On Thu, Jul 25, 2019 at 02:21:56PM -0400, Stefan Berger wrote: > This series of patches addresses the RFE in BZ 172830: > https://bugzilla.redhat.com/show_bug.cgi?id=1728030 > > This series of patches adds support for vTPM state encryption by passing > the read-end of a pipe's file descriptor to 'swtpm_setup' and 'swtpm' > where they can read a passphrase from and derive a key from that passphrase. > > The TPM's domain XML looks to enable state encryption looks like this: > > <tpm model='tpm-tis'> > <backend type='emulator' version='1.2'> > <encryption secret='2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd'/> > </backend> > </tpm> > > The vTPM secret holding the passphrase looks like this: > > <secret ephemeral='no' private='yes'> > <uuid>2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd</uuid> > <description>vTPM passphrase example</description> > <usage type='vtpm'> > <name>vtpm_example</name> > </usage> > </secret> > > > The swtpm v0.2 is needed that supports the command line option > --print-capabilities returning a JSON object that identifies features added > since v0.1. One such features is the possibility to pass a passphrase via a > file descriptor. > > The patches do some refactoring of existing code on the way. This series is now pushed to GIT, thanks for your work on it Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
