nov 2024 17:40:02 GMT Received: from smtprelay04.dal12v.mail.ibm.com ([172.16.1.6]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 42tk2mxnnm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:02 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay04.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 4ADHe1JF46006666 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Nov 2024 17:40:02 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D2F1458061; Wed, 13 Nov 2024 17:40:01 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8742A58043; Wed, 13 Nov 2024 17:40:01 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 13 Nov 2024 17:40:01 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pp1; bh=bXJoCc Me1qTnxNhDi4mDjEKC/B0Pb/qLWMG7mSQO7Dg=; b=evrDx4B8ru5nSiHPw/Cery niVqTOp3dhtNlBK5LopooRIzM7A5cVXBrAKdJoQvPtUwq55qa6V+cdcLPuZYetwD Y4m+3+aMYQVAJSoXaiZnQwWucmcT/TAsykP78R3UGPUh/l21zg4IDpRa57OFIy8J vp7fmFg7lrge4vAOmsnfbSkvkZlAnNzxQx3uDV4SfA9Bc55pPZL3hofFbBdxUVlr iuDvWbvPTPpHeTb2glglrb+rs3A1wuFcmLrSKm2em04oYuyz29RZZKa97ypITk5s HFPrSgdVPO6w3corZQdY0QhBtz6bM/T0zjqELEnFDOLILHrIEXk3OCV0Le4aDl2Q == From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v4 03/11] util: Add parsing support for swtpm_setup's cmdarg-profile capability Date: Wed, 13 Nov 2024 12:39:43 -0500 Message-ID: <20241113173951.813781-4-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241113173951.813781-1-stefanb@linux.ibm.com> References: <20241113173951.813781-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: d_zQMnXLJ-rXT83Rhk5W_8NPeXOInY6I X-Proofpoint-GUID: d_zQMnXLJ-rXT83Rhk5W_8NPeXOInY6I X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 mlxlogscore=999 spamscore=0 priorityscore=1501 clxscore=1015 malwarescore=0 lowpriorityscore=0 bulkscore=0 mlxscore=0 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2411130146 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: CRV2GOXMZJN5HQUFSR6FV23B7OUGLVW3 X-Message-ID-Hash: CRV2GOXMZJN5HQUFSR6FV23B7OUGLVW3 X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1731519694706116600 Content-Type: text/plain; charset="utf-8" Add support for parsing swtpm_setup 'cmdarg-profile' capability (since v0.10). Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Stefan Berger Reviewed-by: Michal Privoznik --- src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + tests/testutilsqemu.c | 1 + 3 files changed, 3 insertions(+) diff --git a/src/util/virtpm.c b/src/util/virtpm.c index 8dcd3f90d9..1c736b0229 100644 --- a/src/util/virtpm.c +++ b/src/util/virtpm.c @@ -53,6 +53,7 @@ VIR_ENUM_IMPL(virTPMSwtpmSetupFeature, "tpm-1.2", "tpm-2.0", "tpmstate-opt-lock", + "cmdarg-profile", ); =20 /** diff --git a/src/util/virtpm.h b/src/util/virtpm.h index 279cb7e976..9ca09c2d80 100644 --- a/src/util/virtpm.h +++ b/src/util/virtpm.h @@ -45,6 +45,7 @@ typedef enum { VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2, VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0, VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK, + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE, =20 VIR_TPM_SWTPM_SETUP_FEATURE_LAST } virTPMSwtpmSetupFeature; diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c index f40bfa873c..5caccbc6b4 100644 --- a/tests/testutilsqemu.c +++ b/tests/testutilsqemu.c @@ -72,6 +72,7 @@ virTPMSwtpmSetupCapsGet(virTPMSwtpmSetupFeature cap) case VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT: case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS: case VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK: + case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE: case VIR_TPM_SWTPM_SETUP_FEATURE_LAST: break; } --=20 2.47.0 From nobody Sat Nov 23 08:09:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1731519745222458.52686832554195; Wed, 13 Nov 2024 09:42:25 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 29123174F; Wed, 13 Nov 2024 12:42:24 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 93F4919B6; Wed, 13 Nov 2024 12:40:14 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id C68AB1724; Wed, 13 Nov 2024 12:40:04 -0500 (EST) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 263FF1705 for ; Wed, 13 Nov 2024 12:40:04 -0500 (EST) Received: from pps.filterd (m0356516.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADFe2ZV022273; Wed, 13 Nov 2024 17:40:03 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42vxxxgj5d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:03 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADH3hPN008404; Wed, 13 Nov 2024 17:40:03 GMT Received: from smtprelay05.dal12v.mail.ibm.com ([172.16.1.7]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 42tjeyy2yt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:03 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay05.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 4ADHe2H754657506 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Nov 2024 17:40:02 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4372058063; Wed, 13 Nov 2024 17:40:02 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E9EFB58043; Wed, 13 Nov 2024 17:40:01 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 13 Nov 2024 17:40:01 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pp1; bh=ejIPmR E42XTMH91+vO0LiPDcs946k3eYhHzNk/PZCMY=; b=Os7lHgUvb4tztvbpAgSVu2 NzBnpkAE6HLCckcStop3Y2vLmCTQPVofLAt5wNcMlHqnHv3aVo46Paakh16GNjjR TERZa3N5X2dVjP3d5KKskvWzbDPr9Qfg3nkVYepEn+r40MinRHUQbjz2I6hSUJO3 Co/bshN/fsudCkWcNW7mBslxfkq+0spg1efYTmSxtcTUfzww9/SZ2sQSElW0fhmo VCEuOIOv7dimmDf6Z3YgdL5btZjlaS/rzn93dmrgtRn45I4D38s/R7OOyAX2THwq IUsM4K2zh1uxpA+s+R5J9No51QtYWzqo5TkDmU1zypb6QLIgShuVz9Xg4Q1IJing == From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v4 04/11] conf: Define enum virDomainTPMProfileRemoveDisabled Date: Wed, 13 Nov 2024 12:39:44 -0500 Message-ID: <20241113173951.813781-5-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241113173951.813781-1-stefanb@linux.ibm.com> References: <20241113173951.813781-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: g-6aoBT0-p5EfXDo84lCNm69JQKHG1eC X-Proofpoint-GUID: g-6aoBT0-p5EfXDo84lCNm69JQKHG1eC X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 mlxlogscore=983 spamscore=0 priorityscore=1501 clxscore=1015 malwarescore=0 lowpriorityscore=0 bulkscore=0 mlxscore=0 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2411130146 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 2L7SY4ANVLQM2URJCZ3IKH2IBGTLEZBE X-Message-ID-Hash: 2L7SY4ANVLQM2URJCZ3IKH2IBGTLEZBE X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1731519747161116600 Content-Type: text/plain; charset="utf-8" Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Stefan Berger Reviewed-by: Michal Privoznik --- src/conf/domain_conf.c | 7 +++++++ src/conf/domain_conf.h | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 3a32e50890..a5627ada88 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1337,6 +1337,13 @@ VIR_ENUM_IMPL(virDomainTPMPcrBank, "sha512", ); =20 +VIR_ENUM_IMPL(virDomainTPMProfileRemoveDisabled, + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_LAST, + "none", + "check", + "fips-host", +); + VIR_ENUM_IMPL(virDomainIOMMUModel, VIR_DOMAIN_IOMMU_MODEL_LAST, "intel", diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 08c6526711..e1103c3655 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1471,6 +1471,14 @@ typedef enum { VIR_DOMAIN_TPM_SOURCE_TYPE_LAST } virDomainTPMSourceType; =20 +typedef enum { + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_NONE =3D 0, + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_CHECK, + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_FIPS_HOST, + + VIR_DOMAIN_TPM_PROFILE_REMOVE_DISABLED_LAST +} virDomainTPMProfileRemoveDisabled; + #define VIR_DOMAIN_TPM_DEFAULT_DEVICE "/dev/tpm0" =20 struct _virDomainTPMEmulatorDef { @@ -4290,6 +4298,7 @@ VIR_ENUM_DECL(virDomainTPMBackend); VIR_ENUM_DECL(virDomainTPMVersion); VIR_ENUM_DECL(virDomainTPMSourceType); VIR_ENUM_DECL(virDomainTPMPcrBank); +VIR_ENUM_DECL(virDomainTPMProfileRemoveDisabled); VIR_ENUM_DECL(virDomainMemoryModel); VIR_ENUM_DECL(virDomainMemoryBackingModel); VIR_ENUM_DECL(virDomainMemorySource); --=20 2.47.0 From nobody Sat Nov 23 08:09:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1731519770042156.6400041054145; Wed, 13 Nov 2024 09:42:50 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 0726569; Wed, 13 Nov 2024 12:42:49 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 8373E19C5; Wed, 13 Nov 2024 12:40:17 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id B2B501730; Wed, 13 Nov 2024 12:40:06 -0500 (EST) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id C41F21562 for ; Wed, 13 Nov 2024 12:40:05 -0500 (EST) Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADEA6tY022288; Wed, 13 Nov 2024 17:40:04 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42vwmqh0e5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:04 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADGPCvs029688; Wed, 13 Nov 2024 17:40:03 GMT Received: from smtprelay05.dal12v.mail.ibm.com ([172.16.1.7]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 42tkjm6jcp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:03 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay05.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 4ADHe2sf36635062 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Nov 2024 17:40:02 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A4F5D58043; Wed, 13 Nov 2024 17:40:02 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 58FC958060; Wed, 13 Nov 2024 17:40:02 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 13 Nov 2024 17:40:02 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=5Ag3TNvo0IkehNXoO BNXl9borTMNu36HcC96z8ernPg=; b=OYqgHkkc0hL2eq+YrN3nRm0oD48TyZEW+ FC0M61dTVpbECTIyOnl2NOwBeoqgB3WVciBpP5chaaMiNSGoN4xfri+11KRjLTWt Y9Es6wcsiGa+7z2T03AO8FDT966seZc/vRHNfAHNnCZDESsyDpURu9rfgCMTHrNK NyuSWlBkqp9/P6FwosrQouUj6YFv5zZI+uU0YhENCLF8w1nriYnLUijzcFlIqpkW 6dVYTJ2XinrrJxNyBUKKpXzxs+HEcwmg+IG4Z5/Mvsblpe8WNydHPKnjxr26T0SK syXh5I6Sxz1MydZDMxod4aHPdNtaWeC+3MitrFu5DPy/JYhGpMmjg== From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v4 05/11] schema: Extend schema for TPM emulator profile node Date: Wed, 13 Nov 2024 12:39:45 -0500 Message-ID: <20241113173951.813781-6-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241113173951.813781-1-stefanb@linux.ibm.com> References: <20241113173951.813781-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: f4aWICiibz-JL_88Vw8vfH5QkTB72R0j X-Proofpoint-GUID: f4aWICiibz-JL_88Vw8vfH5QkTB72R0j X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 suspectscore=0 spamscore=0 mlxlogscore=999 bulkscore=0 malwarescore=0 mlxscore=0 clxscore=1015 impostorscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2411130146 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: YIAJ4VYRYJPWUES4V4XHVM4UEU5JVTIN X-Message-ID-Hash: YIAJ4VYRYJPWUES4V4XHVM4UEU5JVTIN X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1731519771045116600 Content-Type: text/plain; charset="utf-8" Extend the schema for the TPM emulator profile node. Require that the profile the user provides is described in a 'source' attribute. An optional remove_disabled attribute is also supported for swtpm to automatically remove algorithms from the 'custom' profile if they are disabled by FIPS mode on the host. Signed-off-by: Stefan Berger Reviewed-by: Michal Privoznik --- src/conf/schemas/domaincommon.rng | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom= mon.rng index 8360eeae3f..d94ff9b4c3 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -5924,6 +5924,7 @@ + @@ -6046,6 +6047,30 @@ =20 + + + [A-Za-z0-9.\-:]+ + + + + + + + + + + + + + check + fips-host + + + + + + + --=20 2.47.0 From nobody Sat Nov 23 08:09:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1731519832583745.5685157315984; Wed, 13 Nov 2024 09:43:52 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 7A1D317ED; Wed, 13 Nov 2024 12:43:51 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id B102A19B3; Wed, 13 Nov 2024 12:40:23 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id 9D53E19B9; Wed, 13 Nov 2024 12:40:14 -0500 (EST) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 23D671748 for ; Wed, 13 Nov 2024 12:40:07 -0500 (EST) Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADEA45G022275; Wed, 13 Nov 2024 17:40:06 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42vwmqh0e9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:04 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADGPCvt029688; Wed, 13 Nov 2024 17:40:03 GMT Received: from smtprelay06.dal12v.mail.ibm.com ([172.16.1.8]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 42tkjm6jcu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:03 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay06.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 4ADHe35644106236 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Nov 2024 17:40:03 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 12C8D58055; Wed, 13 Nov 2024 17:40:03 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BB87C5805D; Wed, 13 Nov 2024 17:40:02 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 13 Nov 2024 17:40:02 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=c8+ucjwL69adE2cCr rWsjsVOUMVJDw0kgQicj07VT5w=; b=jifqjPPxJCQqGZ4RW7m6q73g6kys5LD9/ MGv4mIi0wqgP65BVm9IiwO3YidxwJqJoTRwC3QgDzWslwHu3kNDMa/1t6ZG6GozS mLRBrM3eBm6A2214cIvBh1oDAIdpmQfxdCS2WL7QfVFcY4v7/nd32iQDdx/lenHZ B7y2udRYy3AK+KlIUvjexvi08o5Np/AvadOnlxHowsLY26R5bqPcFEG6iDUHAZiO pT65YIZQj7mxrSNhu/bz7a2/oqpSpF9c99D1N49Z4jZs+JlCsrV+d+dmz1U+Jml2 f5dHF345zEt2nmDssxRWasv9OHtu8VJE2fag/3CRLZuRsSWSvOStg== From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v4 06/11] conf: Add support for profile parameter on TPM emulator in domain XML Date: Wed, 13 Nov 2024 12:39:46 -0500 Message-ID: <20241113173951.813781-7-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241113173951.813781-1-stefanb@linux.ibm.com> References: <20241113173951.813781-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: FoYmJl-3Bnf6HH1vJWQ5pLpCfyzkqfGq