[libvirt] [PATCH v7 15/19] tpm: Use fd to pass password to swtpm_setup and swtpm
Stefan Berger
stefanb at linux.ibm.com
Fri Jul 26 13:26:15 UTC 2019
On 7/26/19 6:47 AM, John Ferlan wrote:
>
> On 7/25/19 2:22 PM, Stefan Berger wrote:
>> Allow vTPM state encryption when swtpm_setup and swtpm support
>> passing a passphrase using a file descriptor.
>>
>> This patch enables the encryption of the vTPM state only. It does
>> not encrypt the state during migration, so the destination secret
>> does not need to have the same password at this point.
>>
>> Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
>> Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>
>> ---
>> src/libvirt_private.syms | 2 +
>> src/qemu/qemu_tpm.c | 110 ++++++++++++++++++++++++++++++++++++++-
>> src/util/virtpm.c | 16 ++++++
>> src/util/virtpm.h | 3 ++
>> 4 files changed, 129 insertions(+), 2 deletions(-)
>>
> [...]
>
>> /*
>> * qemuTPMEmulatorRunSetup
>> @@ -387,6 +448,7 @@ qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
>> * @logfile: The file to write the log into; it must be writable
>> * for the user given by userid or 'tss'
>> * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2
>> + * @encryption: pointer to virStorageEncryption holding secret
>> *
>> * Setup the external swtpm by creating endorsement key and
>> * certificates for it.
>> @@ -399,7 +461,8 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
>> uid_t swtpm_user,
>> gid_t swtpm_group,
>> const char *logfile,
>> - const virDomainTPMVersion tpmversion)
>> + const virDomainTPMVersion tpmversion,
>> + const unsigned char *secretuuid)
>> {
>> virCommandPtr cmd = NULL;
>> int exitstatus;
>> @@ -407,6 +470,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
>> char uuid[VIR_UUID_STRING_BUFLEN];
>> char *vmid = NULL;
>> VIR_AUTOFREE(char *)swtpm_setup = virTPMGetSwtpmSetup();
>> + VIR_AUTOCLOSE pwdfile_fd = -1;
>>
>> if (!swtpm_setup)
>> return -1;
>> @@ -439,6 +503,23 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
>> break;
>> }
>>
>> + if (secretuuid) {
>> + if (!virTPMSwtpmSetupCapsGet(
>> + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD)) {
>> + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
>> + _("%s does not support passing a passphrase using a file "
>> + "descriptor"), virTPMGetSwtpmSetup());
> Coverity complains since virTPMGetSwtpm() returns something that needs
> to be free'd. I note above that @swtpm_setup is already set - is that
> what was meant here?
Right. Will send patch for it. Do you want a single patch or one for
each issue?
>
>> + goto cleanup;
>> + }
>> + if ((pwdfile_fd = qemuTPMSetupEncryption(secretuuid, cmd)) < 0)
>> + goto cleanup;
>> +
>> + virCommandAddArg(cmd, "--pwdfile-fd");
>> + virCommandAddArgFormat(cmd, "%d", pwdfile_fd);
>> + virCommandAddArgList(cmd, "--cipher", "aes-256-cbc", NULL);
>> + virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
>> + pwdfile_fd = -1;
>> + }
>>
>> virCommandAddArgList(cmd,
>> "--tpm-state", storagepath,
>> @@ -502,6 +583,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
>> bool created = false;
>> char *pidfile;
>> VIR_AUTOFREE(char *) swtpm = virTPMGetSwtpm();
>> + VIR_AUTOCLOSE pwdfile_fd = -1;
>> + const unsigned char *secretuuid = NULL;
>>
>> if (!swtpm)
>> return NULL;
>> @@ -510,10 +593,14 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
>> &created, swtpm_user, swtpm_group) < 0)
>> return NULL;
>>
>> + if (tpm->data.emulator.hassecretuuid)
>> + secretuuid = tpm->data.emulator.secretuuid;
>> +
>> if (created &&
>> qemuTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vmuuid,
>> privileged, swtpm_user, swtpm_group,
>> - tpm->data.emulator.logfile, tpm->version) < 0)
>> + tpm->data.emulator.logfile, tpm->version,
>> + secretuuid) < 0)
>> goto error;
>>
>> unlink(tpm->data.emulator.source.data.nix.path);
>> @@ -556,6 +643,25 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
>> virCommandAddArgFormat(cmd, "file=%s", pidfile);
>> VIR_FREE(pidfile);
>>
>> + if (tpm->data.emulator.hassecretuuid) {
>> + if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) {
>> + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
>> + _("%s does not support passing passphrase via file descriptor"),
>> + virTPMGetSwtpm());
> Same, but @swtpm is used in this context
Gee.
Stefan
More information about the libvir-list
mailing list