Re: [libvirt] [PATCH 10/12] conf: Add support for choosing emulation of a TPM 2

On Tue, May 22, 2018 at 10:44 PM +0200, Stefan Berger <stefanb(a)linux.vnet.ibm.com&gt; wrote: > This patch extends the TPM's device XML with TPM 2 support. This only works > for the emulator type backend and looks as follows: > > <tpm model='tpm-tis'> > <backend type='emulator' version='2'/> > </tpm> > > The swtpm process now has --tpm2 as an additional parameter: > > system_u:system_r:svirt_t:s0:c597,c632 tss 18477 11.8 0.0 28364 3868 ? Rs 11:13 13:50 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/var/run/libvirt/qemu/swtpm/testvm-swtpm.sock,mode=0660 --tpmstate dir=/var/lib/libvirt/swtpm/testvm/tpm2,mode=0640 --log file=/var/log/swtpm/libvirt/qemu/testvm-swtpm.log --tpm2 --pid file=/var/run/libvirt/qemu/swtpm/testvm-swtpm.pid > > The version of the TPM can be changed and the state of the TPM is preserved. > > Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com&gt; > Reviewed-by: John Ferlan <jferlan(a)redhat.com&gt; > --- > docs/formatdomain.html.in | 15 ++++- > docs/schemas/domaincommon.rng | 12 ++++ > src/conf/domain_conf.c | 27 ++++++++- > src/conf/domain_conf.h | 6 ++ > src/qemu/qemu_tpm.c | 64 +++++++++++++++++++++- > .../tpm-emulator-tpm2.x86_64-latest.args | 33 +++++++++++ > tests/qemuxml2argvdata/tpm-emulator-tpm2.xml | 30 ++++++++++ > tests/qemuxml2argvtest.c | 1 + > tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml | 34 ++++++++++++ > 9 files changed, 217 insertions(+), 5 deletions(-) > create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.x86_64-latest.args > create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.xml > create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml > > diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in > index 08a57bd751..043c8da56f 100644 > --- a/docs/formatdomain.html.in > +++ b/docs/formatdomain.html.in > @@ -7719,7 +7719,7 @@ qemu-kvm -net nic,model=? /dev/null > ... > &lt;devices&gt; > &lt;tpm model='tpm-tis'&gt; > - &lt;backend type='emulator'&gt; > + &lt;backend type='emulator' version='2'&gt; > &lt;/backend&gt; > &lt;/tpm&gt; > &lt;/devices&gt; > @@ -7769,6 +7769,19 @@ qemu-kvm -net nic,model=? /dev/null > </dd> > </dl> > </dd> > + <dt><code>version</code></dt> > + <dd> > + <p> > + The <code>version</code> attribute indicates the version > + of the TPM. By default a TPM 1.2 is created. This attribute > + only works with the <code>emulator</code> backend. The following > + versions are supported: > + </p> > + <ul> > + <li>'1.2' : creates a TPM 1.2</li> > + <li>'2' : creates a TPM 2</li> > + </ul> > + </dd> > </dl> > > <h4><a id="elementsNVRAM">NVRAM device</a></h4> > diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng > index 3582cb5019..f11833075a 100644 > --- a/docs/schemas/domaincommon.rng > +++ b/docs/schemas/domaincommon.rng > @@ -4130,6 +4130,18 @@ > </attribute> > </group> > </choice> > + <choice> > + <group> > + <optional> > + <attribute name="version"> > + <choice> > + <value>1.2</value> > + <value>2</value> > + </choice> > + </attribute> > + </optional> > + </group> > + </choice> > </element> > </define> > > diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c > index 15dd490d17..79904789ee 100644 > --- a/src/conf/domain_conf.c > +++ b/src/conf/domain_conf.c > @@ -12657,7 +12657,7 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPtr xmlopt, > * or like this: > * > * <tpm model='tpm-tis'> > - * <backend type='emulator'/> > + * <backend type='emulator' version='2'/> > * </tpm> > */ > static virDomainTPMDefPtr > @@ -12670,6 +12670,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt, > char *path = NULL; > char *model = NULL; > char *backend = NULL; > + char *version = NULL; > virDomainTPMDefPtr def; > xmlNodePtr save = ctxt->node; > xmlNodePtr *backends = NULL; > @@ -12716,6 +12717,20 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt, > goto error; > } > > + version = virXMLPropString(backends[0], "version"); > + if (!version || STREQ(version, "1.2")) { > + def->version = VIR_DOMAIN_TPM_VERSION_1_2; > + /* only TIS available for emulator */ > + if (def->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) > + def->model = VIR_DOMAIN_TPM_MODEL_TIS; This will silently overwrite an already defined model - is this intended? Also this seems like some kind of validation logic - not sure if virDomainTPMDefParseXML is the right place for this.

> + } else if (STREQ(version, "2")) { > + def->version = VIR_DOMAIN_TPM_VERSION_2; […snip] Beste Grüße / Kind regards Marc Hartmayer IBM Deutschland Research & Development GmbH Vorsitzende des Aufsichtsrats: Martina Koederitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294