X-Proofpoint-GUID: FoYmJl-3Bnf6HH1vJWQ5pLpCfyzkqfGq X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 suspectscore=0 spamscore=0 mlxlogscore=999 bulkscore=0 malwarescore=0 mlxscore=0 clxscore=1015 impostorscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2411130146 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: OUSJJB2CLVM534H2QXXICAUK5XUXISRY X-Message-ID-Hash: OUSJJB2CLVM534H2QXXICAUK5XUXISRY X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1731519833454116600 Content-Type: text/plain; charset="utf-8" Extend the parser and XML builder with support for the profile parameter and its remove_disabled attribute. Signed-off-by: Stefan Berger Reviewed-by: Michal Privoznik --- src/conf/domain_conf.c | 36 ++++++++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 2 ++ src/conf/domain_validate.c | 7 +++++++ 3 files changed, 45 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index a5627ada88..7d91e3e958 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3478,6 +3478,7 @@ void virDomainTPMDefFree(virDomainTPMDef *def) g_free(def->data.emulator.source_path); g_free(def->data.emulator.logfile); virBitmapFree(def->data.emulator.activePcrBanks); + g_free(def->data.emulator.profile_source); break; case VIR_DOMAIN_TPM_TYPE_EXTERNAL: virObjectUnref(def->data.external.source); @@ -10786,6 +10787,15 @@ virDomainSmartcardDefParseXML(virDomainXMLOption *= xmlopt, * * * + * + * A profile for a TPM 2.0 can be added like this: + * + * + * + * + * + * + * */ static virDomainTPMDef * virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, @@ -10805,6 +10815,8 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, g_autofree xmlNodePtr *backends =3D NULL; g_autofree xmlNodePtr *nodes =3D NULL; g_autofree char *type =3D NULL; + virDomainTPMProfileRemoveDisabled profile_remove_disabled; + xmlNodePtr profile; int bank; =20 if (!(def =3D virDomainTPMDefNew(xmlopt))) @@ -10911,6 +10923,22 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, } virBitmapSetBitExpand(def->data.emulator.activePcrBanks, bank); } + + if ((profile =3D virXPathNode("./backend/profile[1]", ctxt))) { + def->data.emulator.profile_source =3D virXMLPropString(profile= , "source"); + if (!def->data.emulator.profile_source) { + virReportError(VIR_ERR_XML_ERROR, "%s", _("missing profile= source")); + goto error; + } + if (virXMLPropEnum(profile, "remove_disabled", + virDomainTPMProfileRemoveDisabledTypeFromSt= ring, + VIR_XML_PROP_NONZERO, + &profile_remove_disabled) < 0) + goto error; + if (profile_remove_disabled !=3D VIR_DOMAIN_TPM_PROFILE_REMOVE= _DISABLED_NONE) + def->data.emulator.profile_remove_disabled =3D + virDomainTPMProfileRemoveDisabledTypeToString(profile_= remove_disabled); + } break; case VIR_DOMAIN_TPM_TYPE_EXTERNAL: if (!(type =3D virXPathString("string(./backend/source/@type)", ct= xt))) { @@ -25106,6 +25134,14 @@ virDomainTPMDefFormat(virBuffer *buf, virDomainTPMSourceTypeTypeToString(def->data= .emulator.source_type)); virBufferEscapeString(&backendChildBuf, " path=3D'%s'/>\n", de= f->data.emulator.source_path); } + if (def->data.emulator.profile_source) { + virBufferAsprintf(&backendChildBuf, "data.emulator.profile_source); + if (def->data.emulator.profile_remove_disabled) + virBufferAsprintf(&backendChildBuf, " remove_disabled=3D'%s= '", + def->data.emulator.profile_remove_disable= d); + virBufferAddLit(&backendChildBuf, "/>\n"); + } break; case VIR_DOMAIN_TPM_TYPE_EXTERNAL: if (def->data.external.source->type =3D=3D VIR_DOMAIN_CHR_TYPE_UNI= X) { diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index e1103c3655..bd2740af26 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1492,6 +1492,8 @@ struct _virDomainTPMEmulatorDef { bool hassecretuuid; bool persistent_state; virBitmap *activePcrBanks; + char *profile_source; /* 'source' profile was created from */ + const char *profile_remove_disabled; }; =20 struct _virDomainTPMDef { diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index b8ae9ed79d..7573430b6b 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -3026,6 +3026,13 @@ virDomainTPMDevValidate(const virDomainTPMDef *tpm) virDomainTPMVersionTypeToString(VIR_DOMAIN_TPM_= VERSION_2_0)); return -1; } + if (tpm->data.emulator.profile_source && + tpm->data.emulator.version !=3D VIR_DOMAIN_TPM_VERSION_2_0) { + virReportError(VIR_ERR_XML_ERROR, + _(" requires TPM version '%1$s'"), + virDomainTPMVersionTypeToString(VIR_DOMAIN_TPM_= VERSION_2_0)); + return -1; + } break; =20 case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: --=20 2.47.0 From nobody Sat Nov 23 08:09:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1731519790733559.2653966873507; Wed, 13 Nov 2024 09:43:10 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 943F0174F; Wed, 13 Nov 2024 12:43:09 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 702F519CB; Wed, 13 Nov 2024 12:40:20 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id B9AC31727; Wed, 13 Nov 2024 12:40:06 -0500 (EST) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 7A0E71705 for ; Wed, 13 Nov 2024 12:40:05 -0500 (EST) Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADGAGFY004185; Wed, 13 Nov 2024 17:40:05 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42vyd38dv9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:04 +0000 (GMT) Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADER59h018059; Wed, 13 Nov 2024 17:40:04 GMT Received: from smtprelay06.dal12v.mail.ibm.com ([172.16.1.8]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 42tk2mxnnr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:04 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay06.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 4ADHe3wo44106238 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Nov 2024 17:40:03 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7617058055; Wed, 13 Nov 2024 17:40:03 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2A07A58043; Wed, 13 Nov 2024 17:40:03 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 13 Nov 2024 17:40:03 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=A0czWaj8oLfmYsT/k IGNmSPBADSEmJRjg4nDsJ4TS5I=; b=XxkDYbrOZ03gvHJOHeaKbiNZg4l/a7HsO B6y/5QIeSC108SKw/+64evDLM+KlwZC6hwyFIzfLVacF4T/m7kVVWdyzg6RWqnDU Y8M15EZKuaO7TY2GX04/sTLppw0Yarr5z5tUmmoLF3U0ncxcUYwoMfG9FJugLlak v8BDK4RnDL9Qgx5ejKFjHToadq2zDyolWK5A3L22IokY1ZG5s0HCtCJsEGO3JR/V 6yxkYlTiwFUi5SRzdeh+CjQ63wxghV0f9dpVeGiD9ekGlRDmrnJRP0pgjt7hwoQv a/eAbTQqJjEi28+eKNGiLQ/0RPjVgx7vR8V4EAdMN6c804lw0wD6g== From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v4 07/11] docs: Add documentation for the TPM backend profile node Date: Wed, 13 Nov 2024 12:39:47 -0500 Message-ID: <20241113173951.813781-8-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241113173951.813781-1-stefanb@linux.ibm.com> References: <20241113173951.813781-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: CO-w2xg-myqqGeB1ekmOsrA6gshQa6L4 X-Proofpoint-ORIG-GUID: CO-w2xg-myqqGeB1ekmOsrA6gshQa6L4 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 mlxlogscore=902 phishscore=0 impostorscore=0 