9:15 a.m.
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Hi,
When swtpm capabilities reports "nvram-backend-dir", it can accepts a single
file or block device where TPM state will be stored.
--tpmstate must be backend-uri=file://.
v5:
- fix indentation
- update doc about state sharing/locking
- add r-b from Stefan
v4:
- add "qemu: explicit swtpm state locking"
- add r-b from Stefan, first patch only atm
v3:
- changed to <source type='file/dir' path='..'/>
v2:
- add <source dir='..'/> support as well (Daniel)
Related: https://issues.redhat.com/browse/CNV-35250
Marc-André Lureau (6):
util: check swtpm nvram-backend-{dir,file} capabilities
tpm: rename 'storagepath' to 'source_path'
schema: add TPM emulator <source type='file' path='..'>
schema: add TPM emulator <source type='dir' path='..'>
qemu_tpm: handle file/block storage source
qemu: explicit swtpm state locking
docs/formatdomain.rst | 22 ++++
src/conf/domain_conf.c | 31 ++++-
src/conf/domain_conf.h | 12 +-
src/conf/schemas/domaincommon.rng | 26 ++++
src/qemu/qemu_tpm.c | 114 +++++++++++++-----
src/security/security_selinux.c | 6 +-
src/util/virtpm.c | 3 +
src/util/virtpm.h | 3 +
.../qemuxmlconfdata/tpm-emulator-tpm2-enc.xml | 1 +
tests/qemuxmlconfdata/tpm-emulator-tpm2.xml | 1 +
tests/testutilsqemu.c | 1 +
11 files changed, 187 insertions(+), 33 deletions(-)
--
2.47.0
9:15 a.m.
New subject: [PATCH v5 1/6] util: check swtpm nvram-backend-{dir,file} capabilities
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Reviewed-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/util/virtpm.c | 2 ++
src/util/virtpm.h | 2 ++
2 files changed, 4 insertions(+)
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index 81fd6166cf..298caaad80 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -40,6 +40,8 @@ VIR_ENUM_IMPL(virTPMSwtpmFeature,
VIR_TPM_SWTPM_FEATURE_LAST,
"cmdarg-pwd-fd",
"cmdarg-migration",
+ "nvram-backend-dir",
+ "nvram-backend-file",
);
VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index fb330effa8..99dbcc1dc8 100644
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -31,6 +31,8 @@ bool virTPMHasSwtpm(void);
typedef enum {
VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD,
VIR_TPM_SWTPM_FEATURE_CMDARG_MIGRATION,
+ VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_DIR,
+ VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_FILE,
VIR_TPM_SWTPM_FEATURE_LAST
} virTPMSwtpmFeature;
--
2.47.0
9:15 a.m.
New subject: [PATCH v5 2/6] tpm: rename 'storagepath' to 'source_path'
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Mechanically replace existing 'storagepath' with 'source_path', as the
following patches introduce <source path='..'> configuration.
Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Reviewed-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/conf/domain_conf.c | 2 +-
src/conf/domain_conf.h | 2 +-
src/qemu/qemu_tpm.c | 46 ++++++++++++++++-----------------
src/security/security_selinux.c | 6 ++---
4 files changed, 28 insertions(+), 28 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 6d7dee7956..284a3815b3 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3461,7 +3461,7 @@ void virDomainTPMDefFree(virDomainTPMDef *def)
break;
case VIR_DOMAIN_TPM_TYPE_EMULATOR:
virObjectUnref(def->data.emulator.source);
- g_free(def->data.emulator.storagepath);
+ g_free(def->data.emulator.source_path);
g_free(def->data.emulator.logfile);
virBitmapFree(def->data.emulator.activePcrBanks);
break;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index a15af4fae3..6b27322e3e 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1478,7 +1478,7 @@ struct _virDomainTPMDef {
struct {
virDomainTPMVersion version;
virDomainChrSourceDef *source;
- char *storagepath;
+ char *source_path;
char *logfile;
unsigned int debug;
unsigned char secretuuid[VIR_UUID_BUFLEN];
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 749e4232b9..2d9cd59643 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -173,8 +173,8 @@ qemuTPMEmulatorCreateStorage(virDomainTPMDef *tpm,
uid_t swtpm_user,
gid_t swtpm_group)
{
- const char *storagepath = tpm->data.emulator.storagepath;
- g_autofree char *swtpmStorageDir = g_path_get_dirname(storagepath);
+ const char *source_path = tpm->data.emulator.source_path;
+ g_autofree char *swtpmStorageDir = g_path_get_dirname(source_path);
/* allow others to cd into this dir */
if (g_mkdir_with_parents(swtpmStorageDir, 0711) < 0) {
@@ -186,19 +186,19 @@ qemuTPMEmulatorCreateStorage(virDomainTPMDef *tpm,
*created = false;
- if (!virFileExists(storagepath) ||
- virDirIsEmpty(storagepath, true) > 0)
+ if (!virFileExists(source_path) ||
+ virDirIsEmpty(source_path, true) > 0)
