[libvirt] [PATCH v3 03/11] Add documentation and schema for TPM passthrough
Corey Bryant
coreyb at linux.vnet.ibm.com
Mon Apr 1 19:53:28 UTC 2013
On 03/21/2013 11:42 AM, Stefan Berger wrote:
> Signed-off-by: Stefan Berger<stefanb at linux.vnet.ibm.com>
>
> ---
> docs/formatdomain.html.in | 57 ++++++++++++++++++++++++++++++++++++++++++
> docs/schemas/domaincommon.rng | 43 +++++++++++++++++++++++++++++++
> 2 files changed, 100 insertions(+)
>
> Index: libvirt/docs/formatdomain.html.in
> ===================================================================
> --- libvirt.orig/docs/formatdomain.html.in
> +++ libvirt/docs/formatdomain.html.in
> @@ -4376,6 +4376,63 @@ qemu-kvm -net nic,model=? /dev/null
>
> </dl>
>
> + <h4><a name="elementsTpm">TPM device</a></h4>
> +
> + <p>
> + The TPM device enables a QEMU guest to have access to TPM
> + functionality.
> + </p>
> + <p>
> + The TPM passthrough device type provides access to the host's TPM
> + for one QEMU guest. No other software may be is using the TPM device,
> + typically /dev/tpm0, at the time the QEMU guest is started.
> + <span class="since">'passthrough' since 1.0.4</span>
> + </p>
> +
> + <p>
> + Example: usage of the TPM passthrough device
> + </p>
> +<pre>
> + ...
> + <device>
> + <tpm model='tpm-tis'>
> + <backend type='passthrough'>
> + <backend path='/dev/tpm0'/>
> + </backend>
> + </tpm>
> + </device>
> +</pre>
> + <dl>
> + <dt><code>model</code></dt>
> + <dd>
> + <p>
> + The <code>model</code> attribute specifies what device
> + model QEMU provides to the guest. If no model name is provided,
> + <code>tpm-tis</code> will automatically be chosen.
> + </p>
> + </dd>
> + <dt><code>backend</code></dt>
> + <dd>
> + <p>
> + The <code>backend</code> element specifies the type of
> + TPM device. The following types are supported:
> + </p>
> + <ul>
> + <li>'passthrough' — use the hosts's TPM device.
s/hosts's/host's/
> + </ul>
> + </dd>
> + <dt><code>backend type='passthrough'</code></dt>
> + <dd>
> + <p>
> + This backend type requires exclusive access to a TPM device on
> + the host.
> + An example for such a device is /dev/tpm0. The filename is
> + specified as path attribute of the <code>source</code> element.
> + If no file name is specified then /dev/tpm0 is automatically used.
> + </p>
> + </dd>
> + </dl>
> +
> <h3><a name="seclabel">Security label</a></h3>
>
> <p>
> Index: libvirt/docs/schemas/domaincommon.rng
> ===================================================================
> --- libvirt.orig/docs/schemas/domaincommon.rng
> +++ libvirt/docs/schemas/domaincommon.rng
> @@ -2824,6 +2824,48 @@
> <text/>
> </element>
> </define>
> +
> + <define name="tpm">
> + <element name="tpm">
> + <optional>
> + <attribute name="model">
> + <choice>
> + <value>tpm-tis</value>
> + </choice>
> + </attribute>
> + </optional>
> + <ref name="tpm-backend"/>
> + <optional>
> + <ref name="alias"/>
> + </optional>
> + </element>
> + </define>
> +
> + <define name="tpm-backend">
> + <element name="backend">
> + <choice>
> + <group>
> + <attribute name="type">
> + <value>passthrough</value>
> + </attribute>
> + <ref name="tpm-passthrough-device"/>
> + </group>
> + </choice>
> + </element>
> + </define>
> +
> + <define name="tpm-passthrough-device">
> + <optional>
> + <element name="device">
> + <optional>
> + <attribute name="path">
> + <ref name="filePath"/>
> + </attribute>
Do you need to define cancel-path too?
> + </optional>
> + </element>
> + </optional>
> + </define>
> +
> <define name="input">
> <element name="input">
> <attribute name="type">
> @@ -3134,6 +3176,7 @@
> <ref name="redirdev"/>
> <ref name="redirfilter"/>
> <ref name="rng"/>
> + <ref name="tpm"/>
> </choice>
> </zeroOrMore>
> <optional>
>
--
Regards,
Corey Bryant
More information about the libvir-list
mailing list