[libvirt] [PATCH v2 0/6] Add support for TPM emulator and CRB interface
Stefan Berger
stefanb at linux.vnet.ibm.com
Wed Apr 11 02:49:59 UTC 2018
This series of patches add support for the new TPM CRB interface in
QEMU that will become available with QEMU 2.12.
The rest of the patches add support for the TPM emulator backend that is
available in QEMU and based on swtpm + libtpms. It allows to attach a
TPM 1.2 or 2 to a QEMU VM. sVirt labels are used for labeling the swtpm
process, its UnixIO socket, and log file with the same label that the
QEMU process gets. Besides that swtpm is added to the emulator cgroup.
The device XML can be changed from a TPM 1.2 to a TPM 2 and back to a
TPM 1.2. The device state is not removed during those changes but only
when the domain is undefined.
I must admit that the first swtpm support patch is quite big. So far I
only broke out the test cases into a subsequent patch.
Regards,
Stefan
v1->v2:
- reorganized directories where files are written to
- all directories and files are chown'ed before swtpm is started
- much refactoring
Stefan Berger (6):
tpm: Enable TPM CRB interface
tpm: Add support for external swtpm TPM emulator
tpm: Add test cases for external swtpm TPM emulator
tpm: Label the external swtpm with SELinux labels
tpm: Add support for choosing emulation of a TPM 2
tpm: Add swtpm to emulator cgroup
docs/formatdomain.html.in | 47 ++
docs/schemas/domaincommon.rng | 23 +-
src/conf/domain_audit.c | 2 +
src/conf/domain_conf.c | 73 ++-
src/conf/domain_conf.h | 15 +
src/libvirt_private.syms | 9 +
src/qemu/Makefile.inc.am | 2 +
src/qemu/libvirtd_qemu.aug | 3 +
src/qemu/qemu.conf | 7 +
src/qemu/qemu_capabilities.c | 10 +
src/qemu/qemu_capabilities.h | 2 +
src/qemu/qemu_cgroup.c | 54 ++
src/qemu/qemu_cgroup.h | 1 +
src/qemu/qemu_command.c | 52 +-
src/qemu/qemu_conf.c | 35 +-
src/qemu/qemu_conf.h | 5 +
src/qemu/qemu_domain.c | 4 +
src/qemu/qemu_driver.c | 7 +
src/qemu/qemu_extdevice.c | 303 +++++++++++
src/qemu/qemu_extdevice.h | 44 ++
src/qemu/qemu_process.c | 16 +
src/qemu/test_libvirtd_qemu.aug.in | 1 +
src/security/security_dac.c | 6 +
src/security/security_driver.h | 4 +
src/security/security_manager.c | 18 +
src/security/security_manager.h | 3 +
src/security/security_selinux.c | 75 +++
src/security/security_stack.c | 19 +
src/util/vircgroup.c | 42 ++
src/util/vircgroup.h | 1 +
src/util/virfile.c | 60 +++
src/util/virfile.h | 2 +
src/util/virtpm.c | 596 ++++++++++++++++++++-
src/util/virtpm.h | 25 +-
tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 2 +
tests/qemuxml2argvdata/tpm-emulator-tpm2.args | 24 +
tests/qemuxml2argvdata/tpm-emulator-tpm2.xml | 30 ++
tests/qemuxml2argvdata/tpm-emulator.args | 24 +
tests/qemuxml2argvdata/tpm-emulator.xml | 30 ++
tests/qemuxml2argvdata/tpm-passthrough-crb.args | 24 +
tests/qemuxml2argvdata/tpm-passthrough-crb.xml | 32 ++
tests/qemuxml2argvtest.c | 20 +
tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml | 34 ++
tests/qemuxml2xmloutdata/tpm-emulator.xml | 34 ++
tests/qemuxml2xmloutdata/tpm-passthrough-crb.xml | 36 ++
tests/qemuxml2xmltest.c | 1 +
50 files changed, 1842 insertions(+), 19 deletions(-)
create mode 100644 src/qemu/qemu_extdevice.c
create mode 100644 src/qemu/qemu_extdevice.h
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.args
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.xml
create mode 100644 tests/qemuxml2argvdata/tpm-emulator.args
create mode 100644 tests/qemuxml2argvdata/tpm-emulator.xml
create mode 100644 tests/qemuxml2argvdata/tpm-passthrough-crb.args
create mode 100644 tests/qemuxml2argvdata/tpm-passthrough-crb.xml
create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml
create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator.xml
create mode 100644 tests/qemuxml2xmloutdata/tpm-passthrough-crb.xml
--
2.5.5
More information about the libvir-list
mailing list