[libvirt] [PATCH 10/12] conf: Add support for choosing emulation of a TPM 2

Ján Tomko jtomko at redhat.com
Wed May 23 15:55:15 UTC 2018 

On Tue, May 22, 2018 at 04:44:51PM -0400, Stefan Berger wrote:
>This patch extends the TPM's device XML with TPM 2 support. This only works
>for the emulator type backend and looks as follows:
>
>    <tpm model='tpm-tis'>
>      <backend type='emulator' version='2'/>
>    </tpm>
>
>The swtpm process now has --tpm2 as an additional parameter:
>
>system_u:system_r:svirt_t:s0:c597,c632 tss 18477 11.8  0.0 28364  3868 ?        Rs   11:13  13:50 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/var/run/libvirt/qemu/swtpm/testvm-swtpm.sock,mode=0660 --tpmstate dir=/var/lib/libvirt/swtpm/testvm/tpm2,mode=0640 --log file=/var/log/swtpm/libvirt/qemu/testvm-swtpm.log --tpm2 --pid file=/var/run/libvirt/qemu/swtpm/testvm-swtpm.pid
>
>The version of the TPM can be changed and the state of the TPM is preserved.
>
>Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
>Reviewed-by: John Ferlan <jferlan at redhat.com>
>---
> docs/formatdomain.html.in                          | 15 ++++-
> docs/schemas/domaincommon.rng                      | 12 ++++
> src/conf/domain_conf.c                             | 27 ++++++++-
> src/conf/domain_conf.h                             |  6 ++
> src/qemu/qemu_tpm.c                                | 64 +++++++++++++++++++++-
> .../tpm-emulator-tpm2.x86_64-latest.args           | 33 +++++++++++
> tests/qemuxml2argvdata/tpm-emulator-tpm2.xml       | 30 ++++++++++
> tests/qemuxml2argvtest.c                           |  1 +
> tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml     | 34 ++++++++++++
> 9 files changed, 217 insertions(+), 5 deletions(-)
> create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.x86_64-latest.args
> create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.xml
> create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml
>

>@@ -24941,6 +24963,9 @@ virDomainTPMDefFormat(virBufferPtr buf,
>     virBufferAsprintf(buf, "<backend type='%s'",
>                       virDomainTPMBackendTypeToString(def->type));
>
>+    if (def->version == VIR_DOMAIN_TPM_VERSION_2)
>+        virBufferAddLit(buf, " version='2'");
>+

Any reason for not formatting version 1.2?
We should format implicit defaults in the XML if possible.

>     switch (def->type) {
>     case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
>         virBufferAddLit(buf, ">\n");
>diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
>index 92466278ab..e2409899bc 100644
>--- a/src/conf/domain_conf.h
>+++ b/src/conf/domain_conf.h
>@@ -1291,12 +1291,18 @@ typedef enum {
>     VIR_DOMAIN_TPM_TYPE_LAST
> } virDomainTPMBackendType;
>
>+typedef enum {
>+    VIR_DOMAIN_TPM_VERSION_1_2,
>+    VIR_DOMAIN_TPM_VERSION_2,
>+} virDomainTPMVersion;

With a corresponding VIR_ENUM_IMPL and VIR_ENUM_DECL,
you can use the *{To,From}String functions for parsing/formatting
the version.

>+
> # define VIR_DOMAIN_TPM_DEFAULT_DEVICE "/dev/tpm0"
>
> struct _virDomainTPMDef {
>     virDomainTPMBackendType type;
>     virDomainDeviceInfo info;
>     virDomainTPMModel model;
>+    virDomainTPMVersion version;
>     union {
>         struct {
>             virDomainChrSourceDef source;
>diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
>index 11b91aa915..508685c455 100644
>--- a/src/qemu/qemu_tpm.c
>+++ b/src/qemu/qemu_tpm.c
>@@ -54,6 +54,41 @@ static char *swtpm_path;
> static char *swtpm_setup;
> static char *swtpm_ioctl;
>
>+bool swtpm_supports_tpm2;
>+
>+/*
>+ * qemuTPMCheckForTPM2Support
>+ *
>+ * Check whether swtpm_setup supports TPM 2
>+ */
>+static void
>+qemuTPMCheckForTPM2Support(void)
>+{
>+    virCommandPtr cmd;
>+    char *help = NULL;
>+
>+    if (!swtpm_setup)
>+        return;
>+
>+    cmd = virCommandNew(swtpm_setup);
>+    if (!cmd)
>+        return;
>+
>+    virCommandAddArg(cmd, "--help");
>+    virCommandSetOutputBuffer(cmd, &help);
>+
>+    if (virCommandRun(cmd, NULL) < 0)
>+        goto cleanup;
>+
>+    if (strstr(help, "--tpm2"))
>+        swtpm_supports_tpm2 = true;

This bool is never read.

Given that version 2 has to be requested in the XML and we don't try to
use it automatically, I'd suggest just dropping this function. We don't
need to parse another tool's --help output to make up for the removal
of parsing --help of qemu and qemu-img.

Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180523/942514d5/attachment-0001.sig>

More information about the libvir-list mailing list