From nobody Tue May 13 22:33:13 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1528127255449431.09528625190944; Mon, 4 Jun 2018 08:47:35 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1E33C314E279; Mon, 4 Jun 2018 15:47:32 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BFF0927094; Mon, 4 Jun 2018 15:47:31 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 029764CA80; Mon, 4 Jun 2018 15:47:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w54FlQvg019919 for ; Mon, 4 Jun 2018 11:47:26 -0400 Received: by smtp.corp.redhat.com (Postfix) id F2E7A600C4; Mon, 4 Jun 2018 15:47:25 +0000 (UTC) Received: from mx1.redhat.com (ext-mx18.extmail.prod.ext.phx2.redhat.com [10.5.110.47]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B835B6017F for ; Mon, 4 Jun 2018 15:47:08 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D81D230A63A7 for ; Mon, 4 Jun 2018 15:47:06 +0000 (UTC) Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w54FiK9g088475 for ; Mon, 4 Jun 2018 11:47:06 -0400 Received: from e34.co.us.ibm.com (e34.co.us.ibm.com [32.97.110.152]) by mx0a-001b2d01.pphosted.com with ESMTP id 2jd6sf599b-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 04 Jun 2018 11:47:05 -0400 Received: from localhost by e34.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 4 Jun 2018 09:47:05 -0600 Received: from b03cxnp08025.gho.boulder.ibm.com (9.17.130.17) by e34.co.us.ibm.com (192.168.1.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 4 Jun 2018 09:47:03 -0600 Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w54Fl2NF63176830 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 4 Jun 2018 08:47:02 -0700 Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E79EBBE03E; Mon, 4 Jun 2018 09:47:01 -0600 (MDT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP id 7FB5ABE038; Mon, 4 Jun 2018 09:47:01 -0600 (MDT) From: Stefan Berger To: libvir-list@redhat.com Date: Mon, 4 Jun 2018 11:46:40 -0400 In-Reply-To: <20180604154656.1418021-1-stefanb@linux.vnet.ibm.com> References: <20180604154656.1418021-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 18060415-0016-0000-0000-000008E2194B X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00009128; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000265; SDB=6.01042237; UDB=6.00533669; IPR=6.00821367; MB=3.00021460; MTD=3.00000008; XFM=3.00000015; UTC=2018-06-04 15:47:04 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18060415-0017-0000-0000-00003F182FBD Message-Id: <20180604154656.1418021-2-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-04_12:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806040184 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Mon, 04 Jun 2018 15:47:07 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Mon, 04 Jun 2018 15:47:07 +0000 (UTC) for IP:'148.163.158.5' DOMAIN:'mx0b-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'stefanb@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.158.5 mx0b-001b2d01.pphosted.com 148.163.158.5 mx0b-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.47 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Cc: jtomko@redhat.com Subject: [libvirt] [PATCH v9 01/17] conf: Add support for external swtpm TPM emulator to domain XML X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Mon, 04 Jun 2018 15:47:34 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 This patch adds support for an external swtpm TPM emulator. The XML for this type of TPM looks as follows: The XML will currently only define a TPM 1.2. Extend the documentation. Add a test case testing the XML parser and formatter. Signed-off-by: Stefan Berger Reviewed-by: John Ferlan Reviewed-by: J=C3=A1n Tomko --- docs/formatdomain.html.in | 30 +++++++++++++++++++++++++++ docs/schemas/domaincommon.rng | 5 +++++ src/conf/domain_audit.c | 2 ++ src/conf/domain_conf.c | 28 +++++++++++++++++++------ src/conf/domain_conf.h | 6 ++++++ src/qemu/qemu_cgroup.c | 1 + src/qemu/qemu_command.c | 1 + src/qemu/qemu_domain.c | 1 + src/security/security_dac.c | 2 ++ src/security/security_selinux.c | 2 ++ tests/qemuxml2argvdata/tpm-emulator.xml | 30 +++++++++++++++++++++++++++ tests/qemuxml2xmloutdata/tpm-emulator.xml | 34 +++++++++++++++++++++++++++= ++++ tests/qemuxml2xmltest.c | 1 + 13 files changed, 137 insertions(+), 6 deletions(-) create mode 100644 tests/qemuxml2argvdata/tpm-emulator.xml create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator.xml diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 22ef81052d..5bdd01072b 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -7740,6 +7740,26 @@ qemu-kvm -net nic,model=3D? /dev/null </tpm> </devices> ... + + +