clxscore=1015 mlxscore=0 spamscore=0 suspectscore=0 priorityscore=1501 bulkscore=0 adultscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2411130146 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: UHYMSKIPPLNUQNEDSEGYKH4RINKA6AC5 X-Message-ID-Hash: UHYMSKIPPLNUQNEDSEGYKH4RINKA6AC5 X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1731519791161116600 Content-Type: text/plain; charset="utf-8" Add documentation for the TPM backend profile node and point the reader to further documentation about TPM profiles available in the swtpm man page. Signed-off-by: Stefan Berger Reviewed-by: Michal Privoznik --- docs/formatdomain.rst | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index c50744b57b..6539f620fa 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -8131,6 +8131,7 @@ Example: usage of the TPM Emulator + @@ -8225,6 +8226,35 @@ Example: usage of the TPM Emulator and may not have any effect otherwise. The selection of PCR banks only = works with the ``emulator`` backend. :since:`Since 7.10.0` =20 +``profile`` + The ``profile`` node is used to set a profile for a TPM 2.0 given in the + source attribute. This profile will be set when the TPM is initially + created and after that cannot be changed anymore. If no profile is prov= ided, + then swtpm will use the latest built-in 'default' profile or the default + profile set in swtpm_setup.conf. Otherwise swtpm_setup will search for a + profile with the given name with appended .json suffix in a configurable + local and then in a distro directory. If none could be found in either,= it + will fall back trying to use a built-in one. + + The built-in 'null' profile provides backwards compatibility with + libtpms v0.9 but also restricts the user to use only TPM features that = were + available at the time of libtpms v0.9. The built-in 'custom' profile is= the + only profile that a user can modify and where the ``remove_disabled`` + attribute has any effect. This attribute is particularly useful when a = host + is running in FIPS mode and therefore some crypto algorithms (camellia, + tdes, unpadded RSA encryption, 1024-bit RSA keys, and others) are + disabled. When it is set to ``check`` (recommended) then only those + algorithms that are currently disabled will automatically be removed fr= om + the 'custom' profile, while when it is set to ``fips-host`` then all + potentially disabled algorithms will be removed. :since:`Since 10.??.0` + + TPM profiles provided by a distro can be referenced with the 'distro:' + prefix. Locally created TPM profiles can be referenced with the + 'local:' prefix. + + For further information about TPM profiles see the man pages for ``swtp= m`` + (swtpm v0.10). + ``encryption`` The ``encryption`` element allows the state of a TPM emulator to be encrypted. The ``secret`` must reference a secret object that holds the --=20 2.47.0 From nobody Sat Nov 23 08:09:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 17315198107640.005406291667895857; Wed, 13 Nov 2024 09:43:30 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id A36111912; Wed, 13 Nov 2024 12:43:29 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 06F8D19CA; Wed, 13 Nov 2024 12:40:22 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id 32BA51775; Wed, 13 Nov 2024 12:40:07 -0500 (EST) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 786AA1725 for ; Wed, 13 Nov 2024 12:40:06 -0500 (EST) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADGe2xf022543; Wed, 13 Nov 2024 17:40:05 GMT Received: from ppma12.dal12v.mail.ibm.com (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42vyu38975-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:05 +0000 (GMT) Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1]) by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 4AD8VjAm027901; Wed, 13 Nov 2024 17:40:04 GMT Received: from smtprelay06.dal12v.mail.ibm.com ([172.16.1.8]) by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 42tj2s6pyp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:04 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay06.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 4ADHe3QO44105986 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Nov 2024 17:40:04 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D94CC58043; Wed, 13 Nov 2024 17:40:03 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8D45758059; Wed, 13 Nov 2024 17:40:03 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 13 Nov 2024 17:40:03 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pp1; bh=EkqLKQ 3vZeYNec8vgV8C940N4/P8035orVq35P5inAU=; b=CL24XHZ7HHkts8RgzbQTBZ h9QPYLQMQWC1DI+tH/qVuJMBByk53Fyezshc+hRy47DG7Y9PWfrRFwjKyNfgiNNY k49f4SQqJp16WvnMT5YrKchhU9B9z17e6aE9pRK39n/PM7JxsbiqvmY3sU1a8+ZW UYyEYm1Il3oQflXInh7nYr8FynOEtitdyYzsWtsnXlMIeyuIYggDUAhTTtLD0lfe IjgRpnukc7wLrRP5ng0DpVoF055tAAw6o1eDDT6SLnQYrJ1GnWqvMGeUGWw4+jC5 ZIPnjFkMgidlDk+Nw08DvlUjC7C7PPybQex0luFKTxu0TcpAxc2ytZVOgeP7vQ7A == From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v4 08/11] qemu: Extend swtpm_setup command line to set a profile by its name Date: Wed, 13 Nov 2024 12:39:48 -0500 Message-ID: <20241113173951.813781-9-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241113173951.813781-1-stefanb@linux.ibm.com> References: <20241113173951.813781-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: vkGBHQ4wkEVVApmRysciXWOjiaG30f6Q X-Proofpoint-GUID: vkGBHQ4wkEVVApmRysciXWOjiaG30f6Q X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 bulkscore=0 adultscore=0 mlxlogscore=999 priorityscore=1501 impostorscore=0 suspectscore=0 phishscore=0 malwarescore=0 mlxscore=0 spamscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2411130146 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: EUTHHIA4QP3HI4P66KLP6LDZMKKLUFEY X-Message-ID-Hash: EUTHHIA4QP3HI4P66KLP6LDZMKKLUFEY X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1731519811268116600 Content-Type: text/plain; charset="utf-8" Run swtpm_setup with the --profile-name option if the user provided the name of a profile. swtpm_setup will try to load the profile from directories with local profiles and distro profiles and if no profile by this name with appended '.json' suffix could be found there, it will fall back to try to use an internal profile with the given name. Also set the --profile-remove-disabled option if the user provided a value in the remove_disabled attribute in the profile XML node. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Stefan Berger Reviewed-by: Michal Privoznik --- src/qemu/qemu_tpm.