This series of patches adds support for the TPM emulator backend that is available in QEMU and based on swtpm + libtpms. It allows to attach a TPM 1.2 or 2 to a QEMU VM. sVirt labels are used for labeling the swtpm process, its Unix socket, and log file with the same label that the QEMU process gets. Besides that swtpm is added to the emulator cgroup to restrict its CPU usage. The device XML can be changed from a TPM 1.2 to a TPM 2 and back to a TPM 1.2. The device state is not removed during those changes but only when the domain is undefined. The swtpm needs persistent storage to store its state. For that I am using the uuid of the VM as part of the path since the name of the VM can be changed. Logfiles, PID files, and socket names are based on the name of the VM, though. Stefan Stefan Berger (14): util: implement virFileReadOffsetQuiet() util: Implement virStringFilterLines() conf: Add support for external swtpm TPM emulator to domain XML qemu: Extend QEMU capabilities with 'tpm-emulator' util: Implement virFileChownFiles() security: Add DAC and SELinux security for tpm-emulator util: Extend virtpm.c with tpm-emulator support qemu: Extend qemu_conf with tpm-emulator support qemu: Implement a layer for external devices like tpm-emulator qemu: Add support for external swtpm TPM emulator tests: Add test cases for external swtpm TPM emulator security: Label the external swtpm with SELinux labels tpm: Add support for choosing emulation of a TPM 2 qemu: Add swtpm to emulator cgroup docs/formatdomain.html.in | 45 ++ docs/schemas/domaincommon.rng | 17 + src/conf/domain_audit.c | 2 + src/conf/domain_conf.c | 70 ++- src/conf/domain_conf.h | 14 + src/libvirt_private.syms | 9 + src/qemu/Makefile.inc.am | 2 + src/qemu/libvirtd_qemu.aug | 5 + src/qemu/qemu.conf | 8 + src/qemu/qemu_capabilities.c | 5 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_cgroup.c | 54 ++ src/qemu/qemu_cgroup.h | 1 + src/qemu/qemu_command.c | 40 +- src/qemu/qemu_conf.c | 43 ++ src/qemu/qemu_conf.h | 6 + src/qemu/qemu_domain.c | 4 + src/qemu/qemu_driver.c | 7 + src/qemu/qemu_extdevice.c | 339 +++++++++++ src/qemu/qemu_extdevice.h | 43 ++ src/qemu/qemu_process.c | 17 + src/qemu/test_libvirtd_qemu.aug.in | 2 + src/security/security_dac.c | 6 + src/security/security_driver.h | 4 + src/security/security_manager.c | 17 + src/security/security_manager.h | 3 + src/security/security_selinux.c | 89 +++ src/security/security_stack.c | 19 + src/util/virfile.c | 63 +- src/util/virfile.h | 6 + src/util/virstring.c | 62 ++ src/util/virstring.h | 3 + src/util/virtpm.c | 638 ++++++++++++++++++++- src/util/virtpm.h | 33 +- tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 1 + tests/qemuxml2argvdata/tpm-emulator-tpm2.args | 27 + tests/qemuxml2argvdata/tpm-emulator-tpm2.xml | 30 + tests/qemuxml2argvdata/tpm-emulator.args | 27 + tests/qemuxml2argvdata/tpm-emulator.xml | 30 + tests/qemuxml2argvtest.c | 17 + tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml | 34 ++ tests/qemuxml2xmloutdata/tpm-emulator.xml | 34 ++ tests/qemuxml2xmltest.c | 1 + 47 files changed, 1866 insertions(+), 16 deletions(-) create mode 100644 src/qemu/qemu_extdevice.c create mode 100644 src/qemu/qemu_extdevice.h create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.args create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.xml create mode 100644 tests/qemuxml2argvdata/tpm-emulator.args create mode 100644 tests/qemuxml2argvdata/tpm-emulator.xml create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator.xml -- 2.5.5 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
