On Thu, May 24, 2018 at 02:17:13PM +0200, Marc Hartmayer wrote:
On Tue, May 22, 2018 at 10:44 PM +0200, Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> wrote:This patch extends the TPM's device XML with TPM 2 support. This only works for the emulator type backend and looks as follows: <tpm model='tpm-tis'> <backend type='emulator' version='2'/> </tpm> The swtpm process now has --tpm2 as an additional parameter: system_u:system_r:svirt_t:s0:c597,c632 tss 18477 11.8 0.0 28364 3868 ? Rs 11:13 13:50 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/var/run/libvirt/qemu/swtpm/testvm-swtpm.sock,mode=0660 --tpmstate dir=/var/lib/libvirt/swtpm/testvm/tpm2,mode=0640 --log file=/var/log/swtpm/libvirt/qemu/testvm-swtpm.log --tpm2 --pid file=/var/run/libvirt/qemu/swtpm/testvm-swtpm.pid The version of the TPM can be changed and the state of the TPM is preserved. Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> Reviewed-by: John Ferlan <jferlan@xxxxxxxxxx> --- docs/formatdomain.html.in | 15 ++++- docs/schemas/domaincommon.rng | 12 ++++ src/conf/domain_conf.c | 27 ++++++++- src/conf/domain_conf.h | 6 ++ src/qemu/qemu_tpm.c | 64 +++++++++++++++++++++- .../tpm-emulator-tpm2.x86_64-latest.args | 33 +++++++++++ tests/qemuxml2argvdata/tpm-emulator-tpm2.xml | 30 ++++++++++ tests/qemuxml2argvtest.c | 1 + tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml | 34 ++++++++++++ 9 files changed, 217 insertions(+), 5 deletions(-) create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.xml create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 08a57bd751..043c8da56f 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -7719,7 +7719,7 @@ qemu-kvm -net nic,model=? /dev/null ... <devices> <tpm model='tpm-tis'> - <backend type='emulator'> + <backend type='emulator' version='2'> </backend> </tpm> </devices> @@ -7769,6 +7769,19 @@ qemu-kvm -net nic,model=? /dev/null </dd> </dl> </dd> + <dt><code>version</code></dt> + <dd> + <p> + The <code>version</code> attribute indicates the version + of the TPM. By default a TPM 1.2 is created. This attribute + only works with the <code>emulator</code> backend. The following + versions are supported: + </p> + <ul> + <li>'1.2' : creates a TPM 1.2</li> + <li>'2' : creates a TPM 2</li> + </ul> + </dd> </dl> <h4><a id="elementsNVRAM">NVRAM device</a></h4> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 3582cb5019..f11833075a 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -4130,6 +4130,18 @@ </attribute> </group> </choice> + <choice> + <group> + <optional> + <attribute name="version"> + <choice> + <value>1.2</value> + <value>2</value> + </choice> + </attribute> + </optional> + </group> + </choice> </element> </define> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 15dd490d17..79904789ee 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -12657,7 +12657,7 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPtr xmlopt, * or like this: * * <tpm model='tpm-tis'> - * <backend type='emulator'/> + * <backend type='emulator' version='2'/> * </tpm> */ static virDomainTPMDefPtr @@ -12670,6 +12670,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt, char *path = NULL; char *model = NULL; char *backend = NULL; + char *version = NULL; virDomainTPMDefPtr def; xmlNodePtr save = ctxt->node; xmlNodePtr *backends = NULL; @@ -12716,6 +12717,20 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt, goto error; } + version = virXMLPropString(backends[0], "version"); + if (!version || STREQ(version, "1.2")) { + def->version = VIR_DOMAIN_TPM_VERSION_1_2; + /* only TIS available for emulator */ + if (def->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) + def->model = VIR_DOMAIN_TPM_MODEL_TIS;This will silently overwrite an already defined model - is this intended? Also this seems like some kind of validation logic - not sure if virDomainTPMDefParseXML is the right place for this.
Yes, DefParse would ideally just convert what was provided in the XML to our internal data types. Setting defaults belongs in PostParse (either in src/conf or in src/qemu) and for validation we have qemu.*DefValidate. Jano
Attachment:
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list