*created = true;
- if (virDirCreate(storagepath, 0700, swtpm_user, swtpm_group,
+ if (virDirCreate(source_path, 0700, swtpm_user, swtpm_group,
VIR_DIR_CREATE_ALLOW_EXIST) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Could not create directory %1$s as %2$u:%3$d"),
- storagepath, swtpm_user, swtpm_group);
+ source_path, swtpm_user, swtpm_group);
return -1;
}
- if (virFileChownFiles(storagepath, swtpm_user, swtpm_group) < 0)
+ if (virFileChownFiles(source_path, swtpm_user, swtpm_group) < 0)
return -1;
return 0;
@@ -214,7 +214,7 @@ qemuTPMEmulatorCreateStorage(virDomainTPMDef *tpm,
static void
qemuTPMEmulatorDeleteStorage(virDomainTPMDef *tpm)
{
- g_autofree char *path = g_path_get_dirname(tpm->data.emulator.storagepath);
+ g_autofree char *path = g_path_get_dirname(tpm->data.emulator.source_path);
ignore_value(virFileDeleteTree(path));
}
@@ -343,7 +343,7 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd,
/*
* qemuTPMEmulatorRunSetup
*
- * @storagepath: path to the directory for TPM state
+ * @source_path: path to the directory for TPM state
* @vmname: the name of the VM
* @vmuuid: the UUID of the VM
* @privileged: whether we are running in privileged mode
@@ -360,7 +360,7 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd,
* certificates for it.
*/
static int
-qemuTPMEmulatorRunSetup(const char *storagepath,
+qemuTPMEmulatorRunSetup(const char *source_path,
const char *vmname,
const unsigned char *vmuuid,
bool privileged,
@@ -413,7 +413,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
if (!incomingMigration) {
virCommandAddArgList(cmd,
- "--tpm-state", storagepath,
+ "--tpm-state", source_path,
"--vmid", vmid,
"--logfile", logfile,
"--createek",
@@ -424,7 +424,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
NULL);
} else {
virCommandAddArgList(cmd,
- "--tpm-state", storagepath,
+ "--tpm-state", source_path,
"--logfile", logfile,
"--overwrite",
NULL);
@@ -465,7 +465,7 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks)
* qemuTPMEmulatorReconfigure
*
*
- * @storagepath: path to the directory for TPM state
+ * @source_path: path to the directory for TPM state
* @swtpm_user: The userid to switch to when setting up the TPM;
* typically this should be the uid of 'tss' or 'root'
* @swtpm_group: The group id to switch to
@@ -478,7 +478,7 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks)
* Reconfigure the active PCR banks of a TPM 2.
*/
static int
-qemuTPMEmulatorReconfigure(const char *storagepath,
+qemuTPMEmulatorReconfigure(const char *source_path,
uid_t swtpm_user,
gid_t swtpm_group,
virBitmap *activePcrBanks,
@@ -510,7 +510,7 @@ qemuTPMEmulatorReconfigure(const char *storagepath,
return -1;
virCommandAddArgList(cmd,
- "--tpm-state", storagepath,
+ "--tpm-state", source_path,
"--logfile", logfile,
"--pcr-banks", activePcrBanksStr,
"--reconfigure",
@@ -570,7 +570,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
/* Do not create storage and run swtpm_setup on incoming migration over
* shared storage
*/
- on_shared_storage = virFileIsSharedFS(tpm->data.emulator.storagepath,
sharedFilesystems) == 1;
+ on_shared_storage = virFileIsSharedFS(tpm->data.emulator.source_path,
sharedFilesystems) == 1;
if (incomingMigration && on_shared_storage)
create_storage = false;
@@ -582,7 +582,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
secretuuid = tpm->data.emulator.secretuuid;
if (created &&
- qemuTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vmuuid,
+ qemuTPMEmulatorRunSetup(tpm->data.emulator.source_path, vmname, vmuuid,
privileged, swtpm_user, swtpm_group,
tpm->data.emulator.logfile,
tpm->data.emulator.version,
@@ -590,7 +590,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
goto error;
if (!incomingMigration &&
- qemuTPMEmulatorReconfigure(tpm->data.emulator.storagepath,
+ qemuTPMEmulatorReconfigure(tpm->data.emulator.source_path,
swtpm_user, swtpm_group,
tpm->data.emulator.activePcrBanks,
tpm->data.emulator.logfile,
@@ -610,7 +610,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
virCommandAddArg(cmd, "--tpmstate");
virCommandAddArgFormat(cmd, "dir=%s,mode=0600",
- tpm->data.emulator.storagepath);
+ tpm->data.emulator.source_path);
virCommandAddArg(cmd, "--log");
if (tpm->data.emulator.debug != 0)
@@ -723,8 +723,8 @@ qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm,
virUUIDFormat(uuid, uuidstr);
- if (!tpm->data.emulator.storagepath &&
- !(tpm->data.emulator.storagepath =
+ if (!tpm->data.emulator.source_path &&
+ !(tpm->data.emulator.source_path =
qemuTPMEmulatorStorageBuildPath(swtpmStorageDir, uuidstr,
tpm->data.emulator.version)))
return -1;
@@ -759,7 +759,7 @@ qemuTPMEmulatorCleanupHost(virQEMUDriver *driver,
* storage.
