12:23 p.m.
This series of patches addresses the RFE in BZ 172830:
https://bugzilla.redhat.com/show_bug.cgi?id=1728030
This series of patches adds support for vTPM state encryption by passing
the read-end of a pipe's file descriptor to 'swtpm_setup' and 'swtpm'
where they can read a passphrase from and derive a key from that passphrase.
The TPM's domain XML looks to enable state encryption looks like this:
<tpm model='tpm-tis'>
<backend type='emulator' version='1.2'>
<encryption format='vtpm'>
<secret type='passphrase'
uuid='2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd'/>
</encryption>
</backend>
<alias name='tpm0'/>
</tpm>
The vTPM secret holding the passphrase looks like this:
<secret ephemeral='no' private='yes'>
<uuid>2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd</uuid>
<description>vTPM passphrase example</description>
<usage type='vtpm'>
<name>vtpm_example</name>
</usage>
</secret>
The swtpm v0.2 (upcoming) is needed that supports the command line option
--print-capabilities returning a JSON object that identifies features added
since v0.1. One such features is the possibility to pass a passphrase via a
file descriptor.
The patches do some refactoring of existing code on the way.
Stefan
Stefan Berger (18):
secret: Add support for usage type vTPM
tests: Add test for new Secret vTPM usage type
tests: Add already existing test case tpm-emulator-tpm2
util: Add VIR_STORAGE_ENCRYPTION_FORMAT_VTPM
conf: Extend TPM XML parser with encryption support
schema: Extend the TPM XML schema with support for encryption
tests: Add test for TPM XML encryption parser and formatter
tests: Add tests for QEMU command line generation with encrypted TPM
tpm: Move virtpm.c from utils dir to own tpm dir
tpm: Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c
tpm: Refactor virTPMEmulatorInit to use loop
tpm: Check whether previously found executables were updated
tpm: Parse the capabilities supported by swtpm and swtpm_setup
tpm: Use fd to pass password to swtpm_setup and swtpm
tpm: Pass migration key passphrase via fd to swtpm
tpm: Check TPM XML device configuration changes after edit
docs: Extend Secret XML documentation with vtpm usage type
docs: Extend TPM docs with new encryption element
docs/formatdomain.html.in | 16 +
docs/formatsecret.html.in | 61 +++-
docs/schemas/domaincommon.rng | 30 ++
docs/schemas/secret.rng | 10 +
include/libvirt/libvirt-secret.h | 1 +
po/POTFILES | 2 +-
src/Makefile.am | 1 +
src/conf/Makefile.inc.am | 7 +
src/conf/domain_conf.c | 96 ++++-
src/conf/domain_conf.h | 5 +
src/conf/secret_conf.c | 13 +
src/conf/virtpm_conf.c | 36 ++
src/conf/virtpm_conf.h | 36 ++
src/libvirt_private.syms | 20 +-
src/qemu/Makefile.inc.am | 1 +
src/qemu/qemu_block.c | 1 +
src/qemu/qemu_driver.c | 28 ++
src/qemu/qemu_extdevice.c | 2 +-
src/qemu/qemu_extdevice.h | 3 +
src/qemu/qemu_tpm.c | 193 ++++++----
src/security/Makefile.inc.am | 1 +
src/tpm/Makefile.inc.am | 20 ++
src/tpm/virtpm.c | 330 ++++++++++++++++++
src/{util => tpm}/virtpm.h | 8 +
src/util/Makefile.inc.am | 2 -
src/util/virsecret.c | 2 +-
src/util/virstorageencryption.c | 2 +-
src/util/virstorageencryption.h | 1 +
src/util/virtpm.c | 74 ----
tests/Makefile.am | 1 +
.../tpm-emulator-tpm2-enc.x86_64-latest.args | 35 ++
.../tpm-emulator-tpm2-enc.xml | 34 ++
tests/qemuxml2argvtest.c | 1 +
.../tpm-emulator-tpm2-enc.xml | 38 ++
tests/qemuxml2xmltest.c | 2 +
tests/secretxml2xmlin/usage-vtpm.xml | 7 +
tests/secretxml2xmltest.c | 1 +
37 files changed, 957 insertions(+), 164 deletions(-)
create mode 100644 src/conf/virtpm_conf.c
create mode 100644 src/conf/virtpm_conf.h
create mode 100644 src/tpm/Makefile.inc.am
create mode 100644 src/tpm/virtpm.c
rename src/{util => tpm}/virtpm.h (77%)
delete mode 100644 src/util/virtpm.c
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
create mode 100644 tests/secretxml2xmlin/usage-vtpm.xml
--
2.20.1
12:23 p.m.
New subject: [libvirt] [PATCH 01/18] secret: Add support for usage type vTPM
Add support for usage type vTPM to secret.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
include/libvirt/libvirt-secret.h | 1 +
src/conf/secret_conf.c | 13 +++++++++++++
src/util/virsecret.c | 2 +-
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/include/libvirt/libvirt-secret.h b/include/libvirt/libvirt-secret.h
index 9a1065f0f3..e5aaac9450 100644
--- a/include/libvirt/libvirt-secret.h
+++ b/include/libvirt/libvirt-secret.h
@@ -43,6 +43,7 @@ typedef enum {
VIR_SECRET_USAGE_TYPE_CEPH = 2,
VIR_SECRET_USAGE_TYPE_ISCSI = 3,
VIR_SECRET_USAGE_TYPE_TLS = 4,
+ VIR_SECRET_USAGE_TYPE_VTPM = 5,
# ifdef VIR_ENUM_SENTINELS
VIR_SECRET_USAGE_TYPE_LAST
diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c
index 5b85a7c0be..b291339e77 100644
--- a/src/conf/secret_conf.c
+++ b/src/conf/secret_conf.c
@@ -110,6 +110,15 @@ virSecretDefParseUsage(xmlXPathContextPtr ctxt,
}
break;
+ case VIR_SECRET_USAGE_TYPE_VTPM:
+ def->usage_id = virXPathString("string(./usage/name)", ctxt);
+ if (!def->usage_id) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("vTPM usage specified, but name is missing"));
+ return -1;
+ }
+ break;
+
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
_("unexpected secret usage type %d"),
@@ -257,6 +266,10 @@ virSecretDefFormatUsage(virBufferPtr buf,
virBufferEscapeString(buf, "<name>%s</name>\n",
def->usage_id);
break;
+ case VIR_SECRET_USAGE_TYPE_VTPM:
+ virBufferEscapeString(buf, "<name>%s</name>\n",
def->usage_id);
+ break;
+
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
_("unexpected secret usage type %d"),
diff --git a/src/util/virsecret.c b/src/util/virsecret.c
index 854dc72b06..7844a76a56 100644
--- a/src/util/virsecret.c
+++ b/src/util/virsecret.c
@@ -34,7 +34,7 @@ VIR_LOG_INIT("util.secret");
VIR_ENUM_IMPL(virSecretUsage,
VIR_SECRET_USAGE_TYPE_LAST,
- "none", "volume", "ceph", "iscsi",
"tls",
+ "none", "volume", "ceph", "iscsi",
"tls", "vtpm",
);
void
--
2.20.1
3:22 p.m.
