From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Hi,
When swtpm capabilities reports "nvram-backend-dir", it can accepts a single
file or block device where TPM state will be stored.
--tpmstate must be backend-uri=file://.
v5:
- fix indentation
- update doc about state sharing/locking
- add r-b from Stefan
v4:
- add "qemu: explicit swtpm state locking"
- add r-b from Stefan, first patch only atm
v3:
- changed to <source type='file/dir' path='..'/>
v2:
- add <source dir='..'/> support as well (Daniel)
Related:
https://issues.redhat.com/browse/CNV-35250
Marc-André Lureau (6):
util: check swtpm nvram-backend-{dir,file} capabilities
tpm: rename 'storagepath' to 'source_path'
schema: add TPM emulator <source type='file' path='..'>
schema: add TPM emulator <source type='dir' path='..'>
qemu_tpm: handle file/block storage source
qemu: explicit swtpm state locking
docs/formatdomain.rst | 22 ++++
src/conf/domain_conf.c | 31 ++++-
src/conf/domain_conf.h | 12 +-
src/conf/schemas/domaincommon.rng | 26 ++++
src/qemu/qemu_tpm.c | 114 +++++++++++++-----
src/security/security_selinux.c | 6 +-
src/util/virtpm.c | 3 +
src/util/virtpm.h | 3 +
.../qemuxmlconfdata/tpm-emulator-tpm2-enc.xml | 1 +
tests/qemuxmlconfdata/tpm-emulator-tpm2.xml | 1 +
tests/testutilsqemu.c | 1 +
11 files changed, 187 insertions(+), 33 deletions(-)
--
2.47.0