This patch adds support for an external swtpm TPM emulator. The XML for
this type of TPM looks as follows:
<tpm model='tpm-tis'>
<backend type='emulator'/>
</tpm>
The XML will currently only define a TPM 1.2.
Extend the documentation.
Add a test case testing the XML parser and formatter.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
docs/formatdomain.html.in | 30 +++++++++++++++++++++++++++
docs/schemas/domaincommon.rng | 5 +++++
src/conf/domain_audit.c | 2 ++
src/conf/domain_conf.c | 28 +++++++++++++++++++------
src/conf/domain_conf.h | 7 +++++++
src/qemu/qemu_cgroup.c | 1 +
src/qemu/qemu_command.c | 1 +
src/qemu/qemu_domain.c | 1 +
src/security/security_dac.c | 2 ++
src/security/security_selinux.c | 2 ++
tests/qemuxml2argvdata/tpm-emulator.xml | 30 +++++++++++++++++++++++++++
tests/qemuxml2xmloutdata/tpm-emulator.xml | 34 +++++++++++++++++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
13 files changed, 138 insertions(+), 6 deletions(-)
create mode 100644 tests/qemuxml2argvdata/tpm-emulator.xml
create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index caeb14e..4f56784 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -7650,6 +7650,26 @@ qemu-kvm -net nic,model=? /dev/null
</devices>
...
</pre>
+
+ <p>
+ The emulator device type gives access to a TPM emulator providing
+ TPM functionlity for each VM. QEMU talks to it over a Unix socket. With
+ the emulator device type each guest gets its own private TPM.
+ <span class="since">'emulator' since 4.4.0</span>
+ </p>
+ <p>
+ Example: usage of the TPM Emulator
+ </p>
+<pre>
+ ...
+ <devices>
+ <tpm model='tpm-tis'>
+ <backend type='emulator'>
+ </backend>
+ </tpm>
+ </devices>
+ ...
+</pre>
<dl>
<dt><code>model</code></dt>
<dd>
@@ -7683,6 +7703,16 @@ qemu-kvm -net nic,model=? /dev/null
</p>
</dd>
</dl>
+ <dl>
+ <dt><code>emulator</code></dt>
+ <dd>
+ <p>
+ For this backend type the 'swtpm' TPM Emulator must be installed on the
+ host. Libvirt will automatically start an independent TPM emulator
+ for each QEMU guest requesting access to it.
+ </p>
+ </dd>
+ </dl>
</dd>
</dl>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 0a6b29b..a9a1020 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -4137,6 +4137,11 @@
</attribute>
<ref name="tpm-passthrough-device"/>
</group>
+ <group>
+ <attribute name="type">
+ <value>emulator</value>
+ </attribute>
+ </group>
</choice>
</element>
</define>
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index 82868bc..25cccdd 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -586,6 +586,8 @@ virDomainAuditTPM(virDomainObjPtr vm, virDomainTPMDefPtr tpm,
"virt=%s resrc=dev reason=%s %s uuid=%s %s",
virt, reason, vmname, uuidstr, device);
break;
+ case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+ break;
case VIR_DOMAIN_TPM_TYPE_LAST:
default:
break;
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index f678e26..21b66d7 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -864,7 +864,8 @@ VIR_ENUM_IMPL(virDomainTPMModel, VIR_DOMAIN_TPM_MODEL_LAST,
"tpm-crb")
VIR_ENUM_IMPL(virDomainTPMBackend, VIR_DOMAIN_TPM_TYPE_LAST,
- "passthrough")
+ "passthrough",
+ "emulator")
VIR_ENUM_IMPL(virDomainIOMMUModel, VIR_DOMAIN_IOMMU_MODEL_LAST,
"intel")
@@ -2601,6 +2602,11 @@ void virDomainTPMDefFree(virDomainTPMDefPtr def)
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
VIR_FREE(def->data.passthrough.source.data.file.path);
break;
+ case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+ VIR_FREE(def->data.emulator.source.data.nix.path);
+ VIR_FREE(def->data.emulator.storagepath);
+ VIR_FREE(def->data.emulator.logfile);
+ break;
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
}
@@ -12585,6 +12591,11 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPtr xmlopt,