New subject: [libvirt] [PATCH 01/18] secret: Add support for usage type vTPM
Hi
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Add support for usage type vTPM to secret.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
include/libvirt/libvirt-secret.h | 1 +
src/conf/secret_conf.c | 13 +++++++++++++
src/util/virsecret.c | 2 +-
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/include/libvirt/libvirt-secret.h b/include/libvirt/libvirt-secret.h
index 9a1065f0f3..e5aaac9450 100644
--- a/include/libvirt/libvirt-secret.h
+++ b/include/libvirt/libvirt-secret.h
@@ -43,6 +43,7 @@ typedef enum {
VIR_SECRET_USAGE_TYPE_CEPH = 2,
VIR_SECRET_USAGE_TYPE_ISCSI = 3,
VIR_SECRET_USAGE_TYPE_TLS = 4,
+ VIR_SECRET_USAGE_TYPE_VTPM = 5,
# ifdef VIR_ENUM_SENTINELS
VIR_SECRET_USAGE_TYPE_LAST
diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c
index 5b85a7c0be..b291339e77 100644
--- a/src/conf/secret_conf.c
+++ b/src/conf/secret_conf.c
@@ -110,6 +110,15 @@ virSecretDefParseUsage(xmlXPathContextPtr ctxt,
}
break;
+ case VIR_SECRET_USAGE_TYPE_VTPM:
+ def->usage_id = virXPathString("string(./usage/name)", ctxt);
+ if (!def->usage_id) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("vTPM usage specified, but name is missing"));
+ return -1;
+ }
+ break;
+
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
_("unexpected secret usage type %d"),
@@ -257,6 +266,10 @@ virSecretDefFormatUsage(virBufferPtr buf,
virBufferEscapeString(buf, "<name>%s</name>\n",
def->usage_id);
break;
+ case VIR_SECRET_USAGE_TYPE_VTPM:
+ virBufferEscapeString(buf, "<name>%s</name>\n",
def->usage_id);
+ break;
+
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
_("unexpected secret usage type %d"),
diff --git a/src/util/virsecret.c b/src/util/virsecret.c
index 854dc72b06..7844a76a56 100644
--- a/src/util/virsecret.c
+++ b/src/util/virsecret.c
@@ -34,7 +34,7 @@ VIR_LOG_INIT("util.secret");
VIR_ENUM_IMPL(virSecretUsage,
VIR_SECRET_USAGE_TYPE_LAST,
- "none", "volume", "ceph", "iscsi",
"tls",
+ "none", "volume", "ceph", "iscsi",
"tls", "vtpm",
);
void
--
2.20.1
Looks good, but docs/schemas/secret.rng change should probably be part
of this patch.
other than that,
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
12:23 p.m.
New subject: [libvirt] [PATCH 02/18] tests: Add test for new Secret vTPM usage type
Extend the schema for the Secret to support the vTPM usage type
and add a test case for parsing the Secret with usage type vTPM.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
docs/schemas/secret.rng | 10 ++++++++++
tests/secretxml2xmlin/usage-vtpm.xml | 7 +++++++
tests/secretxml2xmltest.c | 1 +
3 files changed, 18 insertions(+)
create mode 100644 tests/secretxml2xmlin/usage-vtpm.xml
diff --git a/docs/schemas/secret.rng b/docs/schemas/secret.rng
index 1e94d66e48..e0add8a5e9 100644
--- a/docs/schemas/secret.rng
+++ b/docs/schemas/secret.rng
@@ -37,6 +37,7 @@
<ref name='usageceph'/>
<ref name='usageiscsi'/>
<ref name='usagetls'/>
+ <ref name='usagevtpm'/>
<!-- More choices later -->
</choice>
</element>
@@ -81,4 +82,13 @@
</element>
</define>
+ <define name='usagevtpm'>
+ <attribute name='type'>
+ <value>vtpm</value>
+ </attribute>
+ <element name='name'>
+ <ref name='genericName'/>
+ </element>
+ </define>
+
</grammar>
diff --git a/tests/secretxml2xmlin/usage-vtpm.xml b/tests/secretxml2xmlin/usage-vtpm.xml
new file mode 100644
index 0000000000..5baff3034d
--- /dev/null
+++ b/tests/secretxml2xmlin/usage-vtpm.xml
@@ -0,0 +1,7 @@
+<secret ephemeral='no' private='yes'>
+ <uuid>aa6c7af2-45a7-477c-85a2-fe86d9f2514e</uuid>
+ <description>vTPM secret</description>
+ <usage type='vtpm'>
+ <name>vTPMvTPMvTPM</name>
+ </usage>
+</secret>
diff --git a/tests/secretxml2xmltest.c b/tests/secretxml2xmltest.c
index fd93703424..595583346a 100644
--- a/tests/secretxml2xmltest.c
+++ b/tests/secretxml2xmltest.c
@@ -80,6 +80,7 @@ mymain(void)
DO_TEST("usage-ceph");
DO_TEST("usage-iscsi");
DO_TEST("usage-tls");
+ DO_TEST("usage-vtpm");
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
--
2.20.1
3:22 p.m.
