Describe the encryption element in the TPM's domain XML. Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> --- docs/formatdomain.html.in | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index a7a6ec32a5..b53ea7d6f4 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -8212,6 +8212,9 @@ qemu-kvm -net nic,model=? /dev/null TPM functionality for each VM. QEMU talks to it over a Unix socket. With the emulator device type each guest gets its own private TPM. <span class="since">'emulator' since 4.5.0</span> + The state of the TPM emulator can be encrypted by providing an + <code>encryption</code> element. + <span class="since">'encryption' since 5.5.0</span> </p> <p> Example: usage of the TPM Emulator @@ -8221,6 +8224,9 @@ qemu-kvm -net nic,model=? /dev/null <devices> <tpm model='tpm-tis'> <backend type='emulator' version='2.0'> + <encryption format='vtpm'> + <secret type='passphrase' usage='VTPM_example'/> + </encryption> </backend> </tpm> </devices> @@ -8283,6 +8289,16 @@ qemu-kvm -net nic,model=? /dev/null <li>'2.0' : creates a TPM 2.0</li> </ul> </dd> + <dt><code>encryption</code></dt> + <dd> + <p> + The <code>encryption</code> element allows the state of a TPM emulator + to be encrypted. The <code>format</code> attribute must be <code>vtpm</code>. + The <code>secret</code> element must reference a secret object using + either its <code>usage</code> or <code>uuid</code>. The <code>type</code> + attribute must be set to <code>passphrase</code>. + </p> + </dd> </dl> <h4><a id="elementsNVRAM">NVRAM device</a></h4> -- 2.20.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list