subject:"\[libvirt\] \[PATCH v3 13\/14\] tpm\: Add support for choosing emulation of a TPM 2"

Re: [libvirt] [PATCH v3 13/14] tpm: Add support for choosing emulation of a TPM 2

2018-05-09 Thread Stefan Berger


On 05/08/2018 05:38 PM, John Ferlan wrote:


On 05/04/2018 04:21 PM, Stefan Berger wrote:

This patch extends the TPM's device XML with TPM 2 support. This only works
for the emulator type backend and looks as follows:

 
   

Perhaps this would be better as just version='2' since you're in a  block?


Ok. Changed it.




 

The swtpm process now has --tpm2 as an additional parameter:

system_u:system_r:svirt_t:s0:c597,c632 tss 18477 11.8  0.0 28364  3868 ?
Rs   11:13  13:50 /usr/bin/swtpm socket --daemon --ctrl 
type=unixio,path=/var/run/libvirt/qemu/swtpm/testvm-swtpm.sock,mode=0660 
--tpmstate dir=/var/lib/libvirt/swtpm/testvm/tpm2,mode=0640 --log 
file=/var/log/swtpm/libvirt/qemu/testvm-swtpm.log --tpm2 --pid 
file=/var/run/libvirt/qemu/swtpm/testvm-swtpm.pid

The version of the TPM can be changed and the state of the TPM is preserved.

Signed-off-by: Stefan Berger 
---
  docs/formatdomain.html.in  | 17 +-
  docs/schemas/domaincommon.rng  | 12 
  src/conf/domain_conf.c | 21 ++-
  src/conf/domain_conf.h |  6 ++
  src/util/virtpm.c  | 79 --
  tests/qemuxml2argvdata/tpm-emulator-tpm2.args  | 27 +
  tests/qemuxml2argvdata/tpm-emulator-tpm2.xml   | 30 ++
  tests/qemuxml2argvtest.c   |  2 +
  tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml | 34 +++
  9 files changed, 221 insertions(+), 7 deletions(-)
  create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.args
  create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.xml
  create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 2a8912f..08df78a 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -7663,7 +7663,7 @@ qemu-kvm -net nic,model=? /dev/null
...
devices
  tpm model='tpm-tis'
-  backend type='emulator'
+  backend type='emulator' tpmversion='2'
/backend
  /tpm
/devices
@@ -7713,6 +7713,21 @@ qemu-kvm -net nic,model=? /dev/null

  

+  tpmversion
+  
+
+  The tpmversion attribute indicates the version
+  of the TPM. By default a TPM 1.2 is created. This attribute
+  only works with the emulator backend. The following
+  versions are supported:
+
+
+  '1.2' : creates a TPM 1.2
+  '2' :  creates a TPM 2
+
+Note that once a certain version of a TPM has been created for
+a guest, the version must not be changed anymore.
+  

I trust we check that somewhere ...


The restriction is not there anymore. I removed this sentence.




  
  
  NVRAM device

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index c65a9a3..a452a13 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -4143,6 +4143,18 @@

  

+  
+
+  
+
+  
+1.2
+2
+  
+   
+  
+
+  
  

  
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c

index a42574a..c98d26a 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -12609,7 +12609,7 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPtr 
xmlopt,
   * or like this:
   *
   * 
- *   
+ *   
   * 
   */
  static virDomainTPMDefPtr
@@ -12622,6 +12622,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
  char *path = NULL;
  char *model = NULL;
  char *backend = NULL;
+char *tpmversion = NULL;
  virDomainTPMDefPtr def;
  xmlNodePtr save = ctxt->node;
  xmlNodePtr *backends = NULL;
@@ -12668,6 +12669,20 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
  goto error;
  }
  
+tpmversion = virXMLPropString(backends[0], "tpmversion");

+if (!tpmversion || STREQ(tpmversion, "1.2")) {
+def->tpmversion = VIR_DOMAIN_TPM_VERSION_1_2;
+/* only TIS available for emulator */
+if (def->type == VIR_DOMAIN_TPM_TYPE_EMULATOR)
+def->model = VIR_DOMAIN_TPM_MODEL_TIS;
+} else if (STREQ(tpmversion, "2")) {
+def->tpmversion = VIR_DOMAIN_TPM_VERSION_2;
+} else {
+virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+   _("Unsupported TPM version '%s'"),
+   tpmversion);
+}
+
  switch (def->type) {
  case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
  path = virXPathString("string(./backend/device/@path)", ctxt);
@@ -12692,6 +12707,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
  VIR_FREE(model);
  VIR_FREE(backend);
  VIR_FREE(backends);
+VIR_FREE(tpmversion);
  ctxt->node = save;
  return def;
  
@@ -24849,6 +24865,9 @@

Re: [libvirt] [PATCH v3 13/14] tpm: Add support for choosing emulation of a TPM 2

2018-05-08 Thread John Ferlan



On 05/04/2018 04:21 PM, Stefan Berger wrote:
> This patch extends the TPM's device XML with TPM 2 support. This only works
> for the emulator type backend and looks as follows:
> 
> 
>   

Perhaps this would be better as just version='2' since you're in a  block?

