[libvirt] [PATCH v8 00/18] Add support for TPM emulator (for 4.5)

Stefan Berger stefanb at linux.vnet.ibm.com
Tue Jun 5 11:28:27 UTC 2018 

On 06/05/2018 01:03 AM, Marc Hartmayer wrote:
> On Thu, May 24, 2018 at 10:25 PM +0200, Stefan Berger <stefanb at linux.vnet.ibm.com> wrote:
>> This series of patches adds support for the TPM emulator backend that
>> is available in QEMU and based on swtpm + libtpms. It allows to attach a
>> TPM 1.2 or 2 to a QEMU VM. sVirt labels are used for labeling the swtpm
>> process, its Unix socket, and log file with the same label that the
>> QEMU process gets. Besides that swtpm is added to the emulator cgroup to
>> restrict its CPU usage.
>>
>> The device XML can be changed from a TPM 1.2 to a TPM 2 and back to a
>> TPM 1.2. The device state is not removed during those changes but only
>> when the domain is undefined.
>>
>> The swtpm needs persistent storage to store its state. For that I am
>> using the uuid of the VM as part of the path since the name of the VM
>> can be changed. Logfiles, PID files, and socket names are based on the
>> name of the VM, though.
>>
>>    Stefan
>>
>> v7->v8:
>>    - Delaying this series for 4.5; adjusted references to 4.4
>>    - Fixed a test case since version='1.2' is now formatted as well
>>    - Appended patches for AppArmor and auditing
>>    - Appended patches that improve / fix existing code
>>    - patch for validating the TPM configuration rather than overwriting it;
>>      a particular case is the CRB interface does not work with a TPM 1.2
>>    - swtpm_setup can be run for a TPM 2 in unprivileged mode as well
>>
>> v6->v7:
>>    - followed Jan Tomko's suggestion with resulting changing to patch
>>      10/12.
>>    - re-added missing parts related to swtpm_setup and TPM that got lost
>>      in v4
>>
>> v5->v6:
>>    - Addressed John Ferlan's comments
>>    - rebased on latest tip
>>    - Added patch 12.
>>
>> v4->v5:
>>    - Addressed John Ferlan's, Boris Fiuczysnki's and Marc Hartmayer's comments
>>    - rebased on latest tip
>>
>> v3->v4:
>>    - Addressed John Ferlan's comments
>>    - Fixed bugs I found while testing
>>    - rebased on latest tip
>>
>>
>> Stefan Berger (18):
>>    conf: Add support for external swtpm TPM emulator to domain XML
>>    qemu: Extend QEMU capabilities with 'tpm-emulator'
>>    util: Implement virFileChownFiles()
>>    security: Add DAC and SELinux security for tpm-emulator
>>    qemu: Extend qemu_conf with tpm-emulator support
>>    qemu: Extend QEMU with external TPM support
>>    qemu: Add support for external swtpm TPM emulator
>>    tests: Add test cases for external swtpm TPM emulator
>>    security: Label the external swtpm with SELinux labels
>>    conf: Add support for choosing emulation of a TPM 2
>>    qemu: Add swtpm to emulator cgroup
>>    news: Update news with new TPM emulator feature
>>    security: Add swtpm paths to the domain's AppArmor profile
>>    qemu: Run swtpm_setup in unprivileged mode for a TPM 2
>>    qemu: Validate chosen TPM model rather than overwriting it
>>    conf: Audit TPM emulator device at domain startup
>>    conf: Use resrc=tpm in case of TPM passthrough following docs
>>    conf: Use virDomainChrSourceDefClear() rather than VIR_FREE()
>>
>>   docs/auditlog.html.in                              |   2 +-
>>   docs/formatdomain.html.in                          |  43 +
>>   docs/news.xml                                      |  13 +
>>   docs/schemas/domaincommon.rng                      |  17 +
>>   examples/apparmor/libvirt-qemu                     |   3 +
>>   libvirt.spec.in                                    |   2 +
>>   src/conf/domain_audit.c                            |  20 +-
>>   src/conf/domain_conf.c                             |  49 +-
>>   src/conf/domain_conf.h                             |  15 +
>>   src/libvirt_private.syms                           |   3 +
>>   src/qemu/Makefile.inc.am                           |  10 +
>>   src/qemu/libvirtd_qemu.aug                         |   5 +
>>   src/qemu/qemu.conf                                 |   8 +