New subject: [libvirt] [PATCH 02/18] tests: Add test for new Secret vTPM usage type
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Extend the schema for the Secret to support the vTPM usage type
and add a test case for parsing the Secret with usage type vTPM.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
docs/schemas/secret.rng | 10 ++++++++++
tests/secretxml2xmlin/usage-vtpm.xml | 7 +++++++
tests/secretxml2xmltest.c | 1 +
3 files changed, 18 insertions(+)
create mode 100644 tests/secretxml2xmlin/usage-vtpm.xml
diff --git a/docs/schemas/secret.rng b/docs/schemas/secret.rng
index 1e94d66e48..e0add8a5e9 100644
--- a/docs/schemas/secret.rng
+++ b/docs/schemas/secret.rng
@@ -37,6 +37,7 @@
<ref name='usageceph'/>
<ref name='usageiscsi'/>
<ref name='usagetls'/>
+ <ref name='usagevtpm'/>
<!-- More choices later -->
</choice>
</element>
@@ -81,4 +82,13 @@
</element>
</define>
+ <define name='usagevtpm'>
+ <attribute name='type'>
+ <value>vtpm</value>
+ </attribute>
+ <element name='name'>
+ <ref name='genericName'/>
+ </element>
+ </define>
+
</grammar>
should be in previous patch
diff --git a/tests/secretxml2xmlin/usage-vtpm.xml
b/tests/secretxml2xmlin/usage-vtpm.xml
new file mode 100644
index 0000000000..5baff3034d
--- /dev/null
+++ b/tests/secretxml2xmlin/usage-vtpm.xml
@@ -0,0 +1,7 @@
+<secret ephemeral='no' private='yes'>
+ <uuid>aa6c7af2-45a7-477c-85a2-fe86d9f2514e</uuid>
+ <description>vTPM secret</description>
+ <usage type='vtpm'>
+ <name>vTPMvTPMvTPM</name>
+ </usage>
+</secret>
diff --git a/tests/secretxml2xmltest.c b/tests/secretxml2xmltest.c
index fd93703424..595583346a 100644
--- a/tests/secretxml2xmltest.c
+++ b/tests/secretxml2xmltest.c
@@ -80,6 +80,7 @@ mymain(void)
DO_TEST("usage-ceph");
DO_TEST("usage-iscsi");
DO_TEST("usage-tls");
+ DO_TEST("usage-vtpm");
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
--
2.20.1
other than that,
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
12:23 p.m.
New subject: [libvirt] [PATCH 03/18] tests: Add already existing test case tpm-emulator-tpm2
Add an already existing test case tpm-emulator-tpm2 to qemuxml2xmltest.c
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
tests/qemuxml2xmltest.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index a64b17ac28..a29958ae29 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -653,6 +653,7 @@ mymain(void)
DO_TEST("tpm-passthrough", NONE);
DO_TEST("tpm-passthrough-crb", NONE);
DO_TEST("tpm-emulator", NONE);
+ DO_TEST("tpm-emulator-tpm2", NONE);
DO_TEST("metadata", NONE);
DO_TEST("metadata-duplicate", NONE);
--
2.20.1
3:23 p.m.
New subject: [libvirt] [PATCH 03/18] tests: Add already existing test case tpm-emulator-tpm2
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Add an already existing test case tpm-emulator-tpm2 to qemuxml2xmltest.c
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
tests/qemuxml2xmltest.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index a64b17ac28..a29958ae29 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -653,6 +653,7 @@ mymain(void)
DO_TEST("tpm-passthrough", NONE);
DO_TEST("tpm-passthrough-crb", NONE);
DO_TEST("tpm-emulator", NONE);
+ DO_TEST("tpm-emulator-tpm2", NONE);
DO_TEST("metadata", NONE);
DO_TEST("metadata-duplicate", NONE);
--
2.20.1
12:23 p.m.
New subject: [libvirt] [PATCH 04/18] util: Add VIR_STORAGE_ENCRYPTION_FORMAT_VTPM
Add VIR_STORAGE_ENCRYPTION_FORMAT_VTPM with string 'vtpm' for
support of encrypting vTPM storage.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/qemu/qemu_block.c | 1 +
src/util/virstorageencryption.c | 2 +-
src/util/virstorageencryption.h | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 0a6522577d..c3296c36f5 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1184,6 +1184,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSourcePtr src,
encformat = "luks";
break;
+ case VIR_STORAGE_ENCRYPTION_FORMAT_VTPM:
case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
default:
diff --git a/src/util/virstorageencryption.c b/src/util/virstorageencryption.c
index 49df7fddd8..4c7356d47a 100644
--- a/src/util/virstorageencryption.c
+++ b/src/util/virstorageencryption.c
@@ -44,7 +44,7 @@ VIR_ENUM_IMPL(virStorageEncryptionSecret,
VIR_ENUM_IMPL(virStorageEncryptionFormat,
VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
- "default", "qcow", "luks",
+ "default", "qcow", "luks", "vtpm",
);
static void
diff --git a/src/util/virstorageencryption.h b/src/util/virstorageencryption.h
index 3e5485d88b..29bd00056c 100644
--- a/src/util/virstorageencryption.h
+++ b/src/util/virstorageencryption.h
@@ -59,6 +59,7 @@ typedef enum {
VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT = 0,
VIR_STORAGE_ENCRYPTION_FORMAT_QCOW, /* Both qcow and qcow2 */
VIR_STORAGE_ENCRYPTION_FORMAT_LUKS,
+ VIR_STORAGE_ENCRYPTION_FORMAT_VTPM,
VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
} virStorageEncryptionFormatType;
--
2.20.1
3:23 p.m.
New subject: [libvirt] [PATCH 04/18] util: Add VIR_STORAGE_ENCRYPTION_FORMAT_VTPM
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Add VIR_STORAGE_ENCRYPTION_FORMAT_VTPM with string 'vtpm' for
support of encrypting vTPM storage.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
src/qemu/qemu_block.c | 1 +
src/util/virstorageencryption.c | 2 +-
src/util/virstorageencryption.h | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 0a6522577d..c3296c36f5 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1184,6 +1184,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSourcePtr src,
encformat = "luks";
break;
+ case VIR_STORAGE_ENCRYPTION_FORMAT_VTPM:
case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
default:
diff --git a/src/util/virstorageencryption.c b/src/util/virstorageencryption.c
index 49df7fddd8..4c7356d47a 100644
--- a/src/util/virstorageencryption.c
+++ b/src/util/virstorageencryption.c
@@ -44,7 +44,7 @@ VIR_ENUM_IMPL(virStorageEncryptionSecret,
VIR_ENUM_IMPL(virStorageEncryptionFormat,
VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
- "default", "qcow", "luks",
+ "default", "qcow", "luks",
"vtpm",
);
static void
diff --git a/src/util/virstorageencryption.h b/src/util/virstorageencryption.h
index 3e5485d88b..29bd00056c 100644
--- a/src/util/virstorageencryption.h
+++ b/src/util/virstorageencryption.h
@@ -59,6 +59,7 @@ typedef enum {
VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT = 0,
VIR_STORAGE_ENCRYPTION_FORMAT_QCOW, /* Both qcow and qcow2 */
VIR_STORAGE_ENCRYPTION_FORMAT_LUKS,
+ VIR_STORAGE_ENCRYPTION_FORMAT_VTPM,
VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
} virStorageEncryptionFormatType;
--
2.20.1
12:23 p.m.
