[libvirt] [PATCH 05/18] conf: Extend TPM XML parser with encryption support

Marc-André Lureau marcandre.lureau at redhat.com
Tue Jul 9 20:23:12 UTC 2019


On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb at linux.vnet.ibm.com> wrote:
>
> Extend the TPM device XML parser and XML generator with emulator
> state encryption support.
>
> Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau at redhat.com>


> ---
>  src/conf/domain_conf.c | 40 +++++++++++++++++++++++++++++++++++++++-
>  src/conf/domain_conf.h |  1 +
>  2 files changed, 40 insertions(+), 1 deletion(-)
>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 3323c9a5b1..df6238c299 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -2950,6 +2950,7 @@ void virDomainTPMDefFree(virDomainTPMDefPtr def)
>          virDomainChrSourceDefClear(&def->data.emulator.source);
>          VIR_FREE(def->data.emulator.storagepath);
>          VIR_FREE(def->data.emulator.logfile);
> +        virStorageEncryptionFree(def->data.emulator.encryption);
>          break;
>      case VIR_DOMAIN_TPM_TYPE_LAST:
>          break;
> @@ -13048,6 +13049,16 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPtr xmlopt,
>   * <tpm model='tpm-tis'>
>   *   <backend type='emulator' version='2'/>
>   * </tpm>
> + *
> + * Emulator state encryption is supported with the following:
> + *
> + * <tpm model='tpm-tis'>
> + *   <backend type='emulator' version='2'>
> + *     <encryption format='vtpm'>
> + *        <secret type='passphrase' uuid='32ee7e76-2178-47a1-ab7b-269e6e348015'/>
> + *     </encryption>
> + *   </backend>
> + * </tpm>
>   */
>  static virDomainTPMDefPtr
>  virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
> @@ -13063,6 +13074,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
>      VIR_AUTOFREE(char *) backend = NULL;
>      VIR_AUTOFREE(char *) version = NULL;
>      VIR_AUTOFREE(xmlNodePtr *) backends = NULL;
> +    xmlNodePtr encnode = NULL;
>
>      if (VIR_ALLOC(def) < 0)
>          return NULL;
> @@ -13126,6 +13138,21 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
>          def->data.passthrough.source.type = VIR_DOMAIN_CHR_TYPE_DEV;
>          break;
>      case VIR_DOMAIN_TPM_TYPE_EMULATOR:
> +        encnode = virXPathNode("./backend/encryption", ctxt);
> +        if (encnode) {
> +            def->data.emulator.encryption =
> +               virStorageEncryptionParseNode(encnode, ctxt);
> +            if (!def->data.emulator.encryption)
> +                goto error;
> +            if (def->data.emulator.encryption->format !=
> +                    VIR_STORAGE_ENCRYPTION_FORMAT_VTPM) {
> +                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> +                               _("Unsupported vTPM encryption type '%s'"),
> +                               virStorageEncryptionFormatTypeToString(
> +                                   def->data.emulator.encryption->format));
> +                goto error;
> +            }
> +        }
>          break;
>      case VIR_DOMAIN_TPM_TYPE_LAST:
>          goto error;
> @@ -25949,8 +25976,19 @@ virDomainTPMDefFormat(virBufferPtr buf,
>          virBufferAddLit(buf, "</backend>\n");
>          break;
>      case VIR_DOMAIN_TPM_TYPE_EMULATOR:
> -        virBufferAsprintf(buf, " version='%s'/>\n",
> +        virBufferAsprintf(buf, " version='%s'",
>                            virDomainTPMVersionTypeToString(def->version));
> +        if (def->data.emulator.encryption) {
> +            virBufferAddLit(buf, ">\n");
> +            virBufferAdjustIndent(buf, 2);
> +            if (virStorageEncryptionFormat(buf,
> +                                           def->data.emulator.encryption) < 0)
> +                return -1;
> +            virBufferAdjustIndent(buf, -2);
> +            virBufferAddLit(buf, "</backend>\n");
> +        } else {
> +            virBufferAddLit(buf, "/>\n");
> +        }
>          break;
>      case VIR_DOMAIN_TPM_TYPE_LAST:
>          break;
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index c1b5fc1337..a03986623a 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -1270,6 +1270,7 @@ struct _virDomainTPMDef {
>              virDomainChrSourceDef source;
>              char *storagepath;
>              char *logfile;
> +            virStorageEncryptionPtr encryption;
>          } emulator;
>      } data;
>  };
> --
> 2.20.1
>




More information about the libvir-list mailing list