On 10/28/21 14:16, Daniel P. Berrangé wrote:
On Thu, Oct 28, 2021 at 01:51:33PM -0400, Stefan Berger wrote:
On the libvirt side, I think we could have a domain XML config option
for PCR banks, to allow the built-in default or admin local default to
be override per-VM.
Is there an example of an attribute that can only be set once in the domain
XML and cannot be modified after? The choice of active PCR banks is limited
to 'TPM manufacturing' time, which means swtpm_setup runs once only when the
swtpm's state directory does not exist because later it would overwrite the
entire state and erase all keys etc.. Later manipulations of the PCR banks
would have to be done using the firmware menu, which exist in EDK2, SeaBIOS
and SLOF.
Yeah, it is a little unusual, but then I guess we have the similarish
with other firmware selection, where setting "secure=yes|no" determines
which OVMF binary we pick to use.
I will probably add a new feature (for swtpm v0.7) to be able to
reconfigure the active pcr banks. The availability of this feature can
be detected by libvirt via the JSON that swtpm_setup
--print-capabilities returns (as usual). Now the problems are:
- What to do when an older version of swtpm package is installed
regarding the contents of the XML? Reject the pcr banks one can declare
in the domain XML? The other option would be to allow the XML but not to
react to it at all and document that one needs swptm v0.7 or later which
will probably be the case in most setups sooner or later.
- How would one track changes to the XML versus the state of the swtpm?
At the moment I would run the reconfigure script ever time if a set of
active PCR banks was given in the XML and it would log like shown below.
Should we just turn off the logging (no --log <filename> option) for
when doing the '--reconfigure'? Or still log it? Or could we assume the
user will remove the active PCR banks description from the XML to avoid
the running of swtpm_setup every time to reconfigure (probably not)?
$ swtpm_setup --tpmstate ./ --tpm2 --reconfigure --pcr-banks sha1
Starting vTPM reconfiguration as stefanb:stefanb @ Fri 29 Oct 2021
03:23:59 PM EDT
TPM is listening on Unix socket.
Successfully activated PCR banks sha1 among sha1,sha256,sha384,sha512.
Successfully authored TPM state.
Ending vTPM manufacturing @ Fri 29 Oct 2021 03:23:59 PM EDT
The only concern is a log full of these messages.
The alternative is to configuring the active PCR banks on the
swtpm_setup level via swtpm_setup.conf and default compile-time options
and leave the reconfiguration to using the firmware...
Stefan