New subject: [libvirt] [PATCH 05/18] conf: Extend TPM XML parser with encryption support
Extend the TPM device XML parser and XML generator with emulator
state encryption support.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/conf/domain_conf.c | 40 +++++++++++++++++++++++++++++++++++++++-
src/conf/domain_conf.h | 1 +
2 files changed, 40 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 3323c9a5b1..df6238c299 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -2950,6 +2950,7 @@ void virDomainTPMDefFree(virDomainTPMDefPtr def)
virDomainChrSourceDefClear(&def->data.emulator.source);
VIR_FREE(def->data.emulator.storagepath);
VIR_FREE(def->data.emulator.logfile);
+ virStorageEncryptionFree(def->data.emulator.encryption);
break;
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
@@ -13048,6 +13049,16 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPtr xmlopt,
* <tpm model='tpm-tis'>
* <backend type='emulator' version='2'/>
* </tpm>
+ *
+ * Emulator state encryption is supported with the following:
+ *
+ * <tpm model='tpm-tis'>
+ * <backend type='emulator' version='2'>
+ * <encryption format='vtpm'>
+ * <secret type='passphrase'
uuid='32ee7e76-2178-47a1-ab7b-269e6e348015'/>
+ * </encryption>
+ * </backend>
+ * </tpm>
*/
static virDomainTPMDefPtr
virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
@@ -13063,6 +13074,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
VIR_AUTOFREE(char *) backend = NULL;
VIR_AUTOFREE(char *) version = NULL;
VIR_AUTOFREE(xmlNodePtr *) backends = NULL;
+ xmlNodePtr encnode = NULL;
if (VIR_ALLOC(def) < 0)
return NULL;
@@ -13126,6 +13138,21 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
def->data.passthrough.source.type = VIR_DOMAIN_CHR_TYPE_DEV;
break;
case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+ encnode = virXPathNode("./backend/encryption", ctxt);
+ if (encnode) {
+ def->data.emulator.encryption =
+ virStorageEncryptionParseNode(encnode, ctxt);
+ if (!def->data.emulator.encryption)
+ goto error;
+ if (def->data.emulator.encryption->format !=
+ VIR_STORAGE_ENCRYPTION_FORMAT_VTPM) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Unsupported vTPM encryption type
'%s'"),
+ virStorageEncryptionFormatTypeToString(
+ def->data.emulator.encryption->format));
+ goto error;
+ }
+ }
break;
case VIR_DOMAIN_TPM_TYPE_LAST:
goto error;
@@ -25949,8 +25976,19 @@ virDomainTPMDefFormat(virBufferPtr buf,
virBufferAddLit(buf, "</backend>\n");
break;
case VIR_DOMAIN_TPM_TYPE_EMULATOR:
- virBufferAsprintf(buf, " version='%s'/>\n",
+ virBufferAsprintf(buf, " version='%s'",
virDomainTPMVersionTypeToString(def->version));
+ if (def->data.emulator.encryption) {
+ virBufferAddLit(buf, ">\n");
+ virBufferAdjustIndent(buf, 2);
+ if (virStorageEncryptionFormat(buf,
+ def->data.emulator.encryption) < 0)
+ return -1;
+ virBufferAdjustIndent(buf, -2);
+ virBufferAddLit(buf, "</backend>\n");
+ } else {
+ virBufferAddLit(buf, "/>\n");
+ }
break;
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index c1b5fc1337..a03986623a 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1270,6 +1270,7 @@ struct _virDomainTPMDef {
virDomainChrSourceDef source;
char *storagepath;
char *logfile;
+ virStorageEncryptionPtr encryption;
} emulator;
} data;
};
--
2.20.1
3:23 p.m.
New subject: [libvirt] [PATCH 05/18] conf: Extend TPM XML parser with encryption support
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Extend the TPM device XML parser and XML generator with emulator
state encryption support.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
src/conf/domain_conf.c | 40 +++++++++++++++++++++++++++++++++++++++-
src/conf/domain_conf.h | 1 +
2 files changed, 40 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 3323c9a5b1..df6238c299 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -2950,6 +2950,7 @@ void virDomainTPMDefFree(virDomainTPMDefPtr def)
virDomainChrSourceDefClear(&def->data.emulator.source);
VIR_FREE(def->data.emulator.storagepath);
VIR_FREE(def->data.emulator.logfile);
+ virStorageEncryptionFree(def->data.emulator.encryption);
break;
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
@@ -13048,6 +13049,16 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPtr xmlopt,
* <tpm model='tpm-tis'>
* <backend type='emulator' version='2'/>
* </tpm>
+ *
+ * Emulator state encryption is supported with the following:
+ *
+ * <tpm model='tpm-tis'>
+ * <backend type='emulator' version='2'>
+ * <encryption format='vtpm'>
+ * <secret type='passphrase'
uuid='32ee7e76-2178-47a1-ab7b-269e6e348015'/>
+ * </encryption>
+ * </backend>
+ * </tpm>
*/
static virDomainTPMDefPtr
virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
@@ -13063,6 +13074,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
VIR_AUTOFREE(char *) backend = NULL;
VIR_AUTOFREE(char *) version = NULL;
VIR_AUTOFREE(xmlNodePtr *) backends = NULL;
+ xmlNodePtr encnode = NULL;
if (VIR_ALLOC(def) < 0)
return NULL;
@@ -13126,6 +13138,21 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
def->data.passthrough.source.type = VIR_DOMAIN_CHR_TYPE_DEV;
break;
case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+ encnode = virXPathNode("./backend/encryption", ctxt);
+ if (encnode) {
+ def->data.emulator.encryption =
+ virStorageEncryptionParseNode(encnode, ctxt);
+ if (!def->data.emulator.encryption)
+ goto error;
+ if (def->data.emulator.encryption->format !=
+ VIR_STORAGE_ENCRYPTION_FORMAT_VTPM) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Unsupported vTPM encryption type
'%s'"),
+ virStorageEncryptionFormatTypeToString(
+ def->data.emulator.encryption->format));
+ goto error;
+ }
+ }
break;
case VIR_DOMAIN_TPM_TYPE_LAST:
goto error;
@@ -25949,8 +25976,19 @@ virDomainTPMDefFormat(virBufferPtr buf,
virBufferAddLit(buf, "</backend>\n");
break;
case VIR_DOMAIN_TPM_TYPE_EMULATOR:
- virBufferAsprintf(buf, " version='%s'/>\n",
+ virBufferAsprintf(buf, " version='%s'",
virDomainTPMVersionTypeToString(def->version));
+ if (def->data.emulator.encryption) {
+ virBufferAddLit(buf, ">\n");
+ virBufferAdjustIndent(buf, 2);
+ if (virStorageEncryptionFormat(buf,
+ def->data.emulator.encryption) < 0)
+ return -1;
+ virBufferAdjustIndent(buf, -2);
+ virBufferAddLit(buf, "</backend>\n");
+ } else {
+ virBufferAddLit(buf, "/>\n");
+ }
break;
case VIR_DOMAIN_TPM_TYPE_LAST:
break;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index c1b5fc1337..a03986623a 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1270,6 +1270,7 @@ struct _virDomainTPMDef {
virDomainChrSourceDef source;
char *storagepath;
char *logfile;
+ virStorageEncryptionPtr encryption;
} emulator;
} data;
};
--
2.20.1
12:23 p.m.