>>   src/qemu/qemu_capabilities.c                       |   5 +
>>   src/qemu/qemu_capabilities.h                       |   1 +
>>   src/qemu/qemu_cgroup.c                             |  36 +
>>   src/qemu/qemu_cgroup.h                             |   2 +
>>   src/qemu/qemu_command.c                            |  34 +-
>>   src/qemu/qemu_conf.c                               |  43 +
>>   src/qemu/qemu_conf.h                               |   6 +
>>   src/qemu/qemu_domain.c                             |  31 +-
>>   src/qemu/qemu_extdevice.c                          | 180 ++++
>>   src/qemu/qemu_extdevice.h                          |  59 ++
>>   src/qemu/qemu_process.c                            |  16 +
>>   src/qemu/qemu_security.c                           |  69 ++
>>   src/qemu/qemu_security.h                           |  11 +
>>   src/qemu/qemu_tpm.c                                | 922 +++++++++++++++++++++
>>   src/qemu/qemu_tpm.h                                |  56 ++
>>   src/qemu/test_libvirtd_qemu.aug.in                 |   2 +
>>   src/security/security_dac.c                        |   7 +
>>   src/security/security_driver.h                     |   7 +
>>   src/security/security_manager.c                    |  36 +
>>   src/security/security_manager.h                    |   6 +
>>   src/security/security_selinux.c                    | 172 ++++
>>   src/security/security_stack.c                      |  40 +
>>   src/security/virt-aa-helper.c                      |  24 +
>>   src/util/virfile.c                                 |  55 ++
>>   src/util/virfile.h                                 |   3 +
>>   tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml   |   1 +
>>   tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml |   1 +
>>   tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml   |   1 +
>>   tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml   |   1 +
>>   tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml  |   1 +
>>   .../tpm-emulator-tpm2.x86_64-latest.args           |  33 +
>>   tests/qemuxml2argvdata/tpm-emulator-tpm2.xml       |  30 +
>>   .../tpm-emulator.x86_64-latest.args                |  33 +
>>   tests/qemuxml2argvdata/tpm-emulator.xml            |  30 +
>>   tests/qemuxml2argvtest.c                           |  16 +-
>>   tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml     |  34 +
>>   tests/qemuxml2xmloutdata/tpm-emulator.xml          |  34 +
>>   tests/qemuxml2xmltest.c                            |   1 +
>>   51 files changed, 2212 insertions(+), 17 deletions(-)
>>   create mode 100644 src/qemu/qemu_extdevice.c
>>   create mode 100644 src/qemu/qemu_extdevice.h
>>   create mode 100644 src/qemu/qemu_tpm.c
>>   create mode 100644 src/qemu/qemu_tpm.h
>>   create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.x86_64-latest.args
>>   create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.xml
>>   create mode 100644 tests/qemuxml2argvdata/tpm-emulator.x86_64-latest.args
>>   create mode 100644 tests/qemuxml2argvdata/tpm-emulator.xml
>>   create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml
>>   create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator.xml
>>
>> --
>> 2.14.3
> Hi Stefan,
>
> if I restart libvirtd while the TPM-guest is running, the guest crashes…
> I haven’t had a closer look yet, but can you please verify the behavior
> for you? Thanks!

I do not see this with the current version (v9) I posted yesterday. Is 
this happening only when a vTPM is attached or also in other cases? 
Though. I had seen such behavior a while ago but then it disappeared and 
iirc it wasn't limited to guests with an attached vTPM. I think it was 
due to libvirt terminating the guest for some reason.

   Stefan

>
> Beste Grüße / Kind regards
>     Marc Hartmayer
>
> IBM Deutschland Research & Development GmbH
> Vorsitzende des Aufsichtsrats: Martina Koederitz
> Geschäftsführung: Dirk Wittkopp
> Sitz der Gesellschaft: Böblingen
> Registergericht: Amtsgericht Stuttgart, HRB 243294

More information about the libvir-list mailing list