*/
if (outgoingMigration &&
- virFileIsSharedFS(tpm->data.emulator.storagepath, cfg->sharedFilesystems)
== 1)
+ virFileIsSharedFS(tpm->data.emulator.source_path, cfg->sharedFilesystems)
== 1)
return;
/*
@@ -1040,7 +1040,7 @@ qemuTPMHasSharedStorage(virQEMUDriver *driver,
switch (tpm->type) {
case VIR_DOMAIN_TPM_TYPE_EMULATOR:
- return virFileIsSharedFS(tpm->data.emulator.storagepath,
+ return virFileIsSharedFS(tpm->data.emulator.source_path,
cfg->sharedFilesystems) == 1;
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
case VIR_DOMAIN_TPM_TYPE_EXTERNAL:
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 8f567d5488..18daa521d1 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -3726,7 +3726,7 @@ virSecuritySELinuxSetTPMLabels(virSecurityManager *mgr,
if (setTPMStateLabel) {
ret = virSecuritySELinuxSetFileLabels(mgr,
-
def->tpms[i]->data.emulator.storagepath,
+
def->tpms[i]->data.emulator.source_path,
seclabel);
}
@@ -3756,14 +3756,14 @@ virSecuritySELinuxRestoreTPMLabels(virSecurityManager *mgr,
if (restoreTPMStateLabel) {
ret = virSecuritySELinuxRestoreFileLabels(mgr,
-
def->tpms[i]->data.emulator.storagepath);
+
def->tpms[i]->data.emulator.source_path);
} else {
/* Even if we're not restoring the original label for the
* TPM state directory, we should still forget any
* remembered label so that a subsequent attempt at TPM
* startup will not fail due to the state directory being
* considered as still in use */
-
virSecuritySELinuxForgetLabels(def->tpms[i]->data.emulator.storagepath);
+
virSecuritySELinuxForgetLabels(def->tpms[i]->data.emulator.source_path);
}
if (ret == 0 &&
--
2.47.0
9:15 a.m.
New subject: [PATCH v5 3/6] schema: add TPM emulator <source type='file' path='..'>
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Learn to parse a file path for the TPM state.
Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Reviewed-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
docs/formatdomain.rst | 21 ++++++++++++++++
src/conf/domain_conf.c | 28 +++++++++++++++++++++
src/conf/domain_conf.h | 9 +++++++
src/conf/schemas/domaincommon.rng | 14 +++++++++++
tests/qemuxmlconfdata/tpm-emulator-tpm2.xml | 1 +
5 files changed, 73 insertions(+)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 3253a28e5a..9104c95a4a 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -8181,6 +8181,27 @@ Example: usage of the TPM Emulator
The default version used depends on the combination of hypervisor, guest
architecture, TPM model and backend.
+``source``
+ The ``source`` element specifies the location of the TPM state storage . This
+ element only works with the ``emulator`` backend.
+
+ When specified, it is the user's responsability to prevent files from being
+ used by multiple VMs or emulators (swtpm will also use advisory locking). If
+ not specified, the storage configuration is left to libvirt discretion.
+
+ This element requires that swtpm v0.7 or later is installed.
+
+ The following attributes are supported:
+
+ ``type``
+ The type of storage. It's possible to provide "file" to utilize a
single
+ file or block device where the TPM state will be stored.
+
+ ``path``
+ The path to the TPM state storage.