New subject: [libvirt] [PATCH 06/18] schema: Extend the TPM XML schema with support for encryption
Extend the TPM XML schema with support for an encryption node.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
docs/schemas/domaincommon.rng | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 31db599ab9..4a4f4f8a4d 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -4316,6 +4316,7 @@
<attribute name="type">
<value>emulator</value>
</attribute>
+ <ref name="tpm-backend-emulator-encryption"/>
</group>
</choice>
<choice>
@@ -4345,6 +4346,35 @@
</optional>
</define>
+ <define name="tpm-backend-emulator-encryption">
+ <optional>
+ <element name="encryption">
+ <attribute name="format">
+ <value>vtpm</value>
+ </attribute>
+ <ref name="vtpmAuthSecret"/>
+ </element>
+ </optional>
+ </define>
+
+ <define name='vtpmAuthSecret'>
+ <element name='secret'>
+ <attribute name='type'>
+ <choice>
+ <value>passphrase</value>
+ </choice>
+ </attribute>
+ <choice>
+ <attribute name='uuid'>
+ <ref name="UUID"/>
+ </attribute>
+ <attribute name='usage'>
+ <text/>
+ </attribute>
+ </choice>
+ </element>
+ </define>
+
<define name="vsock">
<element name="vsock">
<optional>
--
2.20.1
3:23 p.m.
New subject: [libvirt] [PATCH 06/18] schema: Extend the TPM XML schema with support for encryption
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Extend the TPM XML schema with support for an encryption node.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
docs/schemas/domaincommon.rng | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 31db599ab9..4a4f4f8a4d 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -4316,6 +4316,7 @@
<attribute name="type">
<value>emulator</value>
</attribute>
+ <ref name="tpm-backend-emulator-encryption"/>
</group>
</choice>
<choice>
@@ -4345,6 +4346,35 @@
</optional>
</define>
+ <define name="tpm-backend-emulator-encryption">
+ <optional>
+ <element name="encryption">
+ <attribute name="format">
+ <value>vtpm</value>
+ </attribute>
+ <ref name="vtpmAuthSecret"/>
+ </element>
+ </optional>
+ </define>
+
+ <define name='vtpmAuthSecret'>
+ <element name='secret'>
+ <attribute name='type'>
+ <choice>
+ <value>passphrase</value>
+ </choice>
+ </attribute>
+ <choice>
+ <attribute name='uuid'>
+ <ref name="UUID"/>
+ </attribute>
+ <attribute name='usage'>
+ <text/>
+ </attribute>
+ </choice>
+ </element>
+ </define>
+
<define name="vsock">
<element name="vsock">
<optional>
--
2.20.1
12:23 p.m.
New subject: [libvirt] [PATCH 07/18] tests: Add test for TPM XML encryption parser and formatter
Add a test case for the TPM XML encryption parser and formatter.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
.../tpm-emulator-tpm2-enc.xml | 34 +++++++++++++++++
.../tpm-emulator-tpm2-enc.xml | 38 +++++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
3 files changed, 73 insertions(+)
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
diff --git a/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
b/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
new file mode 100644
index 0000000000..3838518e65
--- /dev/null
+++ b/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
@@ -0,0 +1,34 @@
+<domain type='qemu'>
+ <name>TPM-VM</name>
+ <uuid>11d7cd22-da89-3094-6212-079a48a309a1</uuid>
+ <memory unit='KiB'>2097152</memory>
+ <currentMemory unit='KiB'>512288</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc-i440fx-2.12'>hvm</type>
+ <boot dev='hd'/>
+ <bootmenu enable='yes'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <tpm model='tpm-tis'>
+ <backend type='emulator' version='2.0'>
+ <encryption format='vtpm'>
+ <secret type='passphrase'
uuid='32ee7e76-2178-47a1-ab7b-269e6e348015'/>
+ </encryption>
+ </backend>
+ </tpm>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
b/tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
new file mode 100644
index 0000000000..7083fc9c13
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
@@ -0,0 +1,38 @@
+<domain type='qemu'>
+ <name>TPM-VM</name>
+ <uuid>11d7cd22-da89-3094-6212-079a48a309a1</uuid>
+ <memory unit='KiB'>2097152</memory>
+ <currentMemory unit='KiB'>512288</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc-i440fx-2.12'>hvm</type>
+ <boot dev='hd'/>
+ <bootmenu enable='yes'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <tpm model='tpm-tis'>
+ <backend type='emulator' version='2.0'>
+ <encryption format='vtpm'>
+ <secret type='passphrase'
uuid='32ee7e76-2178-47a1-ab7b-269e6e348015'/>
+ </encryption>
+ </backend>
+ </tpm>
+ <memballoon model='virtio'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/>
+ </memballoon>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index a29958ae29..f6cd56cc8f 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -654,6 +654,7 @@ mymain(void)
DO_TEST("tpm-passthrough-crb", NONE);
DO_TEST("tpm-emulator", NONE);
DO_TEST("tpm-emulator-tpm2", NONE);
+ DO_TEST("tpm-emulator-tpm2-enc", NONE);
DO_TEST("metadata", NONE);
DO_TEST("metadata-duplicate", NONE);
--
2.20.1
3:23 p.m.
