Re: [PATCH v4 00/11] swtpm: Add support for profiles

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi

On Wed, Nov 13, 2024 at 9:40 PM Stefan Berger <stefanb@xxxxxxxxxxxxx> wrote:
>
> Upcoming libtpms v0.10 and swtpm v0.10 will have TPM profile support that
> allows to restrict a TPM's provided set of crypto algorithms and commands
> and through which backwards compatibility and migration from newer versions
> of libtpms to older ones (up to libtpms v0.9) is supported. For the latter
> to work it is necessary that the user chooses the right ('null') profile.
>
> This series adds support for passing a profile choice to swtpm_setup by
> setting it in the domain XML using the <profile/> XML node. An optional
> attribute 'remove_disabled' can be set in this node and accepts two values:
>
> "check": test a few crypto algorithms (tdes, camellia, unpadded encryption,
>          and others) for whether they are currently disabled due to FIPS
>          mode on the host and remove these algorithms in the 'custom'
>          profile if they are disabled;
> "fips-host": do not test but remove all the possibly disabled crypto
>              algorithms (from list above)
>
> Also extend the documentation but point the user to swtpm and libtpms
> documentation for further details.
>
> Follow Deniel's suggestions there's now a PR for swtpm_setup to support
> searching for profiles though a configurable local directory, distro
> directory and if no profile could be found there (with appended
> ".json" suffix) it will fall back to try to use a built-in profile by
> the provided name: https://github.com/stefanberger/swtpm/pull/918
>
>     Stefan
>
> v4:
>  - Renamed previous 'name' attribute in profile XML node to 'source'
>    to indicate that the profile was created from some sort of 'source'.
>    The 'name' is now set from the name of the profile read from the
>    swtpm instance's state once it has been created.

This difference between 'source' and 'name' is not described in the
domain xml documentation.

Also the doc still has 10.??.0.

thanks




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux