On 11/13/24 18:39, Stefan Berger wrote: > Factor-out code related to adding key to the swtpm command line into its > own function. > > Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx> > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> > --- > src/qemu/qemu_tpm.c | 60 +++++++++++++++++++++++++++------------------ > 1 file changed, 36 insertions(+), 24 deletions(-) > > diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c > index 34db6494a5..bf07b86793 100644 > --- a/src/qemu/qemu_tpm.c > +++ b/src/qemu/qemu_tpm.c > @@ -575,6 +575,38 @@ qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDef *emulator, > return 0; > } > > +static int > +qemuTPMVirCommandSwtpmAddEncryption(virCommand *cmd, > + const virDomainTPMEmulatorDef *emulator, > + const char *swtpm) > +{ > + int pwdfile_fd = -1; > + int migpwdfile_fd = -1; > + > + if (emulator->hassecretuuid) { Alternatively: if (!emulator->hassecretuuid) return 0; .... > + if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) { > + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, > + _("%1$s does not support passing passphrase via file descriptor"), > + swtpm); > + return -1; > + } > + > + if (qemuTPMSetupEncryption(emulator->secretuuid, > + cmd, &pwdfile_fd) < 0) > + return -1; > + > + if (qemuTPMSetupEncryption(emulator->secretuuid, > + cmd, &migpwdfile_fd) < 0) > + return -1; > + > + virCommandAddArg(cmd, "--key"); > + virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", pwdfile_fd); > + > + virCommandAddArg(cmd, "--migration-key"); > + virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", migpwdfile_fd); > + } > + return 0; > +} > > /* > * qemuTPMEmulatorBuildCommand: > @@ -602,8 +634,6 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, > bool created = false; > bool run_setup = false; > g_autofree char *swtpm = virTPMGetSwtpm(); > - int pwdfile_fd = -1; > - int migpwdfile_fd = -1; > const unsigned char *secretuuid = NULL; > bool create_storage = true; > bool on_shared_storage; > @@ -698,28 +728,10 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, > break; > } > > - if (tpm->data.emulator.hassecretuuid) { > - if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) { > - virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, > - _("%1$s does not support passing passphrase via file descriptor"), > - swtpm); > - goto error; > - } > - > - if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, > - cmd, &pwdfile_fd) < 0) > - goto error; > - > - if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, > - cmd, &migpwdfile_fd) < 0) > - goto error; > - > - virCommandAddArg(cmd, "--key"); > - virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", pwdfile_fd); > - > - virCommandAddArg(cmd, "--migration-key"); > - virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", migpwdfile_fd); > - } > + if (qemuTPMVirCommandSwtpmAddEncryption(cmd, > + &tpm->data.emulator, > + swtpm) < 0) > + goto error; > > /* If swtpm supports it and the TPM state is stored on shared storage, > * start swtpm with --migration release-lock-outgoing so it can migrate Michal