New subject: [libvirt] [PATCH 07/18] tests: Add test for TPM XML encryption parser and formatter
On Tue, Jul 9, 2019 at 9:25 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Add a test case for the TPM XML encryption parser and formatter.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
.../tpm-emulator-tpm2-enc.xml | 34 +++++++++++++++++
.../tpm-emulator-tpm2-enc.xml | 38 +++++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
3 files changed, 73 insertions(+)
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
diff --git a/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
b/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
new file mode 100644
index 0000000000..3838518e65
--- /dev/null
+++ b/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
@@ -0,0 +1,34 @@
+<domain type='qemu'>
+ <name>TPM-VM</name>
+ <uuid>11d7cd22-da89-3094-6212-079a48a309a1</uuid>
+ <memory unit='KiB'>2097152</memory>
+ <currentMemory unit='KiB'>512288</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc-i440fx-2.12'>hvm</type>
+ <boot dev='hd'/>
+ <bootmenu enable='yes'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <tpm model='tpm-tis'>
+ <backend type='emulator' version='2.0'>
+ <encryption format='vtpm'>
+ <secret type='passphrase'
uuid='32ee7e76-2178-47a1-ab7b-269e6e348015'/>
+ </encryption>
+ </backend>
+ </tpm>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
b/tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
new file mode 100644
index 0000000000..7083fc9c13
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
@@ -0,0 +1,38 @@
+<domain type='qemu'>
+ <name>TPM-VM</name>
+ <uuid>11d7cd22-da89-3094-6212-079a48a309a1</uuid>
+ <memory unit='KiB'>2097152</memory>
+ <currentMemory unit='KiB'>512288</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc-i440fx-2.12'>hvm</type>
+ <boot dev='hd'/>
+ <bootmenu enable='yes'/>
+ </os>
+ <features>
+ <acpi/>
+ </features>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <tpm model='tpm-tis'>
+ <backend type='emulator' version='2.0'>
+ <encryption format='vtpm'>
+ <secret type='passphrase'
uuid='32ee7e76-2178-47a1-ab7b-269e6e348015'/>
+ </encryption>
+ </backend>
+ </tpm>
+ <memballoon model='virtio'>
+ <address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/>
+ </memballoon>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index a29958ae29..f6cd56cc8f 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -654,6 +654,7 @@ mymain(void)
DO_TEST("tpm-passthrough-crb", NONE);
DO_TEST("tpm-emulator", NONE);
DO_TEST("tpm-emulator-tpm2", NONE);
+ DO_TEST("tpm-emulator-tpm2-enc", NONE);
DO_TEST("metadata", NONE);
DO_TEST("metadata-duplicate", NONE);
--
2.20.1
12:23 p.m.
New subject: [libvirt] [PATCH 08/18] tests: Add tests for QEMU command line generation with encrypted TPM
The QEMU command line does not change when TPM state is encrypted
compared to when it is plain.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
.../tpm-emulator-tpm2-enc.x86_64-latest.args | 35 +++++++++++++++++++
tests/qemuxml2argvtest.c | 1 +
2 files changed, 36 insertions(+)
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
diff --git a/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
b/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
new file mode 100644
index 0000000000..3c8dc8e483
--- /dev/null
+++ b/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
@@ -0,0 +1,35 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-TPM-VM \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-TPM-VM/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-TPM-VM/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-TPM-VM/.config \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-x86_64 \
+-name guest=TPM-VM,debug-threads=on \
+-S \
+-object secret,id=masterKey0,format=raw,\
+file=/tmp/lib/domain--1-TPM-VM/master-key.aes \
+-machine pc-i440fx-2.12,accel=tcg,usb=off,dump-guest-core=off \
+-m 2048 \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 11d7cd22-da89-3094-6212-079a48a309a1 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot menu=on,strict=on \
+-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
+-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \
+-chardev socket,id=chrtpm,path=/dev/test \
+-device tpm-tis,tpmdev=tpm-tpm0,id=tpm0 \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
+resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 91ca35d469..9c02cac8fc 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -2082,6 +2082,7 @@ mymain(void)
QEMU_CAPS_DEVICE_TPM_PASSTHROUGH, QEMU_CAPS_DEVICE_TPM_TIS);
DO_TEST_CAPS_LATEST("tpm-emulator");
DO_TEST_CAPS_LATEST("tpm-emulator-tpm2");
+ DO_TEST_CAPS_LATEST("tpm-emulator-tpm2-enc");
DO_TEST_PARSE_ERROR("pci-domain-invalid", NONE);
DO_TEST_PARSE_ERROR("pci-bus-invalid", NONE);
--
2.20.1
3:23 p.m.
New subject: [libvirt] [PATCH 08/18] tests: Add tests for QEMU command line generation with encrypted TPM
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
The QEMU command line does not change when TPM state is encrypted
compared to when it is plain.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
.../tpm-emulator-tpm2-enc.x86_64-latest.args | 35 +++++++++++++++++++
tests/qemuxml2argvtest.c | 1 +
2 files changed, 36 insertions(+)
create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
diff --git a/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
b/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
new file mode 100644
index 0000000000..3c8dc8e483
--- /dev/null
+++ b/tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
@@ -0,0 +1,35 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-TPM-VM \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-TPM-VM/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-TPM-VM/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-TPM-VM/.config \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-x86_64 \
+-name guest=TPM-VM,debug-threads=on \
+-S \
+-object secret,id=masterKey0,format=raw,\
+file=/tmp/lib/domain--1-TPM-VM/master-key.aes \
+-machine pc-i440fx-2.12,accel=tcg,usb=off,dump-guest-core=off \
+-m 2048 \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 11d7cd22-da89-3094-6212-079a48a309a1 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot menu=on,strict=on \
+-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
+-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \
+-chardev socket,id=chrtpm,path=/dev/test \
+-device tpm-tis,tpmdev=tpm-tpm0,id=tpm0 \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
+resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 91ca35d469..9c02cac8fc 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -2082,6 +2082,7 @@ mymain(void)
QEMU_CAPS_DEVICE_TPM_PASSTHROUGH, QEMU_CAPS_DEVICE_TPM_TIS);
DO_TEST_CAPS_LATEST("tpm-emulator");
DO_TEST_CAPS_LATEST("tpm-emulator-tpm2");
+ DO_TEST_CAPS_LATEST("tpm-emulator-tpm2-enc");
DO_TEST_PARSE_ERROR("pci-domain-invalid", NONE);
DO_TEST_PARSE_ERROR("pci-bus-invalid", NONE);
--
2.20.1
12:23 p.m.