* </backend>
* </tpm>
*
+ * or like this:
+ *
+ * <tpm model='tpm-tis'>
+ * <backend type='emulator'/>
+ * </tpm>
*/
static virDomainTPMDefPtr
virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
@@ -12651,6 +12662,8 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
def->data.passthrough.source.type = VIR_DOMAIN_CHR_TYPE_DEV;
path = NULL;
break;
+ case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+ break;
case VIR_DOMAIN_TPM_TYPE_LAST:
goto error;
}
@@ -24818,22 +24831,25 @@ virDomainTPMDefFormat(virBufferPtr buf,
virBufferAsprintf(buf, "<tpm model='%s'>\n",
virDomainTPMModelTypeToString(def->model));
virBufferAdjustIndent(buf, 2);
- virBufferAsprintf(buf, "<backend type='%s'>\n",
+ virBufferAsprintf(buf, "<backend type='%s'",
virDomainTPMBackendTypeToString(def->type));
- virBufferAdjustIndent(buf, 2);
switch (def->type) {
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+ virBufferAddLit(buf, ">\n");
+ virBufferAdjustIndent(buf, 2);
virBufferEscapeString(buf, "<device path='%s'/>\n",
def->data.passthrough.source.data.file.path);
+ virBufferAdjustIndent(buf, -2);
+ virBufferAddLit(buf, "</backend>\n");
+ break;
+ case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+ virBufferAddLit(buf, "/>\n");
break;
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
}
- virBufferAdjustIndent(buf, -2);
- virBufferAddLit(buf, "</backend>\n");
-
virDomainDeviceInfoFormat(buf, &def->info, flags);
virBufferAdjustIndent(buf, -2);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 15d228b..c304b08 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1286,6 +1286,7 @@ typedef enum {
typedef enum {
VIR_DOMAIN_TPM_TYPE_PASSTHROUGH,
+ VIR_DOMAIN_TPM_TYPE_EMULATOR,
VIR_DOMAIN_TPM_TYPE_LAST
} virDomainTPMBackendType;
@@ -1300,6 +1301,11 @@ struct _virDomainTPMDef {
struct {
virDomainChrSourceDef source;
} passthrough;
+ struct {
+ virDomainChrSourceDef source;
+ char *storagepath;
+ char *logfile;
+ } emulator;
} data;
};
@@ -2814,6 +2820,7 @@ int virDomainDeviceAddressIsValid(virDomainDeviceInfoPtr info,
int type);
virDomainDeviceInfoPtr virDomainDeviceGetInfo(virDomainDeviceDefPtr device);
void virDomainTPMDefFree(virDomainTPMDefPtr def);
+void virDomainTPMDelete(virDomainDefPtr def);
typedef int (*virDomainDeviceInfoCallback)(virDomainDefPtr def,
virDomainDeviceDefPtr dev,
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index d88eb78..1a5adca 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -278,6 +278,7 @@ qemuSetupTPMCgroup(virDomainObjPtr vm)
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
ret = qemuSetupChrSourceCgroup(vm, &dev->data.passthrough.source);
break;
+ case VIR_DOMAIN_TPM_TYPE_EMULATOR:
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
}
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 08f67a4..151f4fc 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9422,6 +9422,7 @@ qemuBuildTPMBackendStr(const virDomainDef *def,
VIR_FREE(cancel_path);
break;
+ case VIR_DOMAIN_TPM_TYPE_EMULATOR:
case VIR_DOMAIN_TPM_TYPE_LAST:
goto error;
}
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 9bb6d8a..774a102 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -10365,6 +10365,7 @@ qemuDomainSetupTPM(virQEMUDriverConfigPtr cfg ATTRIBUTE_UNUSED,
return -1;
break;
+ case VIR_DOMAIN_TPM_TYPE_EMULATOR:
case VIR_DOMAIN_TPM_TYPE_LAST:
/* nada */
break;
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 8938e2d..3ab2299 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1372,6 +1372,7 @@ virSecurityDACSetTPMFileLabel(virSecurityManagerPtr mgr,
&tpm->data.passthrough.source,
false);
break;
+ case VIR_DOMAIN_TPM_TYPE_EMULATOR:
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
}
@@ -1393,6 +1394,7 @@ virSecurityDACRestoreTPMFileLabel(virSecurityManagerPtr mgr,
