Supported TPM passthrough XML may look as follows:
<tpm model='tpm-tis'>
<backend type='passthrough'>
<device path='/dev/tpm0'/>
</backend>
</tpm>
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
Reviewed-by: Corey Bryant <coreyb@xxxxxxxxxxxxxxxxxx>
Tested-by: Corey Bryant <coreyb@xxxxxxxxxxxxxxxxxx>
---
docs/formatdomain.html.in | 58 ++++++++++++++++++++++++++++++++++++++++++
docs/schemas/domaincommon.rng | 43 +++++++++++++++++++++++++++++++
2 files changed, 101 insertions(+)
Index: libvirt/docs/formatdomain.html.in
===================================================================
--- libvirt.orig/docs/formatdomain.html.in
+++ libvirt/docs/formatdomain.html.in
@@ -4415,6 +4415,64 @@ qemu-kvm -net nic,model=? /dev/null
</dl>
+ <h4><a name="elementsTpm">TPM device</a></h4>
+
+ <p>
+ The TPM device enables a QEMU guest to have access to TPM
+ functionality.
+ </p>
+ <p>
+ The TPM passthrough device type provides access to the host's TPM
+ for one QEMU guest. No other software may be is using the TPM device,
+ typically /dev/tpm0, at the time the QEMU guest is started.
+ <span class="since">'passthrough' since 1.0.5</span>
+ </p>
+
+ <p>
+ Example: usage of the TPM passthrough device
+ </p>
+<pre>
+ ...
+ <devices>
+ <tpm model='tpm-tis'>
+ <backend type='passthrough'>
+ <backend path='/dev/tpm0'/>
+ </backend>
+ </tpm>
+ </devices>
+ ...
+</pre>
+ <dl>
+ <dt><code>model</code></dt>
+ <dd>
+ <p>
+ The <code>model</code> attribute specifies what device
+ model QEMU provides to the guest. If no model name is provided,
+ <code>tpm-tis</code> will automatically be chosen.
+ </p>
+ </dd>
+ <dt><code>backend</code></dt>
+ <dd>
+ <p>
+ The <code>backend</code> element specifies the type of
+ TPM device. The following types are supported:
+ </p>
+ <ul>
+ <li>'passthrough' — use the host's TPM device.
+ </ul>
+ </dd>
+ <dt><code>backend type='passthrough'</code></dt>
+ <dd>
+ <p>
+ This backend type requires exclusive access to a TPM device on
+ the host.
+ An example for such a device is /dev/tpm0. The filename is
+ specified as path attribute of the <code>source</code> element.
+ If no file name is specified then /dev/tpm0 is automatically used.
+ </p>
+ </dd>
+ </dl>
+
<h3><a name="seclabel">Security label</a></h3>
<p>
Index: libvirt/docs/schemas/domaincommon.rng
===================================================================
--- libvirt.orig/docs/schemas/domaincommon.rng
+++ libvirt/docs/schemas/domaincommon.rng
@@ -2876,6 +2876,48 @@
<text/>
</element>
</define>
+
+ <define name="tpm">
+ <element name="tpm">
+ <optional>
+ <attribute name="model">
+ <choice>
+ <value>tpm-tis</value>
+ </choice>
+ </attribute>
+ </optional>
+ <ref name="tpm-backend"/>
+ <optional>
+ <ref name="alias"/>
+ </optional>
+ </element>
+ </define>
+
+ <define name="tpm-backend">
+ <element name="backend">
+ <choice>
+ <group>
+ <attribute name="type">
+ <value>passthrough</value>
+ </attribute>
+ <ref name="tpm-passthrough-device"/>
+ </group>
+ </choice>
+ </element>
+ </define>
+
+ <define name="tpm-passthrough-device">
+ <optional>
+ <element name="device">
+ <optional>
+ <attribute name="path">
+ <ref name="filePath"/>
+ </attribute>
+ </optional>
+ </element>
+ </optional>
+ </define>
+
<define name="input">
<element name="input">
<attribute name="type">
@@ -3200,6 +3242,7 @@
<ref name="redirdev"/>
<ref name="redirfilter"/>
<ref name="rng"/>
+ <ref name="tpm"/>
</choice>
</zeroOrMore>
<optional>
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list