From nobody Tue May 7 20:25:07 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1671112625; cv=none; d=zohomail.com; s=zohoarc; b=a6Cw+fW/74DK7P0UKGWctayMBcYAFbCEVsVwhtOaoWRIfTXBrlxZ9h1YcIEOQL5LXVleqkOKRY/74SkfSwMa52PLrKt6Hzj8UexNlr3WXgsTK/MTzZCBxxAAY2QsA69qwxF2f1mQGK58kNF/3BkUiuL9zzuG6lgKL9/ZhmB+3CA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1671112625; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=14+xp0Vfk0OlF1KJvdcr7ruyvQXKxsxriMj2ubRMOBM=; b=OTROVDLOZL95MqHdgFOZAIAZaMlPBxu5fe2FqNB/ypJeNwIGtCVxxMFgoMaMVpdlKZXyvhT5Nl2YEOg2f7KsgBljDVPHOA2N6Pw4IJKm6fFsTfDOoEwPJS9EkbbTpK1DEtH9oy3sbMxWHdQCRp6bFo6g5HJa9A1x7JXTR/V1oUA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 167111262532591.22601178877812; Thu, 15 Dec 2022 05:57:05 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-632-2HcotHVbNta0-_mmPaZbWQ-1; Thu, 15 Dec 2022 08:56:57 -0500 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9A96785CCFC; Thu, 15 Dec 2022 13:56:54 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id EBED9492C3C; Thu, 15 Dec 2022 13:56:53 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 6247B1946A6B; Thu, 15 Dec 2022 13:56:53 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id B61CD19465B2 for ; Thu, 15 Dec 2022 13:56:51 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 9D32C400F5A; Thu, 15 Dec 2022 13:56:51 +0000 (UTC) Received: from fedora.redhat.com (unknown [10.43.2.118]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2551C49BB6A for ; Thu, 15 Dec 2022 13:56:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1671112622; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=14+xp0Vfk0OlF1KJvdcr7ruyvQXKxsxriMj2ubRMOBM=; b=LpP9Ye277kRgkxlZ2u9XNpPZAJGd4nbjdKQDeuoBtiIpGcGPNzmu/CC7wabs5yyaH+Au0d 38PgSfsfNFrPlIT+AeFj6i6yCDMbWQ8b0rmMGDZZBzGnxLb4vBbFX+oAU5OFXhspwQpGat Fn3uI2wEhKqtztb0N/LyXfCK0dKfv0k= X-MC-Unique: 2HcotHVbNta0-_mmPaZbWQ-1 X-Original-To: libvir-list@listman.corp.redhat.com From: =?UTF-8?q?J=C3=A1n=20Tomko?= To: libvir-list@redhat.com Subject: [libvirt PATCHv2 1/2] qemu: add external backend for tpm Date: Thu, 15 Dec 2022 14:56:46 +0100 Message-Id: <3c34684983346c69f09e9eeca65f2c33b7925e51.1671112566.git.jtomko@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1671112626136100001 Introduce a new backend type 'external' for connecting to a swtpm daemon not managed by libvirtd. Mostly in one commit, thanks to -Wswitch and the way we generate capabilities. https://bugzilla.redhat.com/show_bug.cgi?id=3D2063723 Signed-off-by: J=C3=A1n Tomko Reviewed-by: Michal Privoznik --- src/conf/domain_audit.c | 11 +++++ src/conf/domain_conf.c | 35 ++++++++++++++++ src/conf/domain_conf.h | 4 ++ src/conf/domain_validate.c | 15 +++++++ src/conf/schemas/domaincommon.rng | 22 ++++++++++ src/qemu/qemu_capabilities.c | 4 +- src/qemu/qemu_cgroup.c | 1 + src/qemu/qemu_command.c | 11 ++++- src/qemu/qemu_domain.c | 4 ++ src/qemu/qemu_namespace.c | 1 + src/qemu/qemu_tpm.c | 2 + src/security/security_dac.c | 2 + src/security/security_selinux.c | 2 + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + .../qemu_5.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 + .../qemu_5.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 + .../qemu_6.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 1 + .../qemu_6.2.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 1 + .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 1 + .../qemu_7.0.0-virt.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 1 + .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_7.1.0.ppc64.xml | 1 + tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 1 + .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 1 + .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 1 + tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 1 + tests/qemuxml2argvdata/tpm-external.xml | 40 +++++++++++++++++++ .../tpm-external.x86_64-latest.xml | 1 + tests/qemuxml2xmltest.c | 1 + 61 files changed, 199 insertions(+), 2 deletions(-) create mode 100644 tests/qemuxml2argvdata/tpm-external.xml create mode 120000 tests/qemuxml2xmloutdata/tpm-external.x86_64-latest.xml diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c index 974df5a037..82cf6ab749 100644 --- a/src/conf/domain_audit.c +++ b/src/conf/domain_audit.c @@ -556,6 +556,17 @@ virDomainAuditTPM(virDomainObj *vm, virDomainTPMDef *t= pm, "virt=3D%s resrc=3Dtpm-emulator reason=3D%s %s uuid=3D%s= %s", virt, reason, vmname, uuidstr, device); break; + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: + path =3D tpm->data.external.source->data.nix.path; + if (!(device =3D virAuditEncode("device", VIR_AUDIT_STR(path)))) { + VIR_WARN("OOM while encoding audit message"); + goto cleanup; + } + + VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success, + "virt=3D%s resrc=3Dtpm-external reason=3D%s %s uuid=3D%s= %s", + virt, reason, vmname, uuidstr, device); + break; case VIR_DOMAIN_TPM_TYPE_LAST: default: break; diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index a180398b14..c1e6732cde 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1281,6 +1281,7 @@ VIR_ENUM_IMPL(virDomainTPMBackend, VIR_DOMAIN_TPM_TYPE_LAST, "passthrough", "emulator", + "external", ); =20 VIR_ENUM_IMPL(virDomainTPMVersion, @@ -3309,6 +3310,9 @@ void virDomainTPMDefFree(virDomainTPMDef *def) g_free(def->data.emulator.logfile); virBitmapFree(def->data.emulator.activePcrBanks); break; + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: + virObjectUnref(def->data.external.source); + break; case VIR_DOMAIN_TPM_TYPE_LAST: break; } @@ -10257,6 +10261,7 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, g_autofree char *persistent_state =3D NULL; g_autofree xmlNodePtr *backends =3D NULL; g_autofree xmlNodePtr *nodes =3D NULL; + g_autofree char *type =3D NULL; int bank; =20 if (!(def =3D virDomainTPMDefNew(xmlopt))) @@ -10344,6 +10349,28 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, virBitmapSetBitExpand(def->data.emulator.activePcrBanks, bank); } break; + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: + if (!(type =3D virXPathString("string(./backend/source/@type)", ct= xt))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing external TPM backend type")); + goto error; + } + + if (!(def->data.external.source =3D virDomainChrSourceDefNew(xmlop= t))) + goto error; + + def->data.external.source->type =3D virDomainChrTypeFromString(typ= e); + if (def->data.external.source->type < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unknown backend type '%s' for external TPM"), + type); + goto error; + } + + if (virDomainChrSourceDefParseXML(def->data.external.source, backe= nds[0], + flags, NULL, ctxt) < 0) + goto error; + break; case VIR_DOMAIN_TPM_TYPE_LAST: goto error; } @@ -20443,6 +20470,7 @@ virDomainTPMDefCheckABIStability(virDomainTPMDef *s= rc, break; =20 case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: case VIR_DOMAIN_TPM_TYPE_LAST: break; } @@ -24047,6 +24075,13 @@ virDomainTPMDefFormat(virBuffer *buf, virXMLFormatElement(&backendChildBuf, "active_pcr_banks", NULL= , &activePcrBanksBuf); } break; + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: + if (def->data.external.source->type =3D=3D VIR_DOMAIN_CHR_TYPE_UNI= X) { + virBufferAddLit(&backendChildBuf, "\n", + def->data.external.source->data.nix.path= ); + } + break; case VIR_DOMAIN_TPM_TYPE_LAST: break; } diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index c19dfc5470..1404c55053 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1421,6 +1421,7 @@ typedef enum { typedef enum { VIR_DOMAIN_TPM_TYPE_PASSTHROUGH, VIR_DOMAIN_TPM_TYPE_EMULATOR, + VIR_DOMAIN_TPM_TYPE_EXTERNAL, =20 VIR_DOMAIN_TPM_TYPE_LAST } virDomainTPMBackendType; @@ -1464,6 +1465,9 @@ struct _virDomainTPMDef { bool persistent_state; virBitmap *activePcrBanks; } emulator; + struct { + virDomainChrSourceDef *source; + } external; } data; }; =20 diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index 95b8d9b419..8a9a79d7ea 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -2727,6 +2727,21 @@ virDomainTPMDevValidate(const virDomainTPMDef *tpm) break; =20 case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: + break; + + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: + if (tpm->data.external.source->type !