&tpm->data.passthrough.source,
false);
break;
+ case VIR_DOMAIN_TPM_TYPE_EMULATOR:
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
}
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 5f74ef7..5d20fda 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1472,6 +1472,7 @@ virSecuritySELinuxSetTPMFileLabel(virSecurityManagerPtr mgr,
return -1;
}
break;
+ case VIR_DOMAIN_TPM_TYPE_EMULATOR:
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
}
@@ -1505,6 +1506,7 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurityManagerPtr mgr,
VIR_FREE(cancel_path);
}
break;
+ case VIR_DOMAIN_TPM_TYPE_EMULATOR:
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
}
diff --git a/tests/qemuxml2argvdata/tpm-emulator.xml b/tests/qemuxml2argvdata/tpm-emulator.xml
new file mode 100644
index 0000000..7f1e575
--- /dev/null
+++ b/tests/qemuxml2argvdata/tpm-emulator.xml
@@ -0,0 +1,30 @@
+<domain type='qemu'>
+ <name>TPM-VM</name>
+ <uuid>11d7cd22-da89-3094-6212-079a48a309a1</uuid>
+ <memory unit='KiB'>2097152</memory>
+ <currentMemory unit='KiB'>512288</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc-i440fx-2.12'>hvm</type>
+ <boot dev='hd'/>
+ <bootmenu enable='yes'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <tpm model='tpm-tis'>
+ <backend type='emulator'/>
+ </tpm>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/tpm-emulator.xml b/tests/qemuxml2xmloutdata/tpm-emulator.xml
new file mode 100644
index 0000000..1b66e8b
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/tpm-emulator.xml
@@ -0,0 +1,34 @@
+<domain type='qemu'>
+ <name>TPM-VM</name>
+ <uuid>11d7cd22-da89-3094-6212-079a48a309a1</uuid>
+ <memory unit='KiB'>2097152</memory>
+ <currentMemory unit='KiB'>512288</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc-i440fx-2.12'>hvm</type>
+ <boot dev='hd'/>
+ <bootmenu enable='yes'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <tpm model='tpm-tis'>
+ <backend type='emulator'/>
+ </tpm>
+ <memballoon model='virtio'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+ </memballoon>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 53a26a0..9f8f08f 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -673,6 +673,7 @@ mymain(void)
DO_TEST("disk-copy_on_read", NONE);
DO_TEST("tpm-passthrough", NONE);
DO_TEST("tpm-passthrough-crb", NONE);
+ DO_TEST("tpm-emulator", NONE);
DO_TEST("metadata", NONE);
DO_TEST("metadata-duplicate", NONE);
--
2.5.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On 05/10/2018 05:57 PM, Stefan Berger wrote:
> This patch adds support for an external swtpm TPM emulator. The XML for
> this type of TPM looks as follows:
>
> <tpm model='tpm-tis'>
> <backend type='emulator'/>
> </tpm>
>
> The XML will currently only define a TPM 1.2.
>
> Extend the documentation.
>
> Add a test case testing the XML parser and formatter.
>
> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
> Reviewed-by: John Ferlan <jferlan@redhat.com>
> ---
> docs/formatdomain.html.in | 30 +++++++++++++++++++++++++++
> docs/schemas/domaincommon.rng | 5 +++++
> src/conf/domain_audit.c | 2 ++
> src/conf/domain_conf.c | 28 +++++++++++++++++++------
> src/conf/domain_conf.h | 7 +++++++
> src/qemu/qemu_cgroup.c | 1 +
> src/qemu/qemu_command.c | 1 +
> src/qemu/qemu_domain.c | 1 +
> src/security/security_dac.c | 2 ++
> src/security/security_selinux.c | 2 ++
> tests/qemuxml2argvdata/tpm-emulator.xml | 30 +++++++++++++++++++++++++++
> tests/qemuxml2xmloutdata/tpm-emulator.xml | 34 +++++++++++++++++++++++++++++++
> tests/qemuxml2xmltest.c | 1 +
> 13 files changed, 138 insertions(+), 6 deletions(-)
> create mode 100644 tests/qemuxml2argvdata/tpm-emulator.xml
> create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator.xml
>
Even though R-by in place...
[...]
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index 15d228b..c304b08 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -1286,6 +1286,7 @@ typedef enum {
>
> typedef enum {
> VIR_DOMAIN_TPM_TYPE_PASSTHROUGH,
> + VIR_DOMAIN_TPM_TYPE_EMULATOR,
>
> VIR_DOMAIN_TPM_TYPE_LAST
> } virDomainTPMBackendType;
> @@ -1300,6 +1301,11 @@ struct _virDomainTPMDef {
> struct {
> virDomainChrSourceDef source;
> } passthrough;
> + struct {
> + virDomainChrSourceDef source;
> + char *storagepath;
> + char *logfile;
> + } emulator;
> } data;
> };
>
> @@ -2814,6 +2820,7 @@ int virDomainDeviceAddressIsValid(virDomainDeviceInfoPtr info,
> int type);
> virDomainDeviceInfoPtr virDomainDeviceGetInfo(virDomainDeviceDefPtr device);
> void virDomainTPMDefFree(virDomainTPMDefPtr def);
> +void virDomainTPMDelete(virDomainDefPtr def);
No longer an API - so this can be removed.
>
> typedef int (*virDomainDeviceInfoCallback)(virDomainDefPtr def,
> virDomainDeviceDefPtr dev,
[...]
John
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On 05/15/2018 07:17 AM, John Ferlan wrote:
>
> On 05/10/2018 05:57 PM, Stefan Berger wrote:
>> This patch adds support for an external swtpm TPM emulator. The XML for
>> this type of TPM looks as follows:
>>
>> <tpm model='tpm-tis'>
>> <backend type='emulator'/>
>> </tpm>
>>
>> The XML will currently only define a TPM 1.2.
>>
>> Extend the documentation.
>>
>> Add a test case testing the XML parser and formatter.
>>
>> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
>> Reviewed-by: John Ferlan <jferlan@redhat.com>
>> ---
>> docs/formatdomain.html.in | 30 +++++++++++++++++++++++++++
>> docs/schemas/domaincommon.rng | 5 +++++
>> src/conf/domain_audit.c | 2 ++
>> src/conf/domain_conf.c | 28 +++++++++++++++++++------
>> src/conf/domain_conf.h | 7 +++++++
>> src/qemu/qemu_cgroup.c | 1 +
>> src/qemu/qemu_command.c | 1 +
>> src/qemu/qemu_domain.c | 1 +
>> src/security/security_dac.c | 2 ++
>> src/security/security_selinux.c | 2 ++
>> tests/qemuxml2argvdata/tpm-emulator.xml | 30 +++++++++++++++++++++++++++
>> tests/qemuxml2xmloutdata/tpm-emulator.xml | 34 +++++++++++++++++++++++++++++++
>> tests/qemuxml2xmltest.c | 1 +
>> 13 files changed, 138 insertions(+), 6 deletions(-)
>> create mode 100644 tests/qemuxml2argvdata/tpm-emulator.xml
>> create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator.xml
>>
> Even though R-by in place...
>
>
> [...]
>
>> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
>> index 15d228b..c304b08 100644
>> --- a/src/conf/domain_conf.h
>> +++ b/src/conf/domain_conf.h
>> @@ -1286,6 +1286,7 @@ typedef enum {
>>
>> typedef enum {
>> VIR_DOMAIN_TPM_TYPE_PASSTHROUGH,
>> + VIR_DOMAIN_TPM_TYPE_EMULATOR,
>>
>> VIR_DOMAIN_TPM_TYPE_LAST
>> } virDomainTPMBackendType;
>> @@ -1300,6 +1301,11 @@ struct _virDomainTPMDef {
>> struct {
>> virDomainChrSourceDef source;
>> } passthrough;
>> + struct {
>> + virDomainChrSourceDef source;
>> + char *storagepath;
>> + char *logfile;
>> + } emulator;
>> } data;
>> };
>>
>> @@ -2814,6 +2820,7 @@ int virDomainDeviceAddressIsValid(virDomainDeviceInfoPtr info,
>> int type);
>> virDomainDeviceInfoPtr virDomainDeviceGetInfo(virDomainDeviceDefPtr device);
>> void virDomainTPMDefFree(virDomainTPMDefPtr def);
>> +void virDomainTPMDelete(virDomainDefPtr def);
> No longer an API - so this can be removed.
