On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> wrote: > > Describe the encryption element in the TPM's domain XML. > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> > --- > docs/formatdomain.html.in | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in > index a7a6ec32a5..b53ea7d6f4 100644 > --- a/docs/formatdomain.html.in > +++ b/docs/formatdomain.html.in > @@ -8212,6 +8212,9 @@ qemu-kvm -net nic,model=? /dev/null > TPM functionality for each VM. QEMU talks to it over a Unix socket. With > the emulator device type each guest gets its own private TPM. > <span class="since">'emulator' since 4.5.0</span> > + The state of the TPM emulator can be encrypted by providing an > + <code>encryption</code> element. > + <span class="since">'encryption' since 5.5.0</span> here too, 5.6.0 I presume Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx> > </p> > <p> > Example: usage of the TPM Emulator > @@ -8221,6 +8224,9 @@ qemu-kvm -net nic,model=? /dev/null > <devices> > <tpm model='tpm-tis'> > <backend type='emulator' version='2.0'> > + <encryption format='vtpm'> > + <secret type='passphrase' usage='VTPM_example'/> > + </encryption> > </backend> > </tpm> > </devices> > @@ -8283,6 +8289,16 @@ qemu-kvm -net nic,model=? /dev/null > <li>'2.0' : creates a TPM 2.0</li> > </ul> > </dd> > + <dt><code>encryption</code></dt> > + <dd> > + <p> > + The <code>encryption</code> element allows the state of a TPM emulator > + to be encrypted. The <code>format</code> attribute must be <code>vtpm</code>. > + The <code>secret</code> element must reference a secret object using > + either its <code>usage</code> or <code>uuid</code>. The <code>type</code> > + attribute must be set to <code>passphrase</code>. > + </p> > + </dd> > </dl> > > <h4><a id="elementsNVRAM">NVRAM device</a></h4> > -- > 2.20.1 > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