=3D VIR_DOMAIN_CHR_TYPE_UNIX)= { + virReportError(VIR_ERR_XML_ERROR, "%s", _("only source type 'u= nix' is supported for external TPM device")); + return -1; + } + if (tpm->data.external.source->data.nix.listen) { + virReportError(VIR_ERR_XML_ERROR, "%s", _("only 'client' mode = is supported for external TPM device")); + return -1; + } + if (tpm->data.external.source->data.nix.path =3D=3D NULL) { + virReportError(VIR_ERR_XML_ERROR, "%s", _("missing socket path= for external TPM device")); + return -1; + } case VIR_DOMAIN_TPM_TYPE_LAST: break; } diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom= mon.rng index 8bc627d114..c588a48fd2 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -5583,6 +5583,12 @@ + + + external + + + @@ -5607,6 +5613,22 @@ =20 + + + + + unix + + + + + + connect + + + + + diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 2553b5b3ad..3aba9299b1 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -6471,8 +6471,10 @@ virQEMUCapsFillDomainDeviceTPMCaps(virQEMUCaps *qemu= Caps, if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_PASSTHROUGH)) VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendModel, VIR_DOMAIN_TPM_TYPE_PA= SSTHROUGH); if (virTPMHasSwtpm()) { - if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_EMULATOR)) + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_EMULATOR)) { VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendModel, VIR_DOMAIN_TPM_TYP= E_EMULATOR); + VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendModel, VIR_DOMAIN_TPM_TYP= E_EXTERNAL); + } if (virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2)) { VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendVersion, VIR_DOMAIN_TPM_V= ERSION_1_2); tpm->backendVersion.report =3D true; diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 78c4a035bf..9cf2d6474a 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -397,6 +397,7 @@ qemuSetupTPMCgroup(virDomainObj *vm, case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: return qemuSetupChrSourceCgroup(vm, dev->data.passthrough.source); case VIR_DOMAIN_TPM_TYPE_EMULATOR: + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: case VIR_DOMAIN_TPM_TYPE_LAST: break; } diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 42bd7cb99f..ee2e873b95 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9241,7 +9241,10 @@ qemuBuildTPMBackendStr(virDomainTPMDef *tpm, { g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; =20 - virBufferAsprintf(&buf, "%s", virDomainTPMBackendTypeToString(tpm->typ= e)); + if (tpm->type =3D=3D VIR_DOMAIN_TPM_TYPE_EXTERNAL) + virBufferAddLit(&buf, "emulator"); + else + virBufferAsprintf(&buf, "%s", virDomainTPMBackendTypeToString(tpm-= >type)); virBufferAsprintf(&buf, ",id=3Dtpm-%s", tpm->info.alias); =20 switch (tpm->type) { @@ -9253,6 +9256,7 @@ qemuBuildTPMBackendStr(virDomainTPMDef *tpm, virQEMUBuildBufferEscapeComma(&buf, qemuFDPassGetPath(passcancel)); break; case VIR_DOMAIN_TPM_TYPE_EMULATOR: + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: virBufferAddLit(&buf, ",chardev=3Dchrtpm"); break; case VIR_DOMAIN_TPM_TYPE_LAST: @@ -9295,6 +9299,11 @@ qemuBuildTPMCommandLine(virCommand *cmd, return -1; break; =20 + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: + if (qemuBuildChardevCommand(cmd, tpm->data.external.source, "chrtp= m", priv->qemuCaps) < 0) + return -1; + break; + case VIR_DOMAIN_TPM_TYPE_LAST: virReportEnumRangeError(virDomainTPMBackendType, tpm->type); return -1; diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 8892f28fce..5c05032ce3 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1201,6 +1201,7 @@ qemuDomainTPMPrivateFormat(const virDomainTPMDef *tpm, break; =20 case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: case VIR_DOMAIN_TPM_TYPE_LAST: break; } @@ -11753,6 +11754,9 @@ qemuDomainDeviceBackendChardevForeachOne(virDomainD= eviceDef *dev, case VIR_DOMAIN_TPM_TYPE_EMULATOR: return cb(dev, dev->data.tpm->data.emulator.source, opaque); =20 + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: + return cb(dev, dev->data.tpm->data.external.source, opaque); + case VIR_DOMAIN_TPM_TYPE_LAST: return 0; } diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c index 90c0b90024..0f7351ad46 100644 --- a/src/qemu/qemu_namespace.c +++ b/src/qemu/qemu_namespace.c @@ -457,6 +457,7 @@ qemuDomainSetupTPM(virDomainTPMDef *dev, break; =20 case VIR_DOMAIN_TPM_TYPE_EMULATOR: + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: case VIR_DOMAIN_TPM_TYPE_LAST: /* nada */ break; diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 36d5beb202..f2edaf5eaa 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -1028,6 +1028,7 @@ qemuTPMHasSharedStorage(virDomainDef *def) case VIR_DOMAIN_TPM_TYPE_EMULATOR: return virFileIsSharedFS(tpm->data.emulator.storagepath) =3D= =3D 1; case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: case VIR_DOMAIN_TPM_TYPE_LAST: break; } @@ -1048,6 +1049,7 @@ qemuTPMCanMigrateSharedStorage(virDomainDef *def) case VIR_DOMAIN_TPM_TYPE_EMULATOR: return QEMU_DOMAIN_TPM_PRIVATE(tpm)->swtpm.can_migrate_shared_= storage; case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: case VIR_DOMAIN_TPM_TYPE_LAST: break; } diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 5ca63e30f4..917fcf76a3 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1699,6 +1699,7 @@ virSecurityDACSetTPMFileLabel(virSecurityManager *mgr, tpm->data.emulator.sourc= e, false, false); break; + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: case VIR_DOMAIN_TPM_TYPE_LAST: break; } @@ -1722,6 +1723,7 @@ virSecurityDACRestoreTPMFileLabel(virSecurityManager = *mgr, break; case VIR_DOMAIN_TPM_TYPE_EMULATOR: /* swtpm will have removed the Unix socket upon termination */ + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: case VIR_DOMAIN_TPM_TYPE_LAST: break; } diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 415a26a386..93cc12407a 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1660,6 +1660,7 @@ virSecuritySELinuxSetTPMFileLabel(virSecurityManager = *mgr, if (rc < 0) return -1; break; + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: case VIR_DOMAIN_TPM_TYPE_LAST: break; } @@ -1695,6 +1696,7 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurityM= anager *mgr, break; case VIR_DOMAIN_TPM_TYPE_EMULATOR: /* swtpm will have removed the Unix socket upon termination */ + case VIR_DOMAIN_TPM_TYPE_EXTERNAL: case VIR_DOMAIN_TPM_TYPE_LAST: break; } diff --git a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml b/tests/domainc= apsdata/qemu_4.2.0-q35.x86_64.xml index 9375fc9457..d0bf0bdc7b 100644 --- a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml @@ -211,6 +211,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml b/tests/domainc= apsdata/qemu_4.2.0-tcg.x86_64.xml index 860ffd1047..6a3818fb4e 100644 --- a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml @@ -226,6 +226,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml b/tests/domaincapsd= ata/qemu_4.2.0.x86_64.xml index 0187584e6b..36a4081764 100644 --- a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml @@ -211,6 +211,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml b/tests/domainc= apsdata/qemu_5.0.0-q35.x86_64.xml index 3f534b77a2..05884cdb86 100644 --- a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml @@ -213,6 +213,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml b/tests/domainc= apsdata/qemu_5.0.0-tcg.x86_64.xml index 2826ce58e1..c53b84c140 100644 --- a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml @@ -228,6 +228,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml b/tests/domai= ncapsdata/qemu_5.0.0-virt.aarch64.xml index 1ae7dfdc01..e74a3d9f5f 100644 --- a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml @@ -172,6 +172,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml b/tests/domaincaps= data/qemu_5.0.0.aarch64.xml index 74db0a2561..605575c793 100644 --- a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml @@ -170,6 +170,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml b/tests/domaincapsda= ta/qemu_5.0.0.ppc64.xml index 804172d013..a5b718618b 100644 --- a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml @@ -137,6 +137,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml b/tests/domaincapsd= ata/qemu_5.0.0.x86_64.xml index a83e942ca5..fd1f42b555 100644 --- a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml @@ -213,6 +213,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml b/tests/domainc= apsdata/qemu_5.1.0-q35.x86_64.xml index f10a106d9a..a04c3e7130 100644 --- a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml @@ -214,6 +214,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml b/tests/domainc= apsdata/qemu_5.1.0-tcg.x86_64.xml index a2a3b501cc..a7b2ff8d7d 100644 --- a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml @@ -228,6 +228,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml b/tests/domaincapsd= ata/qemu_5.1.0.x86_64.xml index 926ac6c231..45b7dcf6e4 100644 --- a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml @@ -214,6 +214,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml b/tests/domainc= apsdata/qemu_5.2.0-q35.x86_64.xml index 31ff03f9f0..61cfa7d449 100644 --- a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml @@ -214,6 +214,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml b/tests/domainc= apsdata/qemu_5.2.0-tcg.x86_64.xml index fdaa0ae5bc..caced52187 100644 --- a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml @@ -228,6 +228,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml b/tests/domai= ncapsdata/qemu_5.2.0-virt.aarch64.xml index 762fbe2f50..f19ad32693 100644 --- a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml @@ -172,6 +172,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml b/tests/domaincaps= data/qemu_5.2.0.aarch64.xml index 74db0a2561..605575c793 100644 --- a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml @@ -170,6 +170,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml b/tests/domaincapsda= ta/qemu_5.2.0.ppc64.xml index 02e038d445..8ae7487c1e 100644 --- a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml @@ -137,6 +137,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml b/tests/domaincapsd= ata/qemu_5.2.0.x86_64.xml index cfd6ff1d84..67f8b0fd83 100644 --- a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml @@ -214,6 +214,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domainc= apsdata/qemu_6.0.0-q35.x86_64.xml index 048c47e9f6..08585e6cb0 100644 --- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml @@ -215,6 +215,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domainc= apsdata/qemu_6.0.0-tcg.x86_64.xml index 75bf330a79..7536a42ad5 100644 --- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml @@ -230,6 +230,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml b/tests/domai= ncapsdata/qemu_6.0.0-virt.aarch64.xml index 30446b75f7..1235dd0ab7 100644 --- a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml @@ -173,6 +173,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml b/tests/domaincaps= data/qemu_6.0.0.aarch64.xml index 6c30318d34..461e34f1d6 100644 --- a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml @@ -171,6 +171,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsd= ata/qemu_6.0.0.x86_64.xml index 8b9e910fdc..632f7c21d1 100644 --- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml @@ -215,6 +215,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml b/tests/domainc= apsdata/qemu_6.1.0-q35.x86_64.xml index bc4912bc62..35d1014626 100644 --- a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml @@ -216,6 +216,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml b/tests/domainc= apsdata/qemu_6.1.0-tcg.x86_64.xml index 6cbdb1d6ae..9d56f2dda7 100644 --- a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml @@ -230,6 +230,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml b/tests/domaincapsd= ata/qemu_6.1.0.x86_64.xml index 5efb7b595c..591ca12d72 100644 --- a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml @@ -216,6 +216,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml b/tests/domainc= apsdata/qemu_6.2.0-q35.x86_64.xml index 1281dc5ff8..7558e78423 100644 --- a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml @@ -216,6 +216,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml b/tests/domainc= apsdata/qemu_6.2.0-tcg.x86_64.xml index 2fcff7a96f..c667b944da 100644 --- a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml @@ -232,6 +232,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml b/tests/domai= ncapsdata/qemu_6.2.0-virt.aarch64.xml index 5aa8820612..2c9ba98a0a 100644 --- a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml @@ -175,6 +175,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml b/tests/domaincaps= data/qemu_6.2.0.aarch64.xml index 96c426cd4f..9b546f59bc 100644 --- a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml @@ -173,6 +173,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml b/tests/domaincapsda= ta/qemu_6.2.0.ppc64.xml index 350c55e2c0..fd7c9d8d5a 