Describe the encryption element in the TPM's domain XML.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
docs/formatdomain.html.in | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 1d57729394..1938bd875c 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -8215,6 +8215,9 @@ qemu-kvm -net nic,model=? /dev/null
TPM functionality for each VM. QEMU talks to it over a Unix socket. With
the emulator device type each guest gets its own private TPM.
<span class="since">'emulator' since 4.5.0</span>
+ The state of the TPM emulator can be encrypted by providing an
+ <code>encryption</code> element.
+ <span class="since">'encryption' since 5.6.0</span>
</p>
<p>
Example: usage of the TPM Emulator
@@ -8224,6 +8227,7 @@ qemu-kvm -net nic,model=? /dev/null
<devices>
<tpm model='tpm-tis'>
<backend type='emulator' version='2.0'>
+ <encryption secret='6dd3e4a5-1d76-44ce-961f-f119f5aad935'/>
</backend>
</tpm>
</devices>
@@ -8286,6 +8290,14 @@ qemu-kvm -net nic,model=? /dev/null
<li>'2.0' : creates a TPM 2.0</li>
</ul>
</dd>
+ <dt><code>encryption</code></dt>
+ <dd>
+ <p>
+ The <code>encryption</code> element allows the state of a TPM emulator
+ to be encrypted. The <code>secret</code> must reference a secret object
+ that holds the passphrase from which the encryption key will be derived.
+ </p>
+ </dd>
</dl>
<h4><a id="elementsNVRAM">NVRAM device</a></h4>
--
2.20.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