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 757bb16d7b..34db6494a5 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -365,6 +365,41 @@ qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSourceT= ype source_type, } =20 =20 +/* + * Add a (optional) profile to the swtpm_setup command line. + * + * @cmd: virCommand to add options to + * @emulator: emulator parameters + * + * Returns 0 on success, -1 on failure. + */ +static int +qemuTPMVirCommandAddProfile(virCommand *cmd, + const virDomainTPMEmulatorDef *emulator) +{ + if (!emulator->profile_source) + return 0; + + if (!virTPMSwtpmSetupCapsGet( + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE)) { + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s", + _("swtpm_setup has no support for profiles")); + return -1; + } + + virCommandAddArgList(cmd, + "--profile-name", emulator->profile_source, + NULL); + + if (emulator->profile_remove_disabled) + virCommandAddArgList(cmd, + "--profile-remove-disable", + emulator->profile_remove_disabled, + NULL); + return 0; +} + + /* * qemuTPMEmulatorRunSetup * @@ -441,6 +476,8 @@ qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *= emulator, "--lock-nvram", "--not-overwrite", NULL); + if (qemuTPMVirCommandAddProfile(cmd, emulator) < 0) + return -1; } else { virCommandAddArgList(cmd, "--tpm-state", tpm_state, --=20 2.47.0 From nobody Sat Nov 23 08:09:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1731519852303651.5476028336417; Wed, 13 Nov 2024 09:44:12 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 3CFC819C0; Wed, 13 Nov 2024 12:44:11 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 4801A19A6; Wed, 13 Nov 2024 12:40:25 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id C2EE217FA; Wed, 13 Nov 2024 12:40:15 -0500 (EST) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 5968B179D for ; Wed, 13 Nov 2024 12:40:07 -0500 (EST) Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADE9lia021898; Wed, 13 Nov 2024 17:40:06 GMT Received: from ppma22.wdc07v.mail.ibm.com (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42vwmqh0ec-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:06 +0000 (GMT) Received: from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1]) by ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADHBrMM008270; Wed, 13 Nov 2024 17:40:05 GMT Received: from smtprelay04.wdc07v.mail.ibm.com ([172.16.1.71]) by ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 42tjeyy30d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:04 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay04.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 4ADHe4Jh24904422 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Nov 2024 17:40:04 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4813758043; Wed, 13 Nov 2024 17:40:04 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F07EF58055; Wed, 13 Nov 2024 17:40:03 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 13 Nov 2024 17:40:03 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pp1; bh=nD0KIT 8l+MDi4GkA+lFMXVfsSC/cHDpUXAj1328eXrQ=; b=dVwD3JChFw3gXB45yRBQq4 Qc28zu800GygK1b08o8jPx990FMJdSgCw8KuhXqdWH3aVdus4VHxwB+4j6E0Pjrj 8rUq7QwnpL09LwBo9adPYc42qADMpTDxkwGOTz3dVI0uusaStWDvnnjLFJ1DsPy5 9gBcsTskWoeJMr/mL9DXEMQgtUkC441xzzvqxcSS9QlwnO9kpZ/fcJjfi9VhAJ5Z hG2Z6dVgkbKEcIPObbiJl49ovCk1Scfdw5Q4EkEr/Xn9AD2dLRNZWSi6+UL34roa zUywEHvldp6slWRNIOMl+gjKdGf82d1s8LJ44BiLpDJZT5B8jKgW3xSxy0UXG6QA == From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v4 09/11] qemu: Move adding of keys to swtpm command line into own function Date: Wed, 13 Nov 2024 12:39:49 -0500 Message-ID: <20241113173951.813781-10-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241113173951.813781-1-stefanb@linux.ibm.com> References: <20241113173951.813781-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 6e4AunQz8Mr39oiZ9ZESuYt-MHbwYzV6 X-Proofpoint-GUID: 6e4AunQz8Mr39oiZ9ZESuYt-MHbwYzV6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 suspectscore=0 spamscore=0 mlxlogscore=900 bulkscore=0 malwarescore=0 mlxscore=0 clxscore=1015 impostorscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2411130146 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: OJLZKB2NOSZZWUPCUHQAXKJXUATWV2BT X-Message-ID-Hash: OJLZKB2NOSZZWUPCUHQAXKJXUATWV2BT X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1731519853503116600 Content-Type: text/plain; charset="utf-8" Factor-out code related to adding key to the swtpm command line into its own function. Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Stefan Berger Reviewed-by: Michal Privoznik --- src/qemu/qemu_tpm.c | 60 +++++++++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 24 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 34db6494a5..bf07b86793 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -575,6 +575,38 @@ qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorD= ef *emulator, return 0; } =20 +static int +qemuTPMVirCommandSwtpmAddEncryption(virCommand *cmd, + const virDomainTPMEmulatorDef *emulato= r, + const char *swtpm) +{ + int pwdfile_fd =3D -1; + int migpwdfile_fd =3D -1; + + if (emulator->hassecretuuid) { + if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) { + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, + _("%1$s does not support passing passphrase via= file descriptor"), + swtpm); + return -1; + } + + if (qemuTPMSetupEncryption(emulator->secretuuid, + cmd, &pwdfile_fd) < 0) + return -1; + + if (qemuTPMSetupEncryption(emulator->secretuuid, + cmd, &migpwdfile_fd) < 0) + return -1; + + virCommandAddArg(cmd, "--key"); + virCommandAddArgFormat(cmd, "pwdfd=3D%d,mode=3Daes-256-cbc", pwdfi= le_fd); + + virCommandAddArg(cmd, "--migration-key"); + virCommandAddArgFormat(cmd, "pwdfd=3D%d,mode=3Daes-256-cbc", migpw= dfile_fd); + } + return 0; +} =20 /* * qemuTPMEmulatorBuildCommand: @@ -602,8 +634,6 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, bool created =3D false; bool run_setup =3D false; g_autofree char *swtpm =3D virTPMGetSwtpm(); - int pwdfile_fd =3D -1; - int migpwdfile_fd =3D -1; const unsigned char *secretuuid =3D NULL; bool create_storage =3D true; bool on_shared_storage; @@ -698,28 +728,10 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, break; } =20 - if (tpm->data.emulator.hassecretuuid) { - if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) { - virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, - _("%1$s does not support passing passphrase via= file descriptor"), - swtpm); - goto error; - } - - if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, - cmd, &pwdfile_fd) < 0) - goto error; - - if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, - cmd, &migpwdfile_fd) < 0) - goto error; - - virCommandAddArg(cmd, "--key"); - virCommandAddArgFormat(cmd, "pwdfd=3D%d,mode=3Daes-256-cbc", pwdfi= le_fd); - - virCommandAddArg(cmd, "--migration-key"); - virCommandAddArgFormat(cmd, "pwdfd=3D%d,mode=3Daes-256-cbc", migpw= dfile_fd); - } + if (qemuTPMVirCommandSwtpmAddEncryption(cmd, + &tpm->data.emulator, + swtpm) < 0) + goto error; =20 /* If swtpm supports it and the TPM state is stored on shared storage, * start swtpm with --migration release-lock-outgoing so it can migrate --=20 2.47.0 From nobody Sat Nov 23 08:09:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1731519869235663.2943555740861; Wed, 13 Nov 2024 09:44:29 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 3D94517CB; Wed, 13 Nov 2024 12:44:28 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id F2307198D; Wed, 13 Nov 2024 12:40:26 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id F26EE174F; Wed, 13 Nov 2024 12:40:15 -0500 (EST) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id CAECD17DD for ; Wed, 13 Nov 2024 12:40:07 -0500 (EST) Received: from pps.filterd (m0360083.