[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v6 00/11] Add support for guests with TPM passthrough device

On 04/12/2013 11:54 AM, Daniel P. Berrange wrote:
On Fri, Apr 12, 2013 at 11:29:43AM -0400, Stefan Berger wrote:
On 04/12/2013 09:37 AM, Daniel P. Berrange wrote:
On Fri, Apr 12, 2013 at 09:25:14AM -0400, Stefan Berger wrote:

The following set of patches adds support to libvirt for
adding a TPM passthrough device to a QEMU guest. Support for
this was recently accepted into QEMU.

This set of patches borrows a lot from the recently added support
for rng's.


   - followed tree to 039a3283
   - simplified virTPMFindCancelPath in 4/11 following D. Berrange's comments
ACK to all patches in v6.
Argh, after removing the cancel_path from the virDomainTPMDef
structure and now determining the cancel_path at the places where it
is needed and verifying that the file actually exists, the test case
only works if the device actually exists since it runs through that
code when creating the QEMU command line... The idea is to SELinux
label the device it in libvirt, which is a 'must', and pass that
same file that was labeled via QEMU command line for QEMU to just
use it. QEMU, however, can determine this file itself also -- though
I should simplify the code there as well. I thought it was better to
not assume the two are in lock-step, i.e., can find the same file,
but let libvirt pass the file that was determined.
This says to me that the virTPMFindCancelPath method is still too
over-engineered. It could just accept /dev/tpm0 and return
/sys/misc/tpm0/cancel unconditionally, without trying to probe
sysfs to see what exists there.  The security drivers will still
be validating that the file actually exists when starting QEMU,
so no need to do that on every call to virTPMFindCancelPath

You are of course right. Let me append the latest version of this file to v6 4/11 for review.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]