On Thu, May 10, 2018 at 11:57 PM +0200, Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> wrote:
> Implement functions for managing the storage of the external swtpm as well
> as starting and stopping it. Also implement functions to use swtpm_setup,
> which simulates the manufacturing of a TPM, which includes creation of
> certificates for the device.
>
> Further, the external TPM needs storage on the host that we need to set
> up before it can be run. We can clean up the host once the domain is
> undefined.
>
> This patch also implements a small layer for external device support that
> calls into the TPM device layer if a domain has an attached TPM. This is
> the layer we will wire up later on.
>
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
> ---
[…snip…]
> +
> +/*
> + * qemuExtTPMStartEmulator:
> + *
> + * @driver: QEMU driver
> + * @def: domain definition
> + * @logCtxt: log context
> + *
> + * Start the external TPM Emulator:
> + * - have the command line built
> + * - start the external TPM Emulator and sync with it before QEMU start
> + */
> +static int
> +qemuExtTPMStartEmulator(virQEMUDriverPtr driver,
> + virDomainDefPtr def,
> + qemuDomainLogContextPtr logCtxt)
> +{
> + int ret = -1;
> + virCommandPtr cmd = NULL;
> + int exitstatus;
> + char *errbuf = NULL;
> + virQEMUDriverConfigPtr cfg;
> + virDomainTPMDefPtr tpm = def->tpm;
> + char *shortName = virDomainDefGetShortName(def);
> +
> + if (!shortName)
> + return -1;
> +
> + cfg = virQEMUDriverGetConfig(driver);
> +
> + /* stop any left-over TPM emulator for this VM */
> + qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName);
> +
> + if (!(cmd = qemuTPMEmulatorBuildCommand(tpm, def->name, def->uuid,
> + driver->privileged,
> + cfg->swtpm_user,
> + cfg->swtpm_group)))
> + goto cleanup;
> +
> + if (qemuExtDeviceLogCommand(logCtxt, cmd, "TPM Emulator") < 0)
> + goto cleanup;
> +
> + virCommandSetErrorBuffer(cmd, &errbuf);
> +
> + if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus != 0) {
> + VIR_ERROR(_("Could not start 'swtpm'. exitstatus: %d "
> + "stderr: %s"), exitstatus, errbuf);
> + virReportError(VIR_ERR_INTERNAL_ERROR,
> + _("Could not start 'swtpm'. exitstatus: %d, "
> + "error: %s"), exitstatus, errbuf);
Do we need both? (VIR_ERROR and virReportError)?
[…snip]
Beste Grüße / Kind regards
Marc Hartmayer
IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