+
+ :since:`Since v10.9.0`
+
``persistent_state``
The ``persistent_state`` attribute indicates whether 'swtpm' TPM state is
kept or not when a transient domain is powered off or undefined. This
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 284a3815b3..9dd8b6b55d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1322,6 +1322,12 @@ VIR_ENUM_IMPL(virDomainTPMVersion,
"2.0",
);
+VIR_ENUM_IMPL(virDomainTPMSourceType,
+ VIR_DOMAIN_TPM_SOURCE_TYPE_LAST,
+ "default",
+ "file",
+);
+
VIR_ENUM_IMPL(virDomainTPMPcrBank,
VIR_DOMAIN_TPM_PCR_BANK_LAST,
"sha1",
@@ -10784,6 +10790,7 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt,
int nbackends;
int nnodes;
size_t i;
+ xmlNodePtr source_node = NULL;
g_autofree char *path = NULL;
g_autofree char *secretuuid = NULL;
g_autofree char *persistent_state = NULL;
@@ -10857,6 +10864,22 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt,
def->data.emulator.hassecretuuid = true;
}
+ source_node = virXPathNode("./backend/source", ctxt);
+ if (source_node) {
+ if (virXMLPropEnum(source_node, "type",
+ virDomainTPMSourceTypeTypeFromString,
+ VIR_XML_PROP_NONZERO,
+ &def->data.emulator.source_type) < 0)
+ goto error;
+ path = virXMLPropString(source_node, "path");
+ if (!path) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing TPM source path"));
+ goto error;
+ }
+ def->data.emulator.source_path = g_steal_pointer(&path);
+ }
+
persistent_state = virXMLPropString(backends[0], "persistent_state");
if (persistent_state) {
if (virStringParseYesNo(persistent_state,
@@ -25070,6 +25093,11 @@ virDomainTPMDefFormat(virBuffer *buf,
virXMLFormatElement(&backendChildBuf, "active_pcr_banks", NULL,
&activePcrBanksBuf);
}
+ if (def->data.emulator.source_type != VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT) {
+ virBufferAsprintf(&backendChildBuf, "<source
type='%s'",
+
virDomainTPMSourceTypeTypeToString(def->data.emulator.source_type));
+ virBufferEscapeString(&backendChildBuf, "
path='%s'/>\n", def->data.emulator.source_path);
+ }
break;
case VIR_DOMAIN_TPM_TYPE_EXTERNAL:
if (def->data.external.source->type == VIR_DOMAIN_CHR_TYPE_UNIX) {
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 6b27322e3e..7a70f68177 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1463,6 +1463,13 @@ typedef enum {
VIR_DOMAIN_TPM_PCR_BANK_LAST
} virDomainPcrBank;
+typedef enum {
+ VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT = 0,
+ VIR_DOMAIN_TPM_SOURCE_TYPE_FILE,
+
+ VIR_DOMAIN_TPM_SOURCE_TYPE_LAST
+} virDomainTPMSourceType;
+
#define VIR_DOMAIN_TPM_DEFAULT_DEVICE "/dev/tpm0"
struct _virDomainTPMDef {
@@ -1478,6 +1485,7 @@ struct _virDomainTPMDef {
struct {
virDomainTPMVersion version;
virDomainChrSourceDef *source;
+ virDomainTPMSourceType source_type;
char *source_path;
char *logfile;
unsigned int debug;
@@ -4277,6 +4285,7 @@ VIR_ENUM_DECL(virDomainRNGBackend);
VIR_ENUM_DECL(virDomainTPMModel);
VIR_ENUM_DECL(virDomainTPMBackend);
VIR_ENUM_DECL(virDomainTPMVersion);
+VIR_ENUM_DECL(virDomainTPMSourceType);
VIR_ENUM_DECL(virDomainTPMPcrBank);
VIR_ENUM_DECL(virDomainMemoryModel);
VIR_ENUM_DECL(virDomainMemoryBackingModel);
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index efb5f00d77..8d91fb0dd6 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -5923,6 +5923,7 @@
<interleave>
<ref name="tpm-backend-emulator-encryption"/>
<ref name="tpm-backend-emulator-active-pcr-banks"/>
+ <ref name="tpm-backend-emulator-source"/>
</interleave>
<optional>
<attribute name="persistent_state">
@@ -5981,6 +5982,19 @@
</optional>
</define>
+ <define name="tpm-backend-emulator-source">
+ <optional>
+ <element name="source">
+ <attribute name="type">
+ <value>file</value>
+ </attribute>
+ <attribute name="path">
+ <ref name="absFilePath"/>
+ </attribute>
+ </element>
+ </optional>
+ </define>
+
<define name="tpm-backend-emulator-encryption">
<optional>
<element name="encryption">
diff --git a/tests/qemuxmlconfdata/tpm-emulator-tpm2.xml
b/tests/qemuxmlconfdata/tpm-emulator-tpm2.xml
index 8a613db456..3d6300f544 100644
--- a/tests/qemuxmlconfdata/tpm-emulator-tpm2.xml
+++ b/tests/qemuxmlconfdata/tpm-emulator-tpm2.xml
@@ -34,6 +34,7 @@
<sha256/>
<sha512/>
</active_pcr_banks>
+ <source type='file' path='/path/to/state'/>
</backend>
</tpm>
<audio id='1' type='none'/>
--
2.47.0
9:15 a.m.
New subject: [PATCH v5 4/6] schema: add TPM emulator <source type='dir' path='..'>
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Learn to parse a directory for the TPM state.
Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Reviewed-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
docs/formatdomain.rst | 3 ++-
src/conf/domain_conf.c | 1 +
src/conf/domain_conf.h | 1 +
src/conf/schemas/domaincommon.rng | 24 ++++++++++++++-----
.../qemuxmlconfdata/tpm-emulator-tpm2-enc.xml | 1 +
5 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 9104c95a4a..fccff47d08 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -8195,7 +8195,8 @@ Example: usage of the TPM Emulator
``type``
The type of storage. It's possible to provide "file" to utilize a
single
- file or block device where the TPM state will be stored.
+ file or block device where the TPM state will be stored, or "dir" for
the
+ directory where the files will be stored.
``path``
The path to the TPM state storage.
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 9dd8b6b55d..3a32e50890 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1326,6 +1326,7 @@ VIR_ENUM_IMPL(virDomainTPMSourceType,
VIR_DOMAIN_TPM_SOURCE_TYPE_LAST,
"default",
"file",
+ "dir",
);
VIR_ENUM_IMPL(virDomainTPMPcrBank,
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 7a70f68177..45c52107e8 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1466,6 +1466,7 @@ typedef enum {
typedef enum {
VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT = 0,
VIR_DOMAIN_TPM_SOURCE_TYPE_FILE,
+ VIR_DOMAIN_TPM_SOURCE_TYPE_DIR,
VIR_DOMAIN_TPM_SOURCE_TYPE_LAST
} virDomainTPMSourceType;
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 8d91fb0dd6..8360eeae3f 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -5985,12 +5985,24 @@
<define name="tpm-backend-emulator-source">
<optional>
<element name="source">
- <attribute name="type">
- <value>file</value>
- </attribute>
- <attribute name="path">
- <ref name="absFilePath"/>
- </attribute>
+ <choice>
+ <group>
+ <attribute name="type">
+ <value>file</value>
+ </attribute>
+ <attribute name="path">
+ <ref name="absFilePath"/>
+ </attribute>
+ </group>
+ <group>
+ <attribute name="type">
+ <value>dir</value>
+ </attribute>
+ <attribute name="path">
+ <ref name="absDirPath"/>
+ </attribute>
+ </group>
+ </choice>
</element>
</optional>
</define>
diff --git a/tests/qemuxmlconfdata/tpm-emulator-tpm2-enc.xml
b/tests/qemuxmlconfdata/tpm-emulator-tpm2-enc.xml
index 9c2279b28b..e0c657645d 100644
--- a/tests/qemuxmlconfdata/tpm-emulator-tpm2-enc.xml
+++ b/tests/qemuxmlconfdata/tpm-emulator-tpm2-enc.xml
@@ -30,6 +30,7 @@
<tpm model='tpm-tis'>
<backend type='emulator' version='2.0'>
<encryption secret='32ee7e76-2178-47a1-ab7b-269e6e348015'/>
+ <source type='dir' path='/some/dir'/>
</backend>
</tpm>
<audio id='1' type='none'/>
--
2.47.0
9:15 a.m.
New subject: [PATCH v5 5/6] qemu_tpm: handle file/block storage source
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
When swtpm reports "nvram-backend-dir", it can accepts a single file or
block device where TPM state will be stored. --tpmstate must be
backend-uri=file://<path>.
Teach the storage to use custom directory or file source location.
Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Reviewed-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/qemu/qemu_tpm.c | 77 +++++++++++++++++++++++++++++++++++++--------
1 file changed, 64 insertions(+), 13 deletions(-)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 2d9cd59643..bf94b6ac0d 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -340,9 +340,28 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd,
}
+static char *
+qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSourceType source_type,
+ const char *source_path)
+{
+ switch (source_type) {
+ case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE:
+ /* the file:// prefix is supported since swtpm_setup 0.7.0 */
+ /* assume the capability check for swtpm is redundant. */
+ return g_strdup_printf("file://%s", source_path);
+ case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR:
+ case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT:
+ case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST:
+ default:
+ return g_strdup_printf("%s", source_path);
+ }
+}
+
+
/*
* qemuTPMEmulatorRunSetup
*
+ * @source_type: type of storage
* @source_path: path to the directory for TPM state
* @vmname: the name of the VM
* @vmuuid: the UUID of the VM
@@ -360,7 +379,8 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd,
* certificates for it.
