[libvirt] [PATCH 18/18] docs: Extend TPM docs with new encryption element

Marc-André Lureau marcandre.lureau at redhat.com
Tue Jul 9 20:28:56 UTC 2019 

On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb at linux.vnet.ibm.com> wrote:
>
> Describe the encryption element in the TPM's domain XML.
>
> Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
> ---
>  docs/formatdomain.html.in | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
>
> diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
> index a7a6ec32a5..b53ea7d6f4 100644
> --- a/docs/formatdomain.html.in
> +++ b/docs/formatdomain.html.in
> @@ -8212,6 +8212,9 @@ qemu-kvm -net nic,model=? /dev/null
>        TPM functionality for each VM. QEMU talks to it over a Unix socket. With
>        the emulator device type each guest gets its own private TPM.
>        <span class="since">'emulator' since 4.5.0</span>
> +      The state of the TPM emulator can be encrypted by providing an
> +      <code>encryption</code> element.
> +      <span class="since">'encryption' since 5.5.0</span>

here too, 5.6.0 I presume

Reviewed-by: Marc-André Lureau <marcandre.lureau at redhat.com>

>      </p>
>      <p>
>       Example: usage of the TPM Emulator
> @@ -8221,6 +8224,9 @@ qemu-kvm -net nic,model=? /dev/null
>    <devices>
>      <tpm model='tpm-tis'>
>        <backend type='emulator' version='2.0'>
> +        <encryption format='vtpm'>
> +          <secret type='passphrase' usage='VTPM_example'/>
> +        </encryption>
>        </backend>
>      </tpm>
>    </devices>
> @@ -8283,6 +8289,16 @@ qemu-kvm -net nic,model=? /dev/null
>            <li>'2.0' : creates a TPM 2.0</li>
>          </ul>
>        </dd>
> +      <dt><code>encryption</code></dt>
> +      <dd>
> +        <p>
> +          The <code>encryption</code> element allows the state of a TPM emulator
> +          to be encrypted. The <code>format</code> attribute must be <code>vtpm</code>.
> +          The <code>secret</code> element must reference a secret object using
> +          either its <code>usage</code> or <code>uuid</code>. The <code>type</code>
> +          attribute must be set to <code>passphrase</code>.
> +        </p>
> +      </dd>
>      </dl>
>
>      <h4><a id="elementsNVRAM">NVRAM device</a></h4>
> --
> 2.20.1
>

More information about the libvir-list mailing list