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADE9o8x021911; Wed, 13 Nov 2024 17:40:06 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42vwmqh0ef-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:06 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADFCa6B007703; Wed, 13 Nov 2024 17:40:05 GMT Received: from smtprelay04.wdc07v.mail.ibm.com ([172.16.1.71]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 42tm9jehnr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:05 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay04.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 4ADHe4tD24904424 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Nov 2024 17:40:05 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AAAD858065; Wed, 13 Nov 2024 17:40:04 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5EE445805E; Wed, 13 Nov 2024 17:40:04 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 13 Nov 2024 17:40:04 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=HTu5Vgq5s22SnMKTn tYaUal6L82wOe845EfXuXcXZa0=; b=URhU9y4mzg7qmr0tc+pBwjaQxNueZ+TAH syi9Vhz3Wkb65xlmqTKMXP/JkX5WvMzJ8MWcHxSUHxU6maPhRlINZ2logvXMjtsc 0K/3vK76ZcBcYsRmaO2B0b/5WEdkwvlpdS3/Q6UI4jdtE+QnmES5mnmJR5N+6EMz sV57hffd6LEyq/sQ1sywTZiP5vIwHGHp77aXWDNTlsBW2ExTkBK+81XUDqyQ55NF BjJw9XwhmmoHG303ugWs6QGnpwyx8SEcCpLMbuqCmh3vJbZ1Yf2nZy6dzbON0oKt EhoDKW6ygwlv3GGybYzWCfilpMdgIBua+WLLRfV7GdszGKNmleOZg== From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v4 10/11] qemu: Move adding --tpmstate to swtpm command line into own function Date: Wed, 13 Nov 2024 12:39:50 -0500 Message-ID: <20241113173951.813781-11-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241113173951.813781-1-stefanb@linux.ibm.com> References: <20241113173951.813781-1-stefanb@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: pDZHR3FdeJ5bbnaQBe4zHz9Z9YAbND0V X-Proofpoint-GUID: pDZHR3FdeJ5bbnaQBe4zHz9Z9YAbND0V X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 suspectscore=0 spamscore=0 mlxlogscore=999 bulkscore=0 malwarescore=0 mlxscore=0 clxscore=1015 impostorscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2411130146 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: H7MKO76W5FZ7EARMMVFSYFMBN7XUXUZW X-Message-ID-Hash: H7MKO76W5FZ7EARMMVFSYFMBN7XUXUZW X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1731519869479116600 Content-Type: text/plain; charset="utf-8" Factor-out code related to adding the --tpmstate option to the swtpm command line into its own function. Signed-off-by: Stefan Berger Reviewed-by: Michal Privoznik --- src/qemu/qemu_tpm.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index bf07b86793..a7eee501bf 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -608,6 +608,25 @@ qemuTPMVirCommandSwtpmAddEncryption(virCommand *cmd, return 0; } =20 +static void +qemuTPMVirCommandSwtpmAddTPMState(virCommand *cmd, + const virDomainTPMEmulatorDef *emulator) +{ + virCommandAddArg(cmd, "--tpmstate"); + switch (emulator->source_type) { + case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE: + virCommandAddArgFormat(cmd, "backend-uri=3Dfile://%s", + emulator->source_path); + break; + case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR: + case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT: + case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST: + virCommandAddArgFormat(cmd, "dir=3D%s,mode=3D0600", + emulator->source_path); + break; + } +} + /* * qemuTPMEmulatorBuildCommand: * @@ -691,19 +710,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, virCommandAddArgFormat(cmd, "type=3Dunixio,path=3D%s,mode=3D0600", tpm->data.emulator.source->data.nix.path); =20 - virCommandAddArg(cmd, "--tpmstate"); - switch (tpm->data.emulator.source_type) { - case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE: - virCommandAddArgFormat(cmd, "backend-uri=3Dfile://%s", - tpm->data.emulator.source_path); - break; - case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR: - case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT: - case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST: - virCommandAddArgFormat(cmd, "dir=3D%s,mode=3D0600", - tpm->data.emulator.source_path); - break; - } + qemuTPMVirCommandSwtpmAddTPMState(cmd, &tpm->data.emulator); =20 virCommandAddArg(cmd, "--log"); if (tpm->data.emulator.debug !=3D 0) --=20 2.47.0 From nobody Sat Nov 23 08:09:38 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=linux.ibm.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1731519915584284.6952369804958; Wed, 13 Nov 2024 09:45:15 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 75DEB11C; Wed, 13 Nov 2024 12:45:14 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 1251D173C; Wed, 13 Nov 2024 12:40:30 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id 4797A1899; Wed, 13 Nov 2024 12:40:19 -0500 (EST) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 659101899 for ; Wed, 13 Nov 2024 12:40:08 -0500 (EST) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADGe2TY022570; Wed, 13 Nov 2024 17:40:07 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42vyu3897d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:06 +0000 (GMT) Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 4ADGShTH029753; Wed, 13 Nov 2024 17:40:05 GMT Received: from smtprelay05.wdc07v.mail.ibm.com ([172.16.1.72]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 42tkjm6jd8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Nov 2024 17:40:05 +0000 Received: from smtpav06.dal12v.mail.ibm.com (smtpav06.dal12v.mail.ibm.com [10.241.53.105]) by smtprelay05.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 4ADHe5ac26542726 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Nov 2024 17:40:05 GMT Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2421558059; Wed, 13 Nov 2024 17:40:05 +0000 (GMT) Received: from smtpav06.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C22135805D; Wed, 13 Nov 2024 17:40:04 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by smtpav06.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 13 Nov 2024 17:40:04 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=pp1; bh=2e+BlCdP4cg6PzAVa JbtKOxhlq3UTxqZ6x25tsVBQ6A=; b=XdHm0midMtY0PVAoEKumWd0we+gP1Nb7G 3IhbYsWaaGi4Irzlvm6YluAy5ARwtdpIO4OOLnQ8FS0eVW56FD9vzUztJ04VxKCu onwbe2nTxT+NXbiVlq5KYq4TjlvXFPUa11mJLr8mGy+u2D8ggkdExcAormncMTpW 6ZN8/7E665NvU5tye7NEKGR+QyHPgrIu0Ino5PRGSU4eBvTvAPmPsLGUoHQqcd2d Tu4p1xyQscP+1ojrnr6VuUEjxYewPXhKBl/LhI2c8MAi5K0YzRvXncjMXrlPfWNu LqdwjWcxi8zvHwsdianX6+WP0B6qTpmVAp3sqz1nz/1g7xRoXgnqQ== From: Stefan Berger To: devel@lists.libvirt.org Subject: [PATCH v4 11/11] qemu: Read back the profile name after creation of a TPM instance Date: Wed, 13 Nov 2024 12:39:51 -0500 Message-ID: <20241113173951.813781-12-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241113173951.813781-1-stefanb@linux.ibm.com> References: <20241113173951.813781-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: N8s9e-b1HZhFt0zmX4IuNV01hUcamAfV X-Proofpoint-GUID: N8s9e-b1HZhFt0zmX4IuNV01hUcamAfV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 bulkscore=0 adultscore=0 mlxlogscore=999 priorityscore=1501 impostorscore=0 suspectscore=0 phishscore=0 malwarescore=0 mlxscore=0 spamscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2411130146 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: IDBCMFBWZMLYEZWVATFBNBMCEORD7WTB X-Message-ID-Hash: IDBCMFBWZMLYEZWVATFBNBMCEORD7WTB X-MailFrom: stefanb@linux.ibm.