[libvirt] [PATCH v6 00/11] Add support for guests with TPM passthrough device

Stefan Berger stefanb at linux.vnet.ibm.com
Fri Apr 12 18:39:08 UTC 2013 

On 04/12/2013 11:54 AM, Daniel P. Berrange wrote:
> On Fri, Apr 12, 2013 at 11:29:43AM -0400, Stefan Berger wrote:
>> On 04/12/2013 09:37 AM, Daniel P. Berrange wrote:
>>> On Fri, Apr 12, 2013 at 09:25:14AM -0400, Stefan Berger wrote:
>>>> Hello!
>>>>
>>>> The following set of patches adds support to libvirt for
>>>> adding a TPM passthrough device to a QEMU guest. Support for
>>>> this was recently accepted into QEMU.
>>>>
>>>> This set of patches borrows a lot from the recently added support
>>>> for rng's.
>>>>
>>>> Regards,
>>>>      Stefan
>>>>
>>>> ---
>>>> v5->v6:
>>>>    - followed tree to 039a3283
>>>>    - simplified virTPMFindCancelPath in 4/11 following D. Berrange's comments
>>> ACK to all patches in v6.
>> Argh, after removing the cancel_path from the virDomainTPMDef
>> structure and now determining the cancel_path at the places where it
>> is needed and verifying that the file actually exists, the test case
>> only works if the device actually exists since it runs through that
>> code when creating the QEMU command line... The idea is to SELinux
>> label the device it in libvirt, which is a 'must', and pass that
>> same file that was labeled via QEMU command line for QEMU to just
>> use it. QEMU, however, can determine this file itself also -- though
>> I should simplify the code there as well. I thought it was better to
>> not assume the two are in lock-step, i.e., can find the same file,
>> but let libvirt pass the file that was determined.
> This says to me that the virTPMFindCancelPath method is still too
> over-engineered. It could just accept /dev/tpm0 and return
> /sys/misc/tpm0/cancel unconditionally, without trying to probe
> sysfs to see what exists there.  The security drivers will still
> be validating that the file actually exists when starting QEMU,
> so no need to do that on every call to virTPMFindCancelPath

You are of course right. Let me append the latest version of this file 
to v6 4/11 for review.

    Stefan

More information about the libvir-list mailing list