Run 'swtpm socket --print-capabilities' and 'swtpm_setup --print-capabilities' to get the JSON object of the features the programs are supporting and parse them into a bitmap. Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> --- src/conf/Makefile.inc.am | 6 ++ src/conf/virtpm_conf.c | 36 +++++++++++ src/conf/virtpm_conf.h | 36 +++++++++++ src/libvirt_private.syms | 5 ++ src/tpm/Makefile.inc.am | 5 +- src/tpm/virtpm.c | 125 +++++++++++++++++++++++++++++++++++++-- 6 files changed, 208 insertions(+), 5 deletions(-) create mode 100644 src/conf/virtpm_conf.c create mode 100644 src/conf/virtpm_conf.h diff --git a/src/conf/Makefile.inc.am b/src/conf/Makefile.inc.am index 08c7c9da7f..e42425fcc5 100644 --- a/src/conf/Makefile.inc.am +++ b/src/conf/Makefile.inc.am @@ -153,6 +153,11 @@ DEVICE_CONF_SOURCES = \ conf/device_conf.h \ $(NULL) +TPM_CONF_SOURCES = \ + conf/virtpm_conf.c \ + conf/virtpm_conf.h \ + $(NULL) + CONF_SOURCES = \ $(NETDEV_CONF_SOURCES) \ $(DOMAIN_CONF_SOURCES) \ @@ -171,6 +176,7 @@ CONF_SOURCES = \ $(CPU_CONF_SOURCES) \ $(CHRDEV_CONF_SOURCES) \ $(DEVICE_CONF_SOURCES) \ + $(TPM_CONF_SOURCES) \ $(NULL) noinst_LTLIBRARIES += libvirt_conf.la diff --git a/src/conf/virtpm_conf.c b/src/conf/virtpm_conf.c new file mode 100644 index 0000000000..12e69e67b3 --- /dev/null +++ b/src/conf/virtpm_conf.c @@ -0,0 +1,36 @@ +/* + * virtpm_conf.c: vTPM XML processing + * + * Copyright (C) 2019 IBM Corporation + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#include <config.h> + +#include "virenum.h" +#include "virtpm_conf.h" + +#define VIR_FROM_THIS VIR_FROM_NONE + +VIR_ENUM_IMPL(virTPMSwtpmFeature, + VIR_TPM_SWTPM_FEATURE_LAST, + "cmdarg-pwd-fd", +); + +VIR_ENUM_IMPL(virTPMSwtpmSetupFeature, + VIR_TPM_SWTPM_SETUP_FEATURE_LAST, + "cmdarg-pwdfile-fd", +); diff --git a/src/conf/virtpm_conf.h b/src/conf/virtpm_conf.h new file mode 100644 index 0000000000..73c6c67271 --- /dev/null +++ b/src/conf/virtpm_conf.h @@ -0,0 +1,36 @@ +/* + * virtpm_conf.h: vTPM XML processing + * + * Copyright (C) 2019 IBM Corporation + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#pragma once + +typedef enum { + VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD, + + VIR_TPM_SWTPM_FEATURE_LAST +} virTPMSwtpmFeature; + +typedef enum { + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD, + + VIR_TPM_SWTPM_SETUP_FEATURE_LAST +} virTPMSwtpmSetupFeature; + +VIR_ENUM_DECL(virTPMSwtpmFeature); +VIR_ENUM_DECL(virTPMSwtpmSetupFeature); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index e33d7d9f14..d2045895a1 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1236,6 +1236,11 @@ virStoragePoolObjVolumeGetNames; virStoragePoolObjVolumeListExport; +# conf/virtpm_conf.h +virTPMSwtpmFeatureTypeFromString; +virTPMSwtpmSetupFeatureTypeFromString; + + # cpu/cpu.h cpuDecode; cpuEncode; diff --git a/src/tpm/Makefile.inc.am b/src/tpm/Makefile.inc.am index 1f5131bf34..d8a15c406c 100644 --- a/src/tpm/Makefile.inc.am +++ b/src/tpm/Makefile.inc.am @@ -12,6 +12,9 @@ EXTRA_DIST += \ noinst_LTLIBRARIES += libvirt_tpm.la libvirt_la_BUILT_LIBADD += libvirt_tpm.la -libvirt_tpm_la_CFLAGS = $(AM_CFLAGS) +libvirt_tpm_la_CFLAGS = \ + -I$(srcdir)/conf \ + $(AM_CFLAGS) \ + $(NULL) libvirt_tpm_la_LDFLAGS = $(AM_LDFLAGS) libvirt_tpm_la_SOURCES = $(TPM_UTIL_SOURCES) diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c index e4735f9c4d..5aec663025 100644 --- a/src/tpm/virtpm.c +++ b/src/tpm/virtpm.c @@ -27,6 +27,10 @@ #include "viralloc.h" #include "virfile.h" #include "virtpm.h" +#include "vircommand.h" +#include "virbitmap.h" +#include "virjson.h" +#include "virtpm_conf.h" #define VIR_FROM_THIS VIR_FROM_NONE @@ -74,17 +78,22 @@ virTPMCreateCancelPath(const char *devpath) } /* - * executables for the swtpm; to be found on the host + * executables for the swtpm; to be found on the host along with + * capabilties bitmap */ static char *swtpm_path; static struct stat swtpm_stat; +static virBitmapPtr swtpm_caps; static char *swtpm_setup; static struct stat swtpm_setup_stat; +static virBitmapPtr swtpm_setup_caps; static char *swtpm_ioctl; static struct stat swtpm_ioctl_stat; +typedef int (*TypeFromStringFn)(const char *); + const char * virTPMGetSwtpm(void) { @@ -109,6 +118,99 @@ virTPMGetSwtpmIoctl(void) return swtpm_ioctl; } +/* virTPMExecGetCaps + * + * Execute the prepared command and parse the returned JSON object + * to get the capabilities supported by the executable. + * A JSON object like this is expected: + * + * { + * "type": "swtpm", + * "features": [ + * "cmdarg-seccomp", + * "cmdarg-key-fd", + * "cmdarg-pwd-fd" + * ] + * } + */ +static virBitmapPtr +virTPMExecGetCaps(virCommandPtr cmd, + TypeFromStringFn typeFromStringFn) +{ + int exitstatus; + virBitmapPtr bitmap; + VIR_AUTOFREE(char *) outbuf = NULL; + VIR_AUTOPTR(virJSONValue) json = NULL; + virJSONValuePtr featureList; + virJSONValuePtr item; + size_t idx; + const char *str; + int typ; + + virCommandSetOutputBuffer(cmd, &outbuf); + if (virCommandRun(cmd, &exitstatus) < 0) + return NULL; + + if (!(bitmap = virBitmapNewEmpty())) + return NULL; + + /* older version does not support --print-capabilties -- that's fine */ + if (exitstatus != 0) + return bitmap; + + json = virJSONValueFromString(outbuf); + if (!json) + goto error_bad_json; + + featureList = virJSONValueObjectGetArray(json, "features"); + if (!featureList) + goto error_bad_json; + + if (!virJSONValueIsArray(featureList)) + goto error_bad_json; + + for (idx = 0; idx < virJSONValueArraySize(featureList); idx++) { + item = virJSONValueArrayGet(featureList, idx); + if (!item) + continue; + + str = virJSONValueGetString(item); + if (!str) + goto error_bad_json; + typ = typeFromStringFn(str); + if (typ < 0) + continue; + + if (virBitmapSetBitExpand(bitmap, typ) < 0) + goto cleanup; + } + + cleanup: + return bitmap; + + error_bad_json: + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unexpected JSON format: %s"), outbuf); + goto cleanup; +} + +static virBitmapPtr +virTPMGetCaps(TypeFromStringFn typeFromStringFn, + const char *exec, const char *param1) +{ + VIR_AUTOPTR(virCommand) cmd = NULL; + + if (!(cmd = virCommandNew(exec))) + return NULL; + + if (param1) + virCommandAddArg(cmd, param1); + virCommandAddArg(cmd, "--print-capabilities"); + virCommandClearCaps(cmd); + + return virTPMExecGetCaps(cmd, typeFromStringFn); +} + /* * virTPMEmulatorInit * @@ -122,16 +224,24 @@ virTPMEmulatorInit(void) const char *name; char **path; struct stat *stat; + const char *parm; + virBitmapPtr *caps; + TypeFromStringFn typeFromStringFn; } prgs[] = { { .name = "swtpm", .path = &swtpm_path, .stat = &swtpm_stat, + .parm = "socket", + .caps = &swtpm_caps, + .typeFromStringFn = virTPMSwtpmFeatureTypeFromString, }, { .name = "swtpm_setup", .path = &swtpm_setup, .stat = &swtpm_setup_stat, + .caps = &swtpm_setup_caps, + .typeFromStringFn = virTPMSwtpmSetupFeatureTypeFromString, }, { .name = "swtpm_ioctl", @@ -142,7 +252,7 @@ virTPMEmulatorInit(void) size_t i; for (i = 0; i < ARRAY_CARDINALITY(prgs); i++) { - char *path; + VIR_AUTOFREE(char *) path = NULL; bool findit = *prgs[i].path == NULL; struct stat statbuf; char *tmp; @@ -174,18 +284,25 @@ virTPMEmulatorInit(void) virReportError(VIR_ERR_INTERNAL_ERROR, _("%s is not an executable"), path); - VIR_FREE(path); return -1; } if (stat(path, prgs[i].stat) < 0) { virReportSystemError(errno, _("Could not stat %s"), path); - VIR_FREE(path); return -1; } tmp = *prgs[i].path; *prgs[i].path = path; VIR_FREE(tmp); + + if (prgs[i].caps) { + *prgs[i].caps = virTPMGetCaps(prgs[i].typeFromStringFn, + path, prgs[i].parm); + path = NULL; + if (!*prgs[i].caps) + return -1; + } + path = NULL; } } -- 2.20.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list