*/
static int
-qemuTPMEmulatorRunSetup(const char *source_path,
+qemuTPMEmulatorRunSetup(const virDomainTPMSourceType source_type,
+ const char *source_path,
const char *vmname,
const unsigned char *vmuuid,
bool privileged,
@@ -376,6 +396,7 @@ qemuTPMEmulatorRunSetup(const char *source_path,
char uuid[VIR_UUID_STRING_BUFLEN];
g_autofree char *vmid = NULL;
g_autofree char *swtpm_setup = virTPMGetSwtpmSetup();
+ g_autofree char *tpm_state = qemuTPMGetSwtpmSetupStateArg(source_type, source_path);
if (!swtpm_setup)
return -1;
@@ -413,7 +434,7 @@ qemuTPMEmulatorRunSetup(const char *source_path,
if (!incomingMigration) {
virCommandAddArgList(cmd,
- "--tpm-state", source_path,
+ "--tpm-state", tpm_state,
"--vmid", vmid,
"--logfile", logfile,
"--createek",
@@ -424,7 +445,7 @@ qemuTPMEmulatorRunSetup(const char *source_path,
NULL);
} else {
virCommandAddArgList(cmd,
- "--tpm-state", source_path,
+ "--tpm-state", tpm_state,
"--logfile", logfile,
"--overwrite",
NULL);
@@ -465,6 +486,7 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks)
* qemuTPMEmulatorReconfigure
*
*
+ * @source_type: type of storage
* @source_path: path to the directory for TPM state
* @swtpm_user: The userid to switch to when setting up the TPM;
* typically this should be the uid of 'tss' or 'root'
@@ -478,7 +500,8 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks)
* Reconfigure the active PCR banks of a TPM 2.
*/
static int
-qemuTPMEmulatorReconfigure(const char *source_path,
+qemuTPMEmulatorReconfigure(const virDomainTPMSourceType source_type,
+ const char *source_path,
uid_t swtpm_user,
gid_t swtpm_group,
virBitmap *activePcrBanks,
@@ -490,6 +513,7 @@ qemuTPMEmulatorReconfigure(const char *source_path,
int exitstatus;
g_autofree char *activePcrBanksStr = NULL;
g_autofree char *swtpm_setup = virTPMGetSwtpmSetup();
+ g_autofree char *tpm_state = qemuTPMGetSwtpmSetupStateArg(source_type, source_path);
if (!swtpm_setup)
return -1;
@@ -510,7 +534,7 @@ qemuTPMEmulatorReconfigure(const char *source_path,
return -1;
virCommandAddArgList(cmd,
- "--tpm-state", source_path,
+ "--tpm-state", tpm_state,
"--logfile", logfile,
"--pcr-banks", activePcrBanksStr,
"--reconfigure",
@@ -557,6 +581,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
{
g_autoptr(virCommand) cmd = NULL;
bool created = false;
+ bool run_setup = false;
g_autofree char *swtpm = virTPMGetSwtpm();
int pwdfile_fd = -1;
int migpwdfile_fd = -1;
@@ -567,6 +592,18 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
if (!swtpm)
return NULL;
+ if (tpm->data.emulator.source_type == VIR_DOMAIN_TPM_SOURCE_TYPE_FILE) {
+ if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_DIR)) {
+ virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
+ _("%1$s does not support file storage"),
+ swtpm);
+ goto error;
+ }
+ create_storage = false;
+ /* setup is run with --not-overwrite */
+ run_setup = true;
+ }
+
/* Do not create storage and run swtpm_setup on incoming migration over
* shared storage
*/
@@ -574,15 +611,18 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
if (incomingMigration && on_shared_storage)
create_storage = false;
- if (create_storage &&
- qemuTPMEmulatorCreateStorage(tpm, &created, swtpm_user, swtpm_group) < 0)
- return NULL;
+ if (create_storage) {
+ if (qemuTPMEmulatorCreateStorage(tpm, &created, swtpm_user, swtpm_group) <
0)
+ return NULL;
+ run_setup = created;
+ }
if (tpm->data.emulator.hassecretuuid)
secretuuid = tpm->data.emulator.secretuuid;
- if (created &&
- qemuTPMEmulatorRunSetup(tpm->data.emulator.source_path, vmname, vmuuid,
+ if (run_setup &&
+ qemuTPMEmulatorRunSetup(tpm->data.emulator.source_type,
+ tpm->data.emulator.source_path, vmname, vmuuid,
privileged, swtpm_user, swtpm_group,
tpm->data.emulator.logfile,
tpm->data.emulator.version,
@@ -590,7 +630,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
goto error;
if (!incomingMigration &&
- qemuTPMEmulatorReconfigure(tpm->data.emulator.source_path,
+ qemuTPMEmulatorReconfigure(tpm->data.emulator.source_type,
+ tpm->data.emulator.source_path,
swtpm_user, swtpm_group,
tpm->data.emulator.activePcrBanks,
tpm->data.emulator.logfile,
@@ -609,8 +650,18 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
tpm->data.emulator.source->data.nix.path);
virCommandAddArg(cmd, "--tpmstate");
- virCommandAddArgFormat(cmd, "dir=%s,mode=0600",
- tpm->data.emulator.source_path);
+ switch (tpm->data.emulator.source_type) {
+ case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE:
+ virCommandAddArgFormat(cmd, "backend-uri=file://%s",
+ tpm->data.emulator.source_path);
+ break;
+ case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR:
+ case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT:
+ case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST:
+ virCommandAddArgFormat(cmd, "dir=%s,mode=0600",
+ tpm->data.emulator.source_path);
+ break;
+ }
virCommandAddArg(cmd, "--log");
if (tpm->data.emulator.debug != 0)
--
2.47.0
9:15 a.m.
