Move the code that adds encryption options for the swtpm_setup command line into its own function. Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> --- src/qemu/qemu_tpm.c | 55 +++++++++++++++++++++++++++++++-------------- 1 file changed, 38 insertions(+), 17 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 5a05273100..93cb04f49d 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -422,6 +422,42 @@ qemuTPMCreateConfigFiles(const char *swtpm_setup) } +/* + * Add encryption parameters to swtpm_setup command line. + * + * @cmd: virCommand to add options to + * @swtpm_setup: swtpm_setup tool path + * @secretuuid: The secret's uuid; may be NULL + */ +static int +qemuTPMVirCommandAddEncryption(virCommand *cmd, + const char *swtpm_setup, + const unsigned char *secretuuid) +{ + int pwdfile_fd; + + if (!secretuuid) + return 0; + + if (!virTPMSwtpmSetupCapsGet( + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD)) { + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, + _("%s does not support passing a passphrase using a file " + "descriptor"), swtpm_setup); + return -1; + } + if ((pwdfile_fd = qemuTPMSetupEncryption(secretuuid, cmd)) < 0) + return -1; + + virCommandAddArg(cmd, "--pwdfile-fd"); + virCommandAddArgFormat(cmd, "%d", pwdfile_fd); + virCommandAddArgList(cmd, "--cipher", "aes-256-cbc", NULL); + virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT); + + return 0; +} + + /* * qemuTPMEmulatorRunSetup * @@ -495,23 +531,8 @@ qemuTPMEmulatorRunSetup(const char *storagepath, break; } - if (secretuuid) { - if (!virTPMSwtpmSetupCapsGet( - VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD)) { - virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, - _("%s does not support passing a passphrase using a file " - "descriptor"), swtpm_setup); - return -1; - } - if ((pwdfile_fd = qemuTPMSetupEncryption(secretuuid, cmd)) < 0) - return -1; - - virCommandAddArg(cmd, "--pwdfile-fd"); - virCommandAddArgFormat(cmd, "%d", pwdfile_fd); - virCommandAddArgList(cmd, "--cipher", "aes-256-cbc", NULL); - virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT); - pwdfile_fd = -1; - } + if (qemuTPMVirCommandAddEncryption(cmd, swtpm_setup, secretuuid) < 0) + return -1; if (!incomingMigration) { virCommandAddArgList(cmd, -- 2.31.1