[libvirt] [PATCH v4 06/11] qemu: Extend QEMU with external TPM support

Stefan Berger stefanb at linux.vnet.ibm.com
Tue May 15 15:38:04 UTC 2018 

On 05/15/2018 11:25 AM, Marc Hartmayer wrote:
> On Thu, May 10, 2018 at 11:57 PM +0200, Stefan Berger <stefanb at linux.vnet.ibm.com> wrote:
>> Implement functions for managing the storage of the external swtpm as well
>> as starting and stopping it. Also implement functions to use swtpm_setup,
>> which simulates the manufacturing of a TPM, which includes creation of
>> certificates for the device.
>>
>> Further, the external TPM needs storage on the host that we need to set
>> up before it can be run. We can clean up the host once the domain is
>> undefined.
>>
>> This patch also implements a small layer for external device support that
>> calls into the TPM device layer if a domain has an attached TPM. This is
>> the layer we will wire up later on.
>>
>> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
>> ---
> […snip…]
>
>> +
>> +/*
>> + * qemuExtTPMStartEmulator:
>> + *
>> + * @driver: QEMU driver
>> + * @def: domain definition
>> + * @logCtxt: log context
>> + *
>> + * Start the external TPM Emulator:
>> + * - have the command line built
>> + * - start the external TPM Emulator and sync with it before QEMU start
>> + */
>> +static int
>> +qemuExtTPMStartEmulator(virQEMUDriverPtr driver,
>> +                        virDomainDefPtr def,
>> +                        qemuDomainLogContextPtr logCtxt)
>> +{
>> +    int ret = -1;
>> +    virCommandPtr cmd = NULL;
>> +    int exitstatus;
>> +    char *errbuf = NULL;
>> +    virQEMUDriverConfigPtr cfg;
>> +    virDomainTPMDefPtr tpm = def->tpm;
>> +    char *shortName = virDomainDefGetShortName(def);
>> +
>> +    if (!shortName)
>> +        return -1;
>> +
>> +    cfg = virQEMUDriverGetConfig(driver);
>> +
>> +    /* stop any left-over TPM emulator for this VM */
>> +    qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName);
>> +
>> +    if (!(cmd = qemuTPMEmulatorBuildCommand(tpm, def->name, def->uuid,
>> +                                            driver->privileged,
>> +                                            cfg->swtpm_user,
>> +                                            cfg->swtpm_group)))
>> +        goto cleanup;
>> +
>> +    if (qemuExtDeviceLogCommand(logCtxt, cmd, "TPM Emulator") < 0)
>> +        goto cleanup;
>> +
>> +    virCommandSetErrorBuffer(cmd, &errbuf);
>> +
>> +    if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus != 0) {
>> +        VIR_ERROR(_("Could not start 'swtpm'. exitstatus: %d "
>> +                    "stderr: %s"), exitstatus, errbuf);
>> +        virReportError(VIR_ERR_INTERNAL_ERROR,
>> +                       _("Could not start 'swtpm'. exitstatus: %d, "
>> +                       "error: %s"), exitstatus, errbuf);
> Do we need both? (VIR_ERROR and virReportError)?

Removed the former.

    Stefan

More information about the libvir-list mailing list