100644 --- a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml @@ -135,6 +135,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml b/tests/domaincapsd= ata/qemu_6.2.0.x86_64.xml index ae789c3a9b..a20d3722fd 100644 --- a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml @@ -216,6 +216,7 @@ passthrough emulator + external 1.2 diff --git a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml b/tests/domainc= apsdata/qemu_7.0.0-q35.x86_64.xml index 59b2988de0..ac9d384bb3 100644 --- a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml @@ -218,6 +218,7 @@ passthrough emulator + external 2.0 diff --git a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml b/tests/domainc= apsdata/qemu_7.0.0-tcg.x86_64.xml index 58d8bdee3f..2419875474 100644 --- a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml @@ -234,6 +234,7 @@ passthrough emulator + external 2.0 diff --git a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml b/tests/domai= ncapsdata/qemu_7.0.0-virt.aarch64.xml index 4ec23a8b85..f4eb8a728b 100644 --- a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml @@ -175,6 +175,7 @@ passthrough emulator + external 2.0 diff --git a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml b/tests/domaincaps= data/qemu_7.0.0.aarch64.xml index d3f90db5a8..053bec369b 100644 --- a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml @@ -173,6 +173,7 @@ passthrough emulator + external 2.0 diff --git a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml b/tests/domaincapsda= ta/qemu_7.0.0.ppc64.xml index e9322a02e2..9c09174d77 100644 --- a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml @@ -137,6 +137,7 @@ passthrough emulator + external 2.0 diff --git a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml b/tests/domaincapsd= ata/qemu_7.0.0.x86_64.xml index 368c359dcf..886e14ea49 100644 --- a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml @@ -218,6 +218,7 @@ passthrough emulator + external 2.0 diff --git a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml b/tests/domainc= apsdata/qemu_7.1.0-q35.x86_64.xml index 831ef667e9..6b5e8a6820 100644 --- a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml @@ -217,6 +217,7 @@ passthrough emulator + external 2.0 diff --git a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml b/tests/domainc= apsdata/qemu_7.1.0-tcg.x86_64.xml index e5d5768b40..e44804c21c 100644 --- a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml @@ -232,6 +232,7 @@ passthrough emulator + external 2.0 diff --git a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml b/tests/domaincapsda= ta/qemu_7.1.0.ppc64.xml index 73c2cb84e4..15cf6a9cf8 100644 --- a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml @@ -130,6 +130,7 @@ passthrough emulator + external 2.0 diff --git a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml b/tests/domaincapsd= ata/qemu_7.1.0.x86_64.xml index 0e2aa77a7d..d4069dd6f0 100644 --- a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml @@ -217,6 +217,7 @@ passthrough emulator + external 2.0 diff --git a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml b/tests/domainc= apsdata/qemu_7.2.0-q35.x86_64.xml index 8c6399a7b6..e6997ccbc6 100644 --- a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml @@ -222,6 +222,7 @@ passthrough emulator + external 2.0 diff --git a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml b/tests/domainc= apsdata/qemu_7.2.0-tcg.x86_64.xml index b04beaa9d6..b9bf0b6a04 100644 --- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml @@ -221,6 +221,7 @@ passthrough emulator + external 2.0 diff --git a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml b/tests/domaincapsd= ata/qemu_7.2.0.x86_64.xml index 86385dacbd..67ecdc0b12 100644 --- a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml @@ -222,6 +222,7 @@ passthrough emulator + external 2.0 diff --git a/tests/qemuxml2argvdata/tpm-external.xml b/tests/qemuxml2argvda= ta/tpm-external.xml new file mode 100644 index 0000000000..c8f9c72b1f --- /dev/null +++ b/tests/qemuxml2argvdata/tpm-external.xml @@ -0,0 +1,40 @@ + + TPM-VM + 11d7cd22-da89-3094-6212-079a48a309a1 + 2097152 + 512288 + 1 + + hvm + + + + + + + + qemu64 + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + +
+ + + + + + + + + +