+ The emulator device type gives access to a TPM emulator providing + TPM functionality for each VM. QEMU talks to it over a Unix socket. = With + the emulator device type each guest gets its own private TPM. + 'emulator' since 4.5.0 +

+

+ Example: usage of the TPM Emulator +

+
+  ...
+  <devices>
+    <tpm model=3D'tpm-tis'>
+      <backend type=3D'emulator'>
+      </backend>
+    </tpm>
+  </devices>
+  ...
model
@@ -7774,6 +7794,16 @@ qemu-kvm -net nic,model=3D? /dev/null

+
+
emulator
+
+

+ For this backend type the 'swtpm' TPM Emulator must be insta= lled on the + host. Libvirt will automatically start an independent TPM em= ulator + for each QEMU guest requesting access to it. +

+
+
=20 diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index b7404e1ce0..5fd7f7487f 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -4133,6 +4133,11 @@ + + + emulator + + diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c index 14138d93af..b92779ce40 100644 --- a/src/conf/domain_audit.c +++ b/src/conf/domain_audit.c @@ -595,6 +595,8 @@ virDomainAuditTPM(virDomainObjPtr vm, virDomainTPMDefPt= r tpm, "virt=3D%s resrc=3Ddev reason=3D%s %s uuid=3D%s %s", virt, reason, vmname, uuidstr, device); break; + case VIR_DOMAIN_TPM_TYPE_EMULATOR: + break; case VIR_DOMAIN_TPM_TYPE_LAST: default: break; diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 86814d5f64..2e892ba5e0 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -866,7 +866,8 @@ VIR_ENUM_IMPL(virDomainTPMModel, VIR_DOMAIN_TPM_MODEL_L= AST, "tpm-crb") =20 VIR_ENUM_IMPL(virDomainTPMBackend, VIR_DOMAIN_TPM_TYPE_LAST, - "passthrough") + "passthrough", + "emulator") =20 VIR_ENUM_IMPL(virDomainIOMMUModel, VIR_DOMAIN_IOMMU_MODEL_LAST, "intel") @@ -2641,6 +2642,11 @@ void virDomainTPMDefFree(virDomainTPMDefPtr def) case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: VIR_FREE(def->data.passthrough.source.data.file.path); break; + case VIR_DOMAIN_TPM_TYPE_EMULATOR: + virDomainChrSourceDefClear(&def->data.emulator.source); + VIR_FREE(def->data.emulator.storagepath); + VIR_FREE(def->data.emulator.logfile); + break; case VIR_DOMAIN_TPM_TYPE_LAST: break; } @@ -12763,6 +12769,11 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPt= r xmlopt, * * * + * or like this: + * + * + * + * */ static virDomainTPMDefPtr virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt, @@ -12829,6 +12840,8 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlop= t, def->data.passthrough.source.type =3D VIR_DOMAIN_CHR_TYPE_DEV; path =3D NULL; break; + case VIR_DOMAIN_TPM_TYPE_EMULATOR: + break; case VIR_DOMAIN_TPM_TYPE_LAST: goto error; } @@ -25210,22 +25223,25 @@ virDomainTPMDefFormat(virBufferPtr buf, virBufferAsprintf(buf, "\n", virDomainTPMModelTypeToString(def->model)); virBufferAdjustIndent(buf, 2); - virBufferAsprintf(buf, "\n", + virBufferAsprintf(buf, "type)); - virBufferAdjustIndent(buf, 2); =20 switch (def->type) { case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: + virBufferAddLit(buf, ">\n"); + virBufferAdjustIndent(buf, 2); virBufferEscapeString(buf, "\n", def->data.passthrough.source.data.file.path); + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "\n"); + break; + case VIR_DOMAIN_TPM_TYPE_EMULATOR: + virBufferAddLit(buf, "/>\n"); break; case VIR_DOMAIN_TPM_TYPE_LAST: break; } =20 - virBufferAdjustIndent(buf, -2); - virBufferAddLit(buf, "\n"); - virDomainDeviceInfoFormat(buf, &def->info, flags); =20 virBufferAdjustIndent(buf, -2); diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 6cc8f8a29b..5525b95261 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1291,6 +1291,7 @@ typedef enum { =20 typedef enum { VIR_DOMAIN_TPM_TYPE_PASSTHROUGH, + VIR_DOMAIN_TPM_TYPE_EMULATOR, =20 VIR_DOMAIN_TPM_TYPE_LAST } virDomainTPMBackendType; @@ -1305,6 +1306,11 @@ struct _virDomainTPMDef { struct { virDomainChrSourceDef source; } passthrough; + struct { + virDomainChrSourceDef source; + char *storagepath; + char *logfile; + } emulator; } data; }; =20 diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 546a4c8e63..54b00a5da5 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -305,6 +305,7 @@ qemuSetupTPMCgroup(virDomainObjPtr vm) case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: ret =3D qemuSetupChrSourceCgroup(vm, &dev->data.passthrough.source= ); break; + case VIR_DOMAIN_TPM_TYPE_EMULATOR: case VIR_DOMAIN_TPM_TYPE_LAST: break; } diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 0b5ec4f2ba..572861aee8 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9528,6 +9528,7 @@ qemuBuildTPMBackendStr(const virDomainDef *def, VIR_FREE(cancel_path); =20 break; + case VIR_DOMAIN_TPM_TYPE_EMULATOR: case VIR_DOMAIN_TPM_TYPE_LAST: goto error; } diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 2c51e4c0d8..e764687a85 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -10724,6 +10724,7 @@ qemuDomainSetupTPM(virQEMUDriverConfigPtr cfg ATTRI= BUTE_UNUSED, return -1; break; =20 + case VIR_DOMAIN_TPM_TYPE_EMULATOR: case VIR_DOMAIN_TPM_TYPE_LAST: /* nada */ break; diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 8938e2dd89..3ab229992a 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1372,6 +1372,7 @@ virSecurityDACSetTPMFileLabel(virSecurityManagerPtr m= gr, &tpm->data.passthrough.source, false); break; + case VIR_DOMAIN_TPM_TYPE_EMULATOR: case VIR_DOMAIN_TPM_TYPE_LAST: break; } @@ -1393,6 +1394,7 @@ virSecurityDACRestoreTPMFileLabel(virSecurityManagerP= tr mgr, &tpm->data.passthrough.sou= rce, false); break; + case VIR_DOMAIN_TPM_TYPE_EMULATOR: case VIR_DOMAIN_TPM_TYPE_LAST: break; } diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 5f74ef739b..5d20fdae70 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1472,6 +1472,7 @@ virSecuritySELinuxSetTPMFileLabel(virSecurityManagerP= tr mgr, return -1; } break; + case VIR_DOMAIN_TPM_TYPE_EMULATOR: case VIR_DOMAIN_TPM_TYPE_LAST: break; } @@ -1505,6 +1506,7 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurityM= anagerPtr mgr, VIR_FREE(cancel_path); } break; + case VIR_DOMAIN_TPM_TYPE_EMULATOR: case VIR_DOMAIN_TPM_TYPE_LAST: break; } diff --git a/tests/qemuxml2argvdata/tpm-emulator.xml b/tests/qemuxml2argvda= ta/tpm-emulator.xml new file mode 100644 index 0000000000..7f1e5756cb --- /dev/null +++ b/tests/qemuxml2argvdata/tpm-emulator.xml @@ -0,0 +1,30 @@ + + TPM-VM + 11d7cd22-da89-3094-6212-079a48a309a1 + 2097152 + 512288 + 1 + + hvm + + + + + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + + + diff --git a/tests/qemuxml2xmloutdata/tpm-emulator.xml b/tests/qemuxml2xmlo= utdata/tpm-emulator.xml new file mode 100644 index 0000000000..1b66e8b08a --- /dev/null +++ b/tests/qemuxml2xmloutdata/tpm-emulator.xml @@ -0,0 +1,34 @@ + + TPM-VM + 11d7cd22-da89-3094-6212-079a48a309a1 + 2097152 + 512288 + 1 + + hvm + + + + + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + +
+ + + + + + + + +
+ + + diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 5671114de0..bf3f469735 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -677,6 +677,7 @@ mymain(void) DO_TEST("disk-copy_on_read", NONE); DO_TEST("tpm-passthrough", NONE); DO_TEST("tpm-passthrough-crb", NONE); + DO_TEST("tpm-emulator", NONE); =20 DO_TEST("metadata", NONE); DO_TEST("metadata-duplicate", NONE); --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list