New subject: [libvirt] [PATCH 09/18] tpm: Move virtpm.c from utils dir to own tpm dir
Move virtpm.c from utils dir to its own tpm dir. This change
is mostly driven by the later introduction of virtpm_conf.c where
the define function like XYZTypeFromString() that we cannot
include from utils dir.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
po/POTFILES | 2 +-
src/Makefile.am | 1 +
src/conf/Makefile.inc.am | 1 +
src/libvirt_private.syms | 8 ++++----
src/qemu/Makefile.inc.am | 1 +
src/security/Makefile.inc.am | 1 +
src/tpm/Makefile.inc.am | 17 +++++++++++++++++
src/{util => tpm}/virtpm.c | 0
src/{util => tpm}/virtpm.h | 0
src/util/Makefile.inc.am | 2 --
tests/Makefile.am | 1 +
11 files changed, 27 insertions(+), 7 deletions(-)
create mode 100644 src/tpm/Makefile.inc.am
rename src/{util => tpm}/virtpm.c (100%)
rename src/{util => tpm}/virtpm.h (100%)
diff --git a/po/POTFILES b/po/POTFILES
index 8017712ff4..e3c1a8edae 100644
--- a/po/POTFILES
+++ b/po/POTFILES
@@ -188,6 +188,7 @@ src/storage/storage_backend_zfs.c
src/storage/storage_driver.c
src/storage/storage_util.c
src/test/test_driver.c
+src/tpm/virtpm.c
src/util/iohelper.c
src/util/viralloc.c
src/util/virarptable.c
@@ -266,7 +267,6 @@ src/util/virsysinfo.c
src/util/virthreadjob.c
src/util/virthreadpool.c
src/util/virtime.c
-src/util/virtpm.c
src/util/virtypedparam.c
src/util/viruri.c
src/util/virusb.c
diff --git a/src/Makefile.am b/src/Makefile.am
index 0b562dc250..5f7c9001fe 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -122,6 +122,7 @@ include node_device/Makefile.inc.am
include secret/Makefile.inc.am
include storage/Makefile.inc.am
include remote/Makefile.inc.am
+include tpm/Makefile.inc.am
THREAD_LIBS = $(LIB_PTHREAD) $(LTLIBMULTITHREAD)
diff --git a/src/conf/Makefile.inc.am b/src/conf/Makefile.inc.am
index 6b52ba674b..08c7c9da7f 100644
--- a/src/conf/Makefile.inc.am
+++ b/src/conf/Makefile.inc.am
@@ -178,6 +178,7 @@ libvirt_la_BUILT_LIBADD += libvirt_conf.la
libvirt_conf_la_SOURCES = $(CONF_SOURCES)
libvirt_conf_la_CFLAGS = \
-I$(srcdir)/conf \
+ -I$(srcdir)/tpm \
$(AM_CFLAGS) \
$(NULL)
libvirt_conf_la_LDFLAGS = $(AM_LDFLAGS)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 34937adc5d..e29007cab1 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1445,6 +1445,10 @@ virSecurityManagerTransactionStart;
virSecurityManagerVerify;
+# tpm/virtpm.h
+virTPMCreateCancelPath;
+
+
# util/viralloc.h
virAlloc;
virAllocN;
@@ -3175,10 +3179,6 @@ virTimeStringThen;
virTimeStringThenRaw;
-# util/virtpm.h
-virTPMCreateCancelPath;
-
-
# util/virtypedparam.h
virTypedParameterAssign;
virTypedParameterAssignFromStr;
diff --git a/src/qemu/Makefile.inc.am b/src/qemu/Makefile.inc.am
index 254ba07dc0..72b28e731d 100644
--- a/src/qemu/Makefile.inc.am
+++ b/src/qemu/Makefile.inc.am
@@ -84,6 +84,7 @@ libvirt_driver_qemu_impl_la_CFLAGS = \
-I$(srcdir)/access \
-I$(srcdir)/conf \
-I$(srcdir)/secret \
+ -I$(srcdir)/tpm \
$(AM_CFLAGS) \
$(NULL)
libvirt_driver_qemu_impl_la_LDFLAGS = $(AM_LDFLAGS)
diff --git a/src/security/Makefile.inc.am b/src/security/Makefile.inc.am
index 64e0f46857..3e110596dc 100644
--- a/src/security/Makefile.inc.am
+++ b/src/security/Makefile.inc.am
@@ -47,6 +47,7 @@ noinst_LTLIBRARIES += libvirt_security_manager.la
libvirt_la_BUILT_LIBADD += libvirt_security_manager.la
libvirt_security_manager_la_CFLAGS = \
-I$(srcdir)/conf \
+ -I$(srcdir)/tpm \
$(AM_CFLAGS) \
$(NULL)
libvirt_security_manager_la_LDFLAGS = $(AM_LDFLAGS)
diff --git a/src/tpm/Makefile.inc.am b/src/tpm/Makefile.inc.am
new file mode 100644
index 0000000000..1f5131bf34
--- /dev/null
+++ b/src/tpm/Makefile.inc.am
@@ -0,0 +1,17 @@
+# vim: filetype=automake
+
+TPM_UTIL_SOURCES = \
+ tpm/virtpm.h \
+ tpm/virtpm.c \
+ $(NULL)
+
+
+EXTRA_DIST += \
+ $(TPM_UTIL_SOURCES) \
+ $(NULL)
+
+noinst_LTLIBRARIES += libvirt_tpm.la
+libvirt_la_BUILT_LIBADD += libvirt_tpm.la
+libvirt_tpm_la_CFLAGS = $(AM_CFLAGS)
+libvirt_tpm_la_LDFLAGS = $(AM_LDFLAGS)
+libvirt_tpm_la_SOURCES = $(TPM_UTIL_SOURCES)
diff --git a/src/util/virtpm.c b/src/tpm/virtpm.c
similarity index 100%
rename from src/util/virtpm.c
rename to src/tpm/virtpm.c
diff --git a/src/util/virtpm.h b/src/tpm/virtpm.h
similarity index 100%
rename from src/util/virtpm.h
rename to src/tpm/virtpm.h
diff --git a/src/util/Makefile.inc.am b/src/util/Makefile.inc.am
index c757f5a6ae..8b2ff6be6b 100644
--- a/src/util/Makefile.inc.am
+++ b/src/util/Makefile.inc.am
@@ -205,8 +205,6 @@ UTIL_SOURCES = \
util/virthreadpool.h \
util/virtime.c \
util/virtime.h \
- util/virtpm.c \
- util/virtpm.h \
util/virtypedparam.c \
util/virtypedparam.h \
util/virusb.c \
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 115afa1c1a..ffc9f7f92e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -25,6 +25,7 @@ AM_CPPFLAGS = \
-I$(top_builddir)/src -I$(top_srcdir)/src \
-I$(top_srcdir)/src/util \
-I$(top_srcdir)/src/conf \
+ -I$(top_srcdir)/src/tpm \
$(NULL)
WARN_CFLAGS += $(RELAXED_FRAME_LIMIT_CFLAGS)
--
2.20.1
3:23 p.m.