New subject: [PATCH v5 6/6] qemu: explicit swtpm state locking
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
With upcoming v0.10 swtpm (commit
https://github.com/stefanberger/swtpm/commit/aa483aeb6df87ed56ccf3d5778d6...),
file locking with "lock" option is now supported and reflected in
"tpmstate-opt-lock" capability.
Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Reviewed-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/qemu/qemu_tpm.c | 11 +++++++++--
src/util/virtpm.c | 1 +
src/util/virtpm.h | 1 +
tests/testutilsqemu.c | 1 +
4 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index bf94b6ac0d..edd10ca2f6 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -344,16 +344,23 @@ static char *
qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSourceType source_type,
const char *source_path)
{
+ const char *lock = ",lock";
+
+ if (!virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK)) {
+ VIR_WARN("This swtpm version doesn't support explicit locking");
+ lock = "";
+ }
+
switch (source_type) {
case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE:
/* the file:// prefix is supported since swtpm_setup 0.7.0 */
/* assume the capability check for swtpm is redundant. */
- return g_strdup_printf("file://%s", source_path);
+ return g_strdup_printf("file://%s%s", source_path, lock);
case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR:
case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT:
case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST:
default:
- return g_strdup_printf("%s", source_path);
+ return g_strdup_printf("%s%s", source_path, lock);
}
}
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index 298caaad80..8dcd3f90d9 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -52,6 +52,7 @@ VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
"cmdarg-reconfigure-pcr-banks",
"tpm-1.2",
"tpm-2.0",
+ "tpmstate-opt-lock",
);
/**
diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index 99dbcc1dc8..279cb7e976 100644
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -44,6 +44,7 @@ typedef enum {
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS,
VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2,
VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0,
+ VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK,
VIR_TPM_SWTPM_SETUP_FEATURE_LAST
} virTPMSwtpmSetupFeature;
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index 4daee432e5..f40bfa873c 100644
--- a/tests/testutilsqemu.c
+++ b/tests/testutilsqemu.c
@@ -71,6 +71,7 @@ virTPMSwtpmSetupCapsGet(virTPMSwtpmSetupFeature cap)
case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES:
case VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT:
case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS:
+ case VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK:
case VIR_TPM_SWTPM_SETUP_FEATURE_LAST:
break;
}
--
2.47.0
6:35 a.m.
ping!
On Tue, Oct 22, 2024 at 6:15 PM <marcandre.lureau(a)redhat.com> wrote:
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Hi,
When swtpm capabilities reports "nvram-backend-dir", it can accepts a single
file or block device where TPM state will be stored.
--tpmstate must be backend-uri=file://.
v5:
- fix indentation
- update doc about state sharing/locking
- add r-b from Stefan
v4:
- add "qemu: explicit swtpm state locking"
- add r-b from Stefan, first patch only atm
v3:
- changed to <source type='file/dir' path='..'/>
v2:
- add <source dir='..'/> support as well (Daniel)
Related: https://issues.redhat.com/browse/CNV-35250
Marc-André Lureau (6):
util: check swtpm nvram-backend-{dir,file} capabilities
tpm: rename 'storagepath' to 'source_path'
schema: add TPM emulator <source type='file' path='..'>
schema: add TPM emulator <source type='dir' path='..'>
qemu_tpm: handle file/block storage source
qemu: explicit swtpm state locking
docs/formatdomain.rst | 22 ++++
src/conf/domain_conf.c | 31 ++++-
src/conf/domain_conf.h | 12 +-
src/conf/schemas/domaincommon.rng | 26 ++++
src/qemu/qemu_tpm.c | 114 +++++++++++++-----
src/security/security_selinux.c | 6 +-
src/util/virtpm.c | 3 +
src/util/virtpm.h | 3 +
.../qemuxmlconfdata/tpm-emulator-tpm2-enc.xml | 1 +
tests/qemuxmlconfdata/tpm-emulator-tpm2.xml | 1 +
tests/testutilsqemu.c | 1 +
11 files changed, 187 insertions(+), 33 deletions(-)
--
2.47.0
8:42 a.m.
New subject: [PATCH v5 0/6] Add TPM emulator <source type='file/dir'
path='..'/>
On Wed, Oct 30, 2024 at 03:35:57PM +0400, Marc-André Lureau wrote:
ping!
Pushed now
On Tue, Oct 22, 2024 at 6:15 PM <marcandre.lureau(a)redhat.com>
wrote:
>
> From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
>
> Hi,
>
> When swtpm capabilities reports "nvram-backend-dir", it can accepts a
single
> file or block device where TPM state will be stored.
