On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger wrote:
>
> Describe the encryption element in the TPM's domain XML.
>
> Signed-off-by: Stefan Berger
> ---
> docs/formatdomain.html.in | 16
> 1 file changed, 16 insertions(+)
>
> diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
> index a7a6ec32a5..b53ea7d6f4 100644
> --- a/docs/formatdomain.html.in
> +++ b/docs/formatdomain.html.in
> @@ -8212,6 +8212,9 @@ qemu-kvm -net nic,model=? /dev/null
>TPM functionality for each VM. QEMU talks to it over a Unix socket.
> With
>the emulator device type each guest gets its own private TPM.
>'emulator' since 4.5.0
> + The state of the TPM emulator can be encrypted by providing an
> + encryption element.
> + 'encryption' since 5.5.0
here too, 5.6.0 I presume
Reviewed-by: Marc-André Lureau
>
>
> Example: usage of the TPM Emulator
> @@ -8221,6 +8224,9 @@ qemu-kvm -net nic,model=? /dev/null
>devices
> tpm model='tpm-tis'
>backend type='emulator' version='2.0'
> +encryption format='vtpm'
> + secret type='passphrase' usage='VTPM_example'/
> +/encryption
>/backend
> /tpm
>/devices
> @@ -8283,6 +8289,16 @@ qemu-kvm -net nic,model=? /dev/null
>'2.0' : creates a TPM 2.0
>
>
> + encryption
> +
> +
> + The encryption element allows the state of a TPM
> emulator
> + to be encrypted. The format attribute must be
> vtpm.
> + The secret element must reference a secret object
> using
> + either its usage or uuid. The
> type
> + attribute must be set to passphrase.
> +
> +
>
>
> NVRAM device
> --
> 2.20.1
>
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list