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0 CC: marcandre.lureau@redhat.com, Stefan Berger X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1731519917968116600 Content-Type: text/plain; charset="utf-8" Get the JSON profile that the swtpm instance was created with from the output of 'swtpm socket --tpm2 --print-info 0x20 --tpmstate ...'. Get the name of the profile from the JSON and set it in the current and persistent emulator descriptions as 'name' attribute and have the persistent description stored with this update. The user should avoid setting this 'name' attribute since it is meant to be read-only. The following is an example of how the XML could look like: If the user provided no profile node, and therefore swtpm_setup picked its default profile, the XML may now shows the 'name' attribute with the name of the profile. This makes the 'source' attribute now optional. Signed-off-by: Stefan Berger Reviewed-by: Michal Privoznik --- docs/formatdomain.rst | 16 ++--- src/conf/domain_conf.c | 18 +++--- src/conf/domain_conf.h | 1 + src/conf/schemas/domaincommon.rng | 13 +++- src/qemu/qemu_extdevice.c | 5 +- src/qemu/qemu_tpm.c | 100 ++++++++++++++++++++++++++++-- src/qemu/qemu_tpm.h | 3 +- src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + 9 files changed, 135 insertions(+), 23 deletions(-) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 6539f620fa..20c86087ef 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -8131,7 +8131,7 @@ Example: usage of the TPM Emulator - + @@ -8229,12 +8229,14 @@ Example: usage of the TPM Emulator ``profile`` The ``profile`` node is used to set a profile for a TPM 2.0 given in the source attribute. This profile will be set when the TPM is initially - created and after that cannot be changed anymore. If no profile is prov= ided, - then swtpm will use the latest built-in 'default' profile or the default - profile set in swtpm_setup.conf. Otherwise swtpm_setup will search for a - profile with the given name with appended .json suffix in a configurable - local and then in a distro directory. If none could be found in either,= it - will fall back trying to use a built-in one. + created and after that cannot be changed anymore. Once a profile has be= en + set the name attribute will be updated with the name of the profile that + is running. If no profile is provided, then swtpm will use the latest + built-in 'default' profile or the default profile set in swtpm_setup.co= nf. + Otherwise swtpm_setup will search for a profile with the given name with + appended .json suffix in a configurable local and then in a distro + directory. If none could be found in either, it will fall back trying to + use a built-in one. =20 The built-in 'null' profile provides backwards compatibility with libtpms v0.9 but also restricts the user to use only TPM features that = were diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 7d91e3e958..6f6898014b 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3479,6 +3479,7 @@ void virDomainTPMDefFree(virDomainTPMDef *def) g_free(def->data.emulator.logfile); virBitmapFree(def->data.emulator.activePcrBanks); g_free(def->data.emulator.profile_source); + g_free(def->data.emulator.profile_name); break; case VIR_DOMAIN_TPM_TYPE_EXTERNAL: virObjectUnref(def->data.external.source); @@ -10926,10 +10927,6 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, =20 if ((profile =3D virXPathNode("./backend/profile[1]", ctxt))) { def->data.emulator.profile_source =3D virXMLPropString(profile= , "source"); - if (!def->data.emulator.profile_source) { - virReportError(VIR_ERR_XML_ERROR, "%s", _("missing profile= source")); - goto error; - } if (virXMLPropEnum(profile, "remove_disabled", virDomainTPMProfileRemoveDisabledTypeFromSt= ring, VIR_XML_PROP_NONZERO, @@ -10938,6 +10935,7 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, if (profile_remove_disabled !=3D VIR_DOMAIN_TPM_PROFILE_REMOVE= _DISABLED_NONE) def->data.emulator.profile_remove_disabled =3D virDomainTPMProfileRemoveDisabledTypeToString(profile_= remove_disabled); + def->data.emulator.profile_name =3D virXMLPropString(profile, = "name"); } break; case VIR_DOMAIN_TPM_TYPE_EXTERNAL: @@ -25134,12 +25132,18 @@ virDomainTPMDefFormat(virBuffer *buf, virDomainTPMSourceTypeTypeToString(def->data= .emulator.source_type)); virBufferEscapeString(&backendChildBuf, " path=3D'%s'/>\n", de= f->data.emulator.source_path); } - if (def->data.emulator.profile_source) { - virBufferAsprintf(&backendChildBuf, "data.emulator.profile_source); + if (def->data.emulator.profile_source || + def->data.emulator.profile_name) { + virBufferAddLit(&backendChildBuf, "data.emulator.profile_source) + virBufferAsprintf(&backendChildBuf, " source=3D'%s'", + def->data.emulator.profile_source); if (def->data.emulator.profile_remove_disabled) virBufferAsprintf(&backendChildBuf, " remove_disabled=3D'%s= '", def->data.emulator.profile_remove_disable= d); + if (def->data.emulator.profile_name) + virBufferAsprintf(&backendChildBuf, " name=3D'%s'", + def->data.emulator.profile_name); virBufferAddLit(&backendChildBuf, "/>\n"); } break; diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index bd2740af26..45421d4772 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1493,6 +1493,7 @@ struct _virDomainTPMEmulatorDef { bool persistent_state; virBitmap *activePcrBanks; char *profile_source; /* 'source' profile was created from */ + char *profile_name; /* name read from active profile */ const char *profile_remove_disabled; }; =20 diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom= mon.rng index d94ff9b4c3..e26e65fd7c 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -6056,9 +6056,11 @@ - - - + + + + + @@ -6067,6 +6069,11 @@ + + + + + diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c index dc1bb56237..a6f31f9773 100644 --- a/src/qemu/qemu_extdevice.c +++ b/src/qemu/qemu_extdevice.c @@ -175,6 +175,7 @@ qemuExtDevicesStart(virQEMUDriver *driver, virDomainObj *vm, bool incomingMigration) { + virDomainDef *persistentDef =3D vm->newDef; virDomainDef *def =3D vm->def; size_t i; =20 @@ -189,9 +190,11 @@ qemuExtDevicesStart(virQEMUDriver *driver, =20 for (i =3D 0; i < def->ntpms; i++) { virDomainTPMDef *tpm =3D def->tpms[i]; + virDomainTPMDef *persistentTPMDef =3D persistentDef->tpms[i]; =20 if (tpm->type =3D=3D VIR_DOMAIN_TPM_TYPE_EMULATOR && - qemuExtTPMStart(driver, vm, tpm, incomingMigration) < 0) + qemuExtTPMStart(driver, vm, tpm, persistentTPMDef, + incomingMigration) < 0) return -1; } =20 diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index a7eee501bf..2fb3796910 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -627,15 +627,89 @@ qemuTPMVirCommandSwtpmAddTPMState(virCommand *cmd, } } =20 +/* qemuTPMEmulatorUpdateProfileName: + * + * @emulator: TPM emulator definition + * @persistentTPMDef: TPM definition from the persistent domain definition + * @cfg: virQEMUDriverConfig + * @saveDef: whether caller should save the persistent domain def + */ +static int +qemuTPMEmulatorUpdateProfileName(virDomainTPMEmulatorDef *emulator, + virDomainTPMDef *persistentTPMDef, + const virQEMUDriverConfig *cfg, + bool *saveDef) +{ + g_autoptr(virJSONValue) object =3D NULL; + g_autofree char *stderr_buf =3D NULL; + g_autofree char *stdout_buf =3D NULL; + g_autoptr(virCommand) cmd =3D NULL; + g_autofree char *swtpm =3D NULL; + virJSONValue *active_profile; + const char *profile_name; + int exitstatus; + + if (emulator->version !