Fixed.
Stefan
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Thu, May 10, 2018 at 11:57 PM +0200, Stefan Berger <stefanb@linux.vnet.ibm.com> wrote: > This patch adds support for an external swtpm TPM emulator. The XML for > this type of TPM looks as follows: > > <tpm model='tpm-tis'> > <backend type='emulator'/> > </tpm> > > The XML will currently only define a TPM 1.2. > > Extend the documentation. > > Add a test case testing the XML parser and formatter. > > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> > Reviewed-by: John Ferlan <jferlan@redhat.com> > --- > docs/formatdomain.html.in | 30 +++++++++++++++++++++++++++ > docs/schemas/domaincommon.rng | 5 +++++ > src/conf/domain_audit.c | 2 ++ > src/conf/domain_conf.c | 28 +++++++++++++++++++------ > src/conf/domain_conf.h | 7 +++++++ > src/qemu/qemu_cgroup.c | 1 + > src/qemu/qemu_command.c | 1 + > src/qemu/qemu_domain.c | 1 + > src/security/security_dac.c | 2 ++ > src/security/security_selinux.c | 2 ++ > tests/qemuxml2argvdata/tpm-emulator.xml | 30 +++++++++++++++++++++++++++ > tests/qemuxml2xmloutdata/tpm-emulator.xml | 34 +++++++++++++++++++++++++++++++ > tests/qemuxml2xmltest.c | 1 + > 13 files changed, 138 insertions(+), 6 deletions(-) > create mode 100644 tests/qemuxml2argvdata/tpm-emulator.xml > create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator.xml > > diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in > index caeb14e..4f56784 100644 > --- a/docs/formatdomain.html.in > +++ b/docs/formatdomain.html.in > @@ -7650,6 +7650,26 @@ qemu-kvm -net nic,model=? /dev/null > </devices> > ... > </pre> > + > + <p> > + The emulator device type gives access to a TPM emulator providing > + TPM functionlity for each VM. QEMU talks to it over a Unix socket. With > + the emulator device type each guest gets its own private TPM. > + <span class="since">'emulator' since 4.4.0</span> > + </p> > + <p> > + Example: usage of the TPM Emulator > + </p> > +<pre> > + ... > + <devices> > + <tpm model='tpm-tis'> > + <backend type='emulator'> > + </backend> > + </tpm> > + </devices> > + ... > +</pre> > <dl> > <dt><code>model</code></dt> > <dd> > @@ -7683,6 +7703,16 @@ qemu-kvm -net nic,model=? /dev/null > </p> > </dd> > </dl> > + <dl> > + <dt><code>emulator</code></dt> > + <dd> > + <p> > + For this backend type the 'swtpm' TPM Emulator must be installed on the > + host. Libvirt will automatically start an independent TPM emulator > + for each QEMU guest requesting access to it. > + </p> > + </dd> > + </dl> > </dd> > </dl> > > diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng > index 0a6b29b..a9a1020 100644 > --- a/docs/schemas/domaincommon.rng > +++ b/docs/schemas/domaincommon.rng > @@ -4137,6 +4137,11 @@ > </attribute> > <ref name="tpm-passthrough-device"/> > </group> > + <group> > + <attribute name="type"> > + <value>emulator</value> > + </attribute> > + </group> > </choice> > </element> > </define> > diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c > index 82868bc..25cccdd 100644 > --- a/src/conf/domain_audit.c > +++ b/src/conf/domain_audit.c > @@ -586,6 +586,8 @@ virDomainAuditTPM(virDomainObjPtr vm, virDomainTPMDefPtr tpm, > "virt=%s resrc=dev reason=%s %s uuid=%s %s", > virt, reason, vmname, uuidstr, device); > break; > + case VIR_DOMAIN_TPM_TYPE_EMULATOR: > + break; > case VIR_DOMAIN_TPM_TYPE_LAST: > default: > break; > diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c > index f678e26..21b66d7 100644 > --- a/src/conf/domain_conf.c > +++ b/src/conf/domain_conf.c > @@ -864,7 +864,8 @@ VIR_ENUM_IMPL(virDomainTPMModel, VIR_DOMAIN_TPM_MODEL_LAST, > "tpm-crb") > > VIR_ENUM_IMPL(virDomainTPMBackend, VIR_DOMAIN_TPM_TYPE_LAST, > - "passthrough") > + "passthrough", > + "emulator") > > VIR_ENUM_IMPL(virDomainIOMMUModel, VIR_DOMAIN_IOMMU_MODEL_LAST, > "intel") > @@ -2601,6 +2602,11 @@ void virDomainTPMDefFree(virDomainTPMDefPtr def) > case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: > VIR_FREE(def->data.passthrough.source.data.file.path); > break; > + case VIR_DOMAIN_TPM_TYPE_EMULATOR: > + VIR_FREE(def->data.emulator.source.data.nix.path); Why do we not need virDomainChrSourceDefFree/virObjectUnref(&def->data.emulator.source); here? (the same applies to case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH) > + VIR_FREE(def->data.emulator.storagepath); > + VIR_FREE(def->data.emulator.logfile); > + break; > case VIR_DOMAIN_TPM_TYPE_LAST: > break; > } > @@ -12585,6 +12591,11 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPtr xmlopt, > * </backend> > * </tpm> > * > + * or like this: > + * > + * <tpm model='tpm-tis'> […snip] Beste Grüße / Kind regards Marc Hartmayer IBM Deutschland Research & Development GmbH Vorsitzende des Aufsichtsrats: Martina Koederitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On 05/15/2018 07:49 AM, Marc Hartmayer wrote:
> On Thu, May 10, 2018 at 11:57 PM +0200, Stefan Berger <stefanb@linux.vnet.ibm.com> wrote:
>> This patch adds support for an external swtpm TPM emulator. The XML for
>> this type of TPM looks as follows:
>>
>> <tpm model='tpm-tis'>
>> <backend type='emulator'/>
>> </tpm>
>>
>> The XML will currently only define a TPM 1.2.
>>
>> Extend the documentation.
>>
>> Add a test case testing the XML parser and formatter.
>>
>> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
>> Reviewed-by: John Ferlan <jferlan@redhat.com>
>> ---
>> docs/formatdomain.html.in | 30 +++++++++++++++++++++++++++
>> docs/schemas/domaincommon.rng | 5 +++++
>> src/conf/domain_audit.c | 2 ++
>> src/conf/domain_conf.c | 28 +++++++++++++++++++------
>> src/conf/domain_conf.h | 7 +++++++
>> src/qemu/qemu_cgroup.c | 1 +
>> src/qemu/qemu_command.c | 1 +
>> src/qemu/qemu_domain.c | 1 +
>> src/security/security_dac.c | 2 ++
>> src/security/security_selinux.c | 2 ++
>> tests/qemuxml2argvdata/tpm-emulator.xml | 30 +++++++++++++++++++++++++++
>> tests/qemuxml2xmloutdata/tpm-emulator.xml | 34 +++++++++++++++++++++++++++++++
>> tests/qemuxml2xmltest.c | 1 +
>> 13 files changed, 138 insertions(+), 6 deletions(-)
>> create mode 100644 tests/qemuxml2argvdata/tpm-emulator.xml
>> create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator.xml
>>
>> diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
>> index caeb14e..4f56784 100644
>> --- a/docs/formatdomain.html.in
>> +++ b/docs/formatdomain.html.in
>> @@ -7650,6 +7650,26 @@ qemu-kvm -net nic,model=? /dev/null
>> </devices>
>> ...
