On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> wrote:
>
> Extend the TPM device XML parser and XML generator with emulator
> state encryption support.
>
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
> ---
> src/conf/domain_conf.c | 40 +++++++++++++++++++++++++++++++++++++++-
> src/conf/domain_conf.h | 1 +
> 2 files changed, 40 insertions(+), 1 deletion(-)
>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 3323c9a5b1..df6238c299 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -2950,6 +2950,7 @@ void virDomainTPMDefFree(virDomainTPMDefPtr def)
> virDomainChrSourceDefClear(&def->data.emulator.source);
> VIR_FREE(def->data.emulator.storagepath);
> VIR_FREE(def->data.emulator.logfile);
> + virStorageEncryptionFree(def->data.emulator.encryption);
> break;
> case VIR_DOMAIN_TPM_TYPE_LAST:
> break;
> @@ -13048,6 +13049,16 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPtr xmlopt,
> * <tpm model='tpm-tis'>
> * <backend type='emulator' version='2'/>
> * </tpm>
> + *
> + * Emulator state encryption is supported with the following:
> + *
> + * <tpm model='tpm-tis'>
> + * <backend type='emulator' version='2'>
> + * <encryption format='vtpm'>
> + * <secret type='passphrase' uuid='32ee7e76-2178-47a1-ab7b-269e6e348015'/>
> + * </encryption>
> + * </backend>
> + * </tpm>
> */
> static virDomainTPMDefPtr
> virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
> @@ -13063,6 +13074,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
> VIR_AUTOFREE(char *) backend = NULL;
> VIR_AUTOFREE(char *) version = NULL;
> VIR_AUTOFREE(xmlNodePtr *) backends = NULL;
> + xmlNodePtr encnode = NULL;
>
> if (VIR_ALLOC(def) < 0)
> return NULL;
> @@ -13126,6 +13138,21 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
> def->data.passthrough.source.type = VIR_DOMAIN_CHR_TYPE_DEV;
> break;
> case VIR_DOMAIN_TPM_TYPE_EMULATOR:
> + encnode = virXPathNode("./backend/encryption", ctxt);
> + if (encnode) {
> + def->data.emulator.encryption =
> + virStorageEncryptionParseNode(encnode, ctxt);
> + if (!def->data.emulator.encryption)
> + goto error;
> + if (def->data.emulator.encryption->format !=
> + VIR_STORAGE_ENCRYPTION_FORMAT_VTPM) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> + _("Unsupported vTPM encryption type '%s'"),
> + virStorageEncryptionFormatTypeToString(
> + def->data.emulator.encryption->format));
> + goto error;
> + }
> + }
> break;
> case VIR_DOMAIN_TPM_TYPE_LAST:
> goto error;
> @@ -25949,8 +25976,19 @@ virDomainTPMDefFormat(virBufferPtr buf,
> virBufferAddLit(buf, "</backend>\n");
> break;
> case VIR_DOMAIN_TPM_TYPE_EMULATOR:
> - virBufferAsprintf(buf, " version='%s'/>\n",
> + virBufferAsprintf(buf, " version='%s'",
> virDomainTPMVersionTypeToString(def->version));
> + if (def->data.emulator.encryption) {
> + virBufferAddLit(buf, ">\n");
> + virBufferAdjustIndent(buf, 2);
> + if (virStorageEncryptionFormat(buf,
> + def->data.emulator.encryption) < 0)
> + return -1;
> + virBufferAdjustIndent(buf, -2);
> + virBufferAddLit(buf, "</backend>\n");
> + } else {
> + virBufferAddLit(buf, "/>\n");
> + }
> break;
> case VIR_DOMAIN_TPM_TYPE_LAST:
> break;
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index c1b5fc1337..a03986623a 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -1270,6 +1270,7 @@ struct _virDomainTPMDef {
> virDomainChrSourceDef source;
> char *storagepath;
> char *logfile;
> + virStorageEncryptionPtr encryption;
> } emulator;
> } data;
> };
> --
> 2.20.1
>
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