> 
> 
> The swtpm process now has --tpm2 as an additional parameter:
> 
> system_u:system_r:svirt_t:s0:c597,c632 tss 18477 11.8  0.0 28364  3868 ?  
>   Rs   11:13  13:50 /usr/bin/swtpm socket --daemon --ctrl 
> type=unixio,path=/var/run/libvirt/qemu/swtpm/testvm-swtpm.sock,mode=0660 
> --tpmstate dir=/var/lib/libvirt/swtpm/testvm/tpm2,mode=0640 --log 
> file=/var/log/swtpm/libvirt/qemu/testvm-swtpm.log --tpm2 --pid 
> file=/var/run/libvirt/qemu/swtpm/testvm-swtpm.pid
> 
> The version of the TPM can be changed and the state of the TPM is preserved.
> 
> Signed-off-by: Stefan Berger 
> ---
>  docs/formatdomain.html.in  | 17 +-
>  docs/schemas/domaincommon.rng  | 12 
>  src/conf/domain_conf.c | 21 ++-
>  src/conf/domain_conf.h |  6 ++
>  src/util/virtpm.c  | 79 
> --
>  tests/qemuxml2argvdata/tpm-emulator-tpm2.args  | 27 +
>  tests/qemuxml2argvdata/tpm-emulator-tpm2.xml   | 30 ++
>  tests/qemuxml2argvtest.c   |  2 +
>  tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml | 34 +++
>  9 files changed, 221 insertions(+), 7 deletions(-)
>  create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.args
>  create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.xml
>  create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml
> 

> diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
> index 2a8912f..08df78a 100644
> --- a/docs/formatdomain.html.in
> +++ b/docs/formatdomain.html.in
> @@ -7663,7 +7663,7 @@ qemu-kvm -net nic,model=? /dev/null
>...
>devices
>  tpm model='tpm-tis'
> -  backend type='emulator'
> +  backend type='emulator' tpmversion='2'
>/backend
>  /tpm
>/devices
> @@ -7713,6 +7713,21 @@ qemu-kvm -net nic,model=? /dev/null
>
>  
>
> +  tpmversion
> +  
> +
> +  The tpmversion attribute indicates the version
> +  of the TPM. By default a TPM 1.2 is created. This attribute
> +  only works with the emulator backend. The following
> +  versions are supported:
> +
> +
> +  '1.2' : creates a TPM 1.2
> +  '2' :  creates a TPM 2
> +
> +Note that once a certain version of a TPM has been created for
> +a guest, the version must not be changed anymore.
> +  

I trust we check that somewhere ...

>  
>  
>  NVRAM device
> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> index c65a9a3..a452a13 100644
> --- a/docs/schemas/domaincommon.rng
> +++ b/docs/schemas/domaincommon.rng
> @@ -4143,6 +4143,18 @@
>
>  
>
> +  
> +
> +  
> +
> +  
> +1.2
> +2
> +  
> +   
> +  
> +
> +  
>  
>
>  
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index a42574a..c98d26a 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -12609,7 +12609,7 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPtr 
> xmlopt,
>   * or like this:
>   *
>   * 
> - *   
> + *   
>   * 
>   */
>  static virDomainTPMDefPtr
> @@ -12622,6 +12622,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
>  char *path = NULL;
>  char *model = NULL;
>  char *backend = NULL;
> +char *tpmversion = NULL;
>  virDomainTPMDefPtr def;
>  xmlNodePtr save = ctxt->node;
>  xmlNodePtr *backends = NULL;
> @@ -12668,6 +12669,20 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
>  goto error;
>  }
>  
> +tpmversion = virXMLPropString(backends[0], "tpmversion");
> +if (!tpmversion || STREQ(tpmversion, "1.2")) {
> +def->tpmversion = VIR_DOMAIN_TPM_VERSION_1_2;
> +/* only TIS available for emulator */
> +if (def->type == VIR_DOMAIN_TPM_TYPE_EMULATOR)
> +def->model = VIR_DOMAIN_TPM_MODEL_TIS;
> +} else if (STREQ(tpmversion, "2")) {
> +def->tpmversion = VIR_DOMAIN_TPM_VERSION_2;
> +} else {
> +virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> +   _("Unsupported TPM version '%s'"),
> +   tpmversion);
> +}
> +
>  switch (def->type) {
>  case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
>  path = virXPathString("string(./backend/device/@path)", ctxt);
> @@ -12692,6 +12707,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
>  VIR_FREE(model);
>  VIR_FREE(backend);
>  VIR_FREE(backends);
> +