>> </pre>
>> +
>> + <p>
>> + The emulator device type gives access to a TPM emulator providing
>> + TPM functionlity for each VM. QEMU talks to it over a Unix socket. With
>> + the emulator device type each guest gets its own private TPM.
>> + <span class="since">'emulator' since 4.4.0</span>
>> + </p>
>> + <p>
>> + Example: usage of the TPM Emulator
>> + </p>
>> +<pre>
>> + ...
>> + <devices>
>> + <tpm model='tpm-tis'>
>> + <backend type='emulator'>
>> + </backend>
>> + </tpm>
>> + </devices>
>> + ...
>> +</pre>
>> <dl>
>> <dt><code>model</code></dt>
>> <dd>
>> @@ -7683,6 +7703,16 @@ qemu-kvm -net nic,model=? /dev/null
>> </p>
>> </dd>
>> </dl>
>> + <dl>
>> + <dt><code>emulator</code></dt>
>> + <dd>
>> + <p>
>> + For this backend type the 'swtpm' TPM Emulator must be installed on the
>> + host. Libvirt will automatically start an independent TPM emulator
>> + for each QEMU guest requesting access to it.
>> + </p>
>> + </dd>
>> + </dl>
>> </dd>
>> </dl>
>>
>> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
>> index 0a6b29b..a9a1020 100644
>> --- a/docs/schemas/domaincommon.rng
>> +++ b/docs/schemas/domaincommon.rng
>> @@ -4137,6 +4137,11 @@
>> </attribute>
>> <ref name="tpm-passthrough-device"/>
>> </group>
>> + <group>
>> + <attribute name="type">
>> + <value>emulator</value>
>> + </attribute>
>> + </group>
>> </choice>
>> </element>
>> </define>
>> diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
>> index 82868bc..25cccdd 100644
>> --- a/src/conf/domain_audit.c
>> +++ b/src/conf/domain_audit.c
>> @@ -586,6 +586,8 @@ virDomainAuditTPM(virDomainObjPtr vm, virDomainTPMDefPtr tpm,
>> "virt=%s resrc=dev reason=%s %s uuid=%s %s",
>> virt, reason, vmname, uuidstr, device);
>> break;
>> + case VIR_DOMAIN_TPM_TYPE_EMULATOR:
>> + break;
>> case VIR_DOMAIN_TPM_TYPE_LAST:
>> default:
>> break;
>> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>> index f678e26..21b66d7 100644
>> --- a/src/conf/domain_conf.c
>> +++ b/src/conf/domain_conf.c
>> @@ -864,7 +864,8 @@ VIR_ENUM_IMPL(virDomainTPMModel, VIR_DOMAIN_TPM_MODEL_LAST,
>> "tpm-crb")
>>
>> VIR_ENUM_IMPL(virDomainTPMBackend, VIR_DOMAIN_TPM_TYPE_LAST,
>> - "passthrough")
>> + "passthrough",
>> + "emulator")
>>
>> VIR_ENUM_IMPL(virDomainIOMMUModel, VIR_DOMAIN_IOMMU_MODEL_LAST,
>> "intel")
>> @@ -2601,6 +2602,11 @@ void virDomainTPMDefFree(virDomainTPMDefPtr def)
>> case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
>> VIR_FREE(def->data.passthrough.source.data.file.path);
>> break;
>> + case VIR_DOMAIN_TPM_TYPE_EMULATOR:
>> + VIR_FREE(def->data.emulator.source.data.nix.path);
> Why do we not need
> virDomainChrSourceDefFree/virObjectUnref(&def->data.emulator.source);
> here? (the same applies to case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH)
The are declared as embedded structures rather than pointers. The only
other similar case is Shmem.
union {
struct {
virDomainChrSourceDef source;
} passthrough;
struct {
virDomainChrSourceDef source;
char *storagepath;
char *logfile;
} emulator;
} data;
We should call virDomainChrSourceDefClear() rather than VIR_FREE()
directly. The end result is the same, though. Fixed. I will fix the
passthrough case later.
Stefan
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2026 Red Hat, Inc.