Re: [PATCH v3 09/10] qemu: Move adding of keys to swtpm command line into own function
On Sat, Oct 19, 2024 at 12:24 AM Stefan Berger <stefanb(a)linux.ibm.com> wrote:
Factor-out code related to adding key to the swtpm command line into its
own function.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
src/qemu/qemu_tpm.c | 60 +++++++++++++++++++++++++++------------------
1 file changed, 36 insertions(+), 24 deletions(-)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index f49276d9be..99473bba87 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -546,6 +546,38 @@ qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDef *emulator,
return 0;
}
+static int
+qemuTPMVirCommandSwtpmAddEncryption(virCommand *cmd,
+ const virDomainTPMEmulatorDef *emulator,
+ const char *swtpm)
+{
+ int pwdfile_fd = -1;
+ int migpwdfile_fd = -1;
+
+ if (emulator->hassecretuuid) {
+ if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) {
+ virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
+ _("%1$s does not support passing passphrase via file
descriptor"),
+ swtpm);
+ return -1;
+ }
+
+ if (qemuTPMSetupEncryption(emulator->secretuuid,
+ cmd, &pwdfile_fd) < 0)
+ return -1;
+
+ if (qemuTPMSetupEncryption(emulator->secretuuid,
+ cmd, &migpwdfile_fd) < 0)
+ return -1;
+
+ virCommandAddArg(cmd, "--key");
+ virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", pwdfile_fd);
+
+ virCommandAddArg(cmd, "--migration-key");
+ virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc",
migpwdfile_fd);
+ }
+ return 0;
+}
/*
* qemuTPMEmulatorBuildCommand:
@@ -572,8 +604,6 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
g_autoptr(virCommand) cmd = NULL;
bool created = false;
g_autofree char *swtpm = virTPMGetSwtpm();
- int pwdfile_fd = -1;
- int migpwdfile_fd = -1;
const unsigned char *secretuuid = NULL;
bool create_storage = true;
bool on_shared_storage;
@@ -644,28 +674,10 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
break;
}
- if (tpm->data.emulator.hassecretuuid) {
- if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) {
- virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
- _("%1$s does not support passing passphrase via file
descriptor"),
- swtpm);
- goto error;
- }
-
- if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid,
- cmd, &pwdfile_fd) < 0)
- goto error;
-
- if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid,
- cmd, &migpwdfile_fd) < 0)
- goto error;
-
- virCommandAddArg(cmd, "--key");
- virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", pwdfile_fd);
-
- virCommandAddArg(cmd, "--migration-key");
- virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc",
migpwdfile_fd);
- }
+ if (qemuTPMVirCommandSwtpmAddEncryption(cmd,
+ &tpm->data.emulator,
+ swtpm) < 0)
+ goto error;
/* If swtpm supports it and the TPM state is stored on shared storage,
* start swtpm with --migration release-lock-outgoing so it can migrate
--
2.47.0