[libvirt] [PATCH v3 13/14] tpm: Add support for choosing emulation of a TPM 2

2018-05-04 Thread Stefan Berger

This patch extends the TPM's device XML with TPM 2 support. This only works
for the emulator type backend and looks as follows:


  


The swtpm process now has --tpm2 as an additional parameter:

system_u:system_r:svirt_t:s0:c597,c632 tss 18477 11.8  0.0 28364  3868 ?
Rs   11:13  13:50 /usr/bin/swtpm socket --daemon --ctrl 
type=unixio,path=/var/run/libvirt/qemu/swtpm/testvm-swtpm.sock,mode=0660 
--tpmstate dir=/var/lib/libvirt/swtpm/testvm/tpm2,mode=0640 --log 
file=/var/log/swtpm/libvirt/qemu/testvm-swtpm.log --tpm2 --pid 
file=/var/run/libvirt/qemu/swtpm/testvm-swtpm.pid

The version of the TPM can be changed and the state of the TPM is preserved.

Signed-off-by: Stefan Berger 
---
 docs/formatdomain.html.in  | 17 +-
 docs/schemas/domaincommon.rng  | 12 
 src/conf/domain_conf.c | 21 ++-
 src/conf/domain_conf.h |  6 ++
 src/util/virtpm.c  | 79 --
 tests/qemuxml2argvdata/tpm-emulator-tpm2.args  | 27 +
 tests/qemuxml2argvdata/tpm-emulator-tpm2.xml   | 30 ++
 tests/qemuxml2argvtest.c   |  2 +
 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml | 34 +++
 9 files changed, 221 insertions(+), 7 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.args
 create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.xml
 create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 2a8912f..08df78a 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -7663,7 +7663,7 @@ qemu-kvm -net nic,model=? /dev/null
   ...
   devices
 tpm model='tpm-tis'
-  backend type='emulator'
+  backend type='emulator' tpmversion='2'
   /backend
 /tpm
   /devices
@@ -7713,6 +7713,21 @@ qemu-kvm -net nic,model=? /dev/null
   
 
   
+  tpmversion
+  
+
+  The tpmversion attribute indicates the version
+  of the TPM. By default a TPM 1.2 is created. This attribute
+  only works with the emulator backend. The following
+  versions are supported:
+
+
+  '1.2' : creates a TPM 1.2
+  '2' :  creates a TPM 2
+
+Note that once a certain version of a TPM has been created for
+a guest, the version must not be changed anymore.
+  
 
 
 NVRAM device
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index c65a9a3..a452a13 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -4143,6 +4143,18 @@
   
 
   
+  
+
+  
+
+  
+1.2
+2
+  
+   
+  
+
+  
 
   
 
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index a42574a..c98d26a 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -12609,7 +12609,7 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPtr 
xmlopt,
  * or like this:
  *
  * 
- *   
+ *   
  * 
  */
 static virDomainTPMDefPtr
@@ -12622,6 +12622,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
 char *path = NULL;
 char *model = NULL;
 char *backend = NULL;
+char *tpmversion = NULL;
 virDomainTPMDefPtr def;
 xmlNodePtr save = ctxt->node;
 xmlNodePtr *backends = NULL;
@@ -12668,6 +12669,20 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
 goto error;
 }
 
+tpmversion = virXMLPropString(backends[0], "tpmversion");
+if (!tpmversion || STREQ(tpmversion, "1.2")) {
+def->tpmversion = VIR_DOMAIN_TPM_VERSION_1_2;
+/* only TIS available for emulator */
+if (def->type == VIR_DOMAIN_TPM_TYPE_EMULATOR)
+def->model = VIR_DOMAIN_TPM_MODEL_TIS;
+} else if (STREQ(tpmversion, "2")) {
+def->tpmversion = VIR_DOMAIN_TPM_VERSION_2;
+} else {
+virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+   _("Unsupported TPM version '%s'"),
+   tpmversion);
+}
+
 switch (def->type) {
 case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
 path = virXPathString("string(./backend/device/@path)", ctxt);
@@ -12692,6 +12707,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
 VIR_FREE(model);
 VIR_FREE(backend);
 VIR_FREE(backends);
+VIR_FREE(tpmversion);
 ctxt->node = save;
 return def;
 
@@ -24849,6 +24865,9 @@ virDomainTPMDefFormat(virBufferPtr buf,
 virBufferAsprintf(buf, "type));
 
+if (def->tpmversion == VIR_DOMAIN_TPM_VERSION_2)
+virBufferAddLit(buf, " tpmversion='2'");
+
 switch (def->type) {
 case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
 virBufferAddLit(buf, ">\n");
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index

Re: [libvirt] [PATCH v3 13/14] tpm: Add support for choosing emulation of a TPM 2

Re: [libvirt] [PATCH v3 13/14] tpm: Add support for choosing emulation of a TPM 2

[libvirt] [PATCH v3 13/14] tpm: Add support for choosing emulation of a TPM 2

3 matches

Site Navigation

Mail list logo

Footer information