=3D VIR_DOMAIN_TPM_VERSION_2_0 || + !virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PRINT_INFO)) + return 0; + + swtpm =3D virTPMGetSwtpm(); + if (!swtpm) + return -1; + + cmd =3D virCommandNew(swtpm); + + virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or '= root' */ + virCommandSetGID(cmd, cfg->swtpm_group); + + virCommandAddArgList(cmd, "socket", "--print-info", "0x20", "--tpm2", = NULL); + + qemuTPMVirCommandSwtpmAddTPMState(cmd, emulator); + + if (qemuTPMVirCommandSwtpmAddEncryption(cmd, emulator, swtpm) < 0) + return -1; + + virCommandClearCaps(cmd); + + virCommandSetOutputBuffer(cmd, &stdout_buf); + virCommandSetErrorBuffer(cmd, &stderr_buf); + + if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus !=3D 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Could not run '%1$s --print-info'. exitstatus: %= 2$d; stderr: %3$s\n"), + swtpm, exitstatus, stderr_buf); + return -1; + } + + if (!(object =3D virJSONValueFromString(stdout_buf))) + return -1; + + if (!(active_profile =3D virJSONValueObjectGetObject(object, "ActivePr= ofile"))) + return -1; + + profile_name =3D g_strdup(virJSONValueObjectGetString(active_profile, = "Name")); + + g_free(emulator->profile_name); + emulator->profile_name =3D g_strdup(profile_name); + + *saveDef =3D true; + g_free(persistentTPMDef->data.emulator.profile_name); + persistentTPMDef->data.emulator.profile_name =3D g_strdup(profile_name= ); + + return 0; +} + /* * qemuTPMEmulatorBuildCommand: * * @tpm: TPM definition + * @persistentTPMDef: TPM definition from the persistent domain definition * @vmname: The name of the VM * @vmuuid: The UUID of the VM * @privileged: whether we are running in privileged mode * @cfg: virQEMUDriverConfig * @incomingMigration: whether we have an incoming migration + * @saveDef: whether caller should save the persistent domain def * * Create the virCommand use for starting the emulator * Do some initializations on the way, such as creation of storage @@ -643,11 +717,13 @@ qemuTPMVirCommandSwtpmAddTPMState(virCommand *cmd, */ static virCommand * qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, + virDomainTPMDef *persistentTPMDef, const char *vmname, const unsigned char *vmuuid, bool privileged, const virQEMUDriverConfig *cfg, - bool incomingMigration) + bool incomingMigration, + bool *saveDef) { g_autoptr(virCommand) cmd =3D NULL; bool created =3D false; @@ -696,6 +772,11 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, incomingMigration) < 0) goto error; =20 + if (run_setup && !incomingMigration && + qemuTPMEmulatorUpdateProfileName(&tpm->data.emulator, persistentTP= MDef, + cfg, saveDef) < 0) + goto error; + if (!incomingMigration && qemuTPMEmulatorReconfigure(&tpm->data.emulator, cfg, secretuuid) <= 0) goto error; @@ -995,6 +1076,7 @@ qemuExtTPMEmulatorSetupCgroup(const char *swtpmStateDi= r, * @driver: QEMU driver * @vm: the domain object * @tpm: TPM definition + * @persistentTPMDef: TPM definition from persistent domain definition * @shortName: short and unique name of the domain * @incomingMigration: whether we have an incoming migration * @@ -1007,6 +1089,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, virDomainObj *vm, const char *shortName, virDomainTPMDef *tpm, + virDomainTPMDef *persistentTPMDef, bool incomingMigration) { g_autoptr(virCommand) cmd =3D NULL; @@ -1015,6 +1098,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, g_autofree char *pidfile =3D NULL; virTimeBackOffVar timebackoff; const unsigned long long timeout =3D 1000; /* ms */ + bool saveDef =3D false; pid_t pid =3D -1; bool lockMetadataException =3D false; =20 @@ -1023,12 +1107,18 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, /* stop any left-over TPM emulator for this VM */ qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName); =20 - if (!(cmd =3D qemuTPMEmulatorBuildCommand(tpm, vm->def->name, vm->def-= >uuid, + if (!(cmd =3D qemuTPMEmulatorBuildCommand(tpm, persistentTPMDef, + vm->def->name, vm->def->uuid, driver->privileged, cfg, - incomingMigration))) + incomingMigration, + &saveDef))) return -1; =20 + if (saveDef && + virDomainDefSave(vm->newDef, driver->xmlopt, cfg->configDir) < 0) + goto error; + if (qemuExtDeviceLogCommand(driver, vm, cmd, "TPM Emulator") < 0) return -1; =20 @@ -1212,6 +1302,7 @@ int qemuExtTPMStart(virQEMUDriver *driver, virDomainObj *vm, virDomainTPMDef *tpm, + virDomainTPMDef *persistentTPMDef, bool incomingMigration) { g_autofree char *shortName =3D virDomainDefGetShortName(vm->def); @@ -1219,7 +1310,8 @@ qemuExtTPMStart(virQEMUDriver *driver, if (!shortName) return -1; =20 - return qemuTPMEmulatorStart(driver, vm, shortName, tpm, incomingMigrat= ion); + return qemuTPMEmulatorStart(driver, vm, shortName, tpm, persistentTPMD= ef, + incomingMigration); } =20 =20 diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h index 3071dc3f71..7096060a2a 100644 --- a/src/qemu/qemu_tpm.h +++ b/src/qemu/qemu_tpm.h @@ -44,9 +44,10 @@ void qemuExtTPMCleanupHost(virQEMUDriver *driver, int qemuExtTPMStart(virQEMUDriver *driver, virDomainObj *vm, virDomainTPMDef *def, + virDomainTPMDef *persistentDefTPM, bool incomingMigration) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) - ATTRIBUTE_NONNULL(3) + ATTRIBUTE_NONNULL(3) ATTRIBUTE_NONNULL(4) G_GNUC_WARN_UNUSED_RESULT; =20 void qemuExtTPMStop(virQEMUDriver *driver, diff --git a/src/util/virtpm.c b/src/util/virtpm.c index 1c736b0229..4016ad8fc4 100644 --- a/src/util/virtpm.c +++ b/src/util/virtpm.c @@ -42,6 +42,7 @@ VIR_ENUM_IMPL(virTPMSwtpmFeature, "cmdarg-migration", "nvram-backend-dir", "nvram-backend-file", + "cmdarg-print-info", ); =20 VIR_ENUM_IMPL(virTPMSwtpmSetupFeature, diff --git a/src/util/virtpm.h b/src/util/virtpm.h index 9ca09c2d80..03fb92629a 100644 --- a/src/util/virtpm.h +++ b/src/util/virtpm.h @@ -33,6 +33,7 @@ typedef enum { VIR_TPM_SWTPM_FEATURE_CMDARG_MIGRATION, VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_DIR, VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_FILE, + VIR_TPM_SWTPM_FEATURE_CMDARG_PRINT_INFO, =20 VIR_TPM_SWTPM_FEATURE_LAST } virTPMSwtpmFeature; --=20 2.47.0