>
> --tpmstate must be backend-uri=file://.
>
> v5:
> - fix indentation
> - update doc about state sharing/locking
> - add r-b from Stefan
>
> v4:
> - add "qemu: explicit swtpm state locking"
> - add r-b from Stefan, first patch only atm
>
> v3:
> - changed to <source type='file/dir' path='..'/>
>
> v2:
> - add <source dir='..'/> support as well (Daniel)
>
> Related: https://issues.redhat.com/browse/CNV-35250
>
> Marc-André Lureau (6):
> util: check swtpm nvram-backend-{dir,file} capabilities
> tpm: rename 'storagepath' to 'source_path'
> schema: add TPM emulator <source type='file' path='..'>
> schema: add TPM emulator <source type='dir' path='..'>
> qemu_tpm: handle file/block storage source
> qemu: explicit swtpm state locking
>
> docs/formatdomain.rst | 22 ++++
> src/conf/domain_conf.c | 31 ++++-
> src/conf/domain_conf.h | 12 +-
> src/conf/schemas/domaincommon.rng | 26 ++++
> src/qemu/qemu_tpm.c | 114 +++++++++++++-----
> src/security/security_selinux.c | 6 +-
> src/util/virtpm.c | 3 +
> src/util/virtpm.h | 3 +
> .../qemuxmlconfdata/tpm-emulator-tpm2-enc.xml | 1 +
> tests/qemuxmlconfdata/tpm-emulator-tpm2.xml | 1 +
> tests/testutilsqemu.c | 1 +
> 11 files changed, 187 insertions(+), 33 deletions(-)
>
> --
> 2.47.0
>
9:25 a.m.
Hi Martin
On Tue, Nov 5, 2024 at 6:42 PM Martin Kletzander <mkletzan(a)redhat.com> wrote:
On Wed, Oct 30, 2024 at 03:35:57PM +0400, Marc-André Lureau wrote:
>ping!
>
Pushed now
thanks, though you should have updated the Since v10.9.0 tag in
docs/formatdomain.rst
>On Tue, Oct 22, 2024 at 6:15 PM
<marcandre.lureau(a)redhat.com> wrote:
>>
>> From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
>>
>> Hi,
>>
>> When swtpm capabilities reports "nvram-backend-dir", it can accepts a
single
>> file or block device where TPM state will be stored.
>>
>> --tpmstate must be backend-uri=file://.
>>
>> v5:
>> - fix indentation
>> - update doc about state sharing/locking
>> - add r-b from Stefan
>>
>> v4:
>> - add "qemu: explicit swtpm state locking"
>> - add r-b from Stefan, first patch only atm
>>
>> v3:
>> - changed to <source type='file/dir' path='..'/>
>>
>> v2:
>> - add <source dir='..'/> support as well (Daniel)
>>
>> Related: https://issues.redhat.com/browse/CNV-35250
>>
>> Marc-André Lureau (6):
>> util: check swtpm nvram-backend-{dir,file} capabilities
>> tpm: rename 'storagepath' to 'source_path'
>> schema: add TPM emulator <source type='file' path='..'>
>> schema: add TPM emulator <source type='dir' path='..'>
>> qemu_tpm: handle file/block storage source
>> qemu: explicit swtpm state locking
>>
>> docs/formatdomain.rst | 22 ++++
>> src/conf/domain_conf.c | 31 ++++-
>> src/conf/domain_conf.h | 12 +-
>> src/conf/schemas/domaincommon.rng | 26 ++++
>> src/qemu/qemu_tpm.c | 114 +++++++++++++-----
>> src/security/security_selinux.c | 6 +-
>> src/util/virtpm.c | 3 +
>> src/util/virtpm.h | 3 +
>> .../qemuxmlconfdata/tpm-emulator-tpm2-enc.xml | 1 +
>> tests/qemuxmlconfdata/tpm-emulator-tpm2.xml | 1 +
>> tests/testutilsqemu.c | 1 +
>> 11 files changed, 187 insertions(+), 33 deletions(-)
>>
>> --
>> 2.47.0
>>
>
9:44 a.m.
New subject: [PATCH v5 0/6] Add TPM emulator <source type='file/dir'
path='..'/>
On a Tuesday in 2024, Marc-André Lureau wrote:
Hi Martin
On Tue, Nov 5, 2024 at 6:42 PM Martin Kletzander <mkletzan(a)redhat.com> wrote:
>
> On Wed, Oct 30, 2024 at 03:35:57PM +0400, Marc-André Lureau wrote:
> >ping!
> >
>
> Pushed now
>
thanks, though you should have updated the Since v10.9.0 tag in
docs/formatdomain.rst
Done.
Jano
16
days inactive
30
days old
10 comments
4 participants
participants (4)
-
Ján Tomko -
Marc-André Lureau -
marcandre.lureau@redhat.com
-
Martin Kletzander