New subject: [libvirt] [PATCH 09/18] tpm: Move virtpm.c from utils dir to own tpm dir
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Move virtpm.c from utils dir to its own tpm dir. This change
is mostly driven by the later introduction of virtpm_conf.c where
the define function like XYZTypeFromString() that we cannot
include from utils dir.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
po/POTFILES | 2 +-
src/Makefile.am | 1 +
src/conf/Makefile.inc.am | 1 +
src/libvirt_private.syms | 8 ++++----
src/qemu/Makefile.inc.am | 1 +
src/security/Makefile.inc.am | 1 +
src/tpm/Makefile.inc.am | 17 +++++++++++++++++
src/{util => tpm}/virtpm.c | 0
src/{util => tpm}/virtpm.h | 0
src/util/Makefile.inc.am | 2 --
tests/Makefile.am | 1 +
11 files changed, 27 insertions(+), 7 deletions(-)
create mode 100644 src/tpm/Makefile.inc.am
rename src/{util => tpm}/virtpm.c (100%)
rename src/{util => tpm}/virtpm.h (100%)
diff --git a/po/POTFILES b/po/POTFILES
index 8017712ff4..e3c1a8edae 100644
--- a/po/POTFILES
+++ b/po/POTFILES
@@ -188,6 +188,7 @@ src/storage/storage_backend_zfs.c
src/storage/storage_driver.c
src/storage/storage_util.c
src/test/test_driver.c
+src/tpm/virtpm.c
src/util/iohelper.c
src/util/viralloc.c
src/util/virarptable.c
@@ -266,7 +267,6 @@ src/util/virsysinfo.c
src/util/virthreadjob.c
src/util/virthreadpool.c
src/util/virtime.c
-src/util/virtpm.c
src/util/virtypedparam.c
src/util/viruri.c
src/util/virusb.c
diff --git a/src/Makefile.am b/src/Makefile.am
index 0b562dc250..5f7c9001fe 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -122,6 +122,7 @@ include node_device/Makefile.inc.am
include secret/Makefile.inc.am
include storage/Makefile.inc.am
include remote/Makefile.inc.am
+include tpm/Makefile.inc.am
THREAD_LIBS = $(LIB_PTHREAD) $(LTLIBMULTITHREAD)
diff --git a/src/conf/Makefile.inc.am b/src/conf/Makefile.inc.am
index 6b52ba674b..08c7c9da7f 100644
--- a/src/conf/Makefile.inc.am
+++ b/src/conf/Makefile.inc.am
@@ -178,6 +178,7 @@ libvirt_la_BUILT_LIBADD += libvirt_conf.la
libvirt_conf_la_SOURCES = $(CONF_SOURCES)
libvirt_conf_la_CFLAGS = \
-I$(srcdir)/conf \
+ -I$(srcdir)/tpm \
$(AM_CFLAGS) \
$(NULL)
libvirt_conf_la_LDFLAGS = $(AM_LDFLAGS)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 34937adc5d..e29007cab1 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1445,6 +1445,10 @@ virSecurityManagerTransactionStart;
virSecurityManagerVerify;
+# tpm/virtpm.h
+virTPMCreateCancelPath;
+
+
# util/viralloc.h
virAlloc;
virAllocN;
@@ -3175,10 +3179,6 @@ virTimeStringThen;
virTimeStringThenRaw;
-# util/virtpm.h
-virTPMCreateCancelPath;
-
-
# util/virtypedparam.h
virTypedParameterAssign;
virTypedParameterAssignFromStr;
diff --git a/src/qemu/Makefile.inc.am b/src/qemu/Makefile.inc.am
index 254ba07dc0..72b28e731d 100644
--- a/src/qemu/Makefile.inc.am
+++ b/src/qemu/Makefile.inc.am
@@ -84,6 +84,7 @@ libvirt_driver_qemu_impl_la_CFLAGS = \
-I$(srcdir)/access \
-I$(srcdir)/conf \
-I$(srcdir)/secret \
+ -I$(srcdir)/tpm \
$(AM_CFLAGS) \
$(NULL)
libvirt_driver_qemu_impl_la_LDFLAGS = $(AM_LDFLAGS)
diff --git a/src/security/Makefile.inc.am b/src/security/Makefile.inc.am
index 64e0f46857..3e110596dc 100644
--- a/src/security/Makefile.inc.am
+++ b/src/security/Makefile.inc.am
@@ -47,6 +47,7 @@ noinst_LTLIBRARIES += libvirt_security_manager.la
libvirt_la_BUILT_LIBADD += libvirt_security_manager.la
libvirt_security_manager_la_CFLAGS = \
-I$(srcdir)/conf \
+ -I$(srcdir)/tpm \
$(AM_CFLAGS) \
$(NULL)
libvirt_security_manager_la_LDFLAGS = $(AM_LDFLAGS)
diff --git a/src/tpm/Makefile.inc.am b/src/tpm/Makefile.inc.am
new file mode 100644
index 0000000000..1f5131bf34
--- /dev/null
+++ b/src/tpm/Makefile.inc.am
@@ -0,0 +1,17 @@
+# vim: filetype=automake
+
+TPM_UTIL_SOURCES = \
+ tpm/virtpm.h \
+ tpm/virtpm.c \
+ $(NULL)
+
+
+EXTRA_DIST += \
+ $(TPM_UTIL_SOURCES) \
+ $(NULL)
+
+noinst_LTLIBRARIES += libvirt_tpm.la
+libvirt_la_BUILT_LIBADD += libvirt_tpm.la
+libvirt_tpm_la_CFLAGS = $(AM_CFLAGS)
+libvirt_tpm_la_LDFLAGS = $(AM_LDFLAGS)
+libvirt_tpm_la_SOURCES = $(TPM_UTIL_SOURCES)
diff --git a/src/util/virtpm.c b/src/tpm/virtpm.c
similarity index 100%
rename from src/util/virtpm.c
rename to src/tpm/virtpm.c
diff --git a/src/util/virtpm.h b/src/tpm/virtpm.h
similarity index 100%
rename from src/util/virtpm.h
rename to src/tpm/virtpm.h
diff --git a/src/util/Makefile.inc.am b/src/util/Makefile.inc.am
index c757f5a6ae..8b2ff6be6b 100644
--- a/src/util/Makefile.inc.am
+++ b/src/util/Makefile.inc.am
@@ -205,8 +205,6 @@ UTIL_SOURCES = \
util/virthreadpool.h \
util/virtime.c \
util/virtime.h \
- util/virtpm.c \
- util/virtpm.h \
util/virtypedparam.c \
util/virtypedparam.h \
util/virusb.c \
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 115afa1c1a..ffc9f7f92e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -25,6 +25,7 @@ AM_CPPFLAGS = \
-I$(top_builddir)/src -I$(top_srcdir)/src \
-I$(top_srcdir)/src/util \
-I$(top_srcdir)/src/conf \
+ -I$(top_srcdir)/src/tpm \
$(NULL)
WARN_CFLAGS += $(RELAXED_FRAME_LIMIT_CFLAGS)
--
2.20.1
12:23 p.m.
New subject: [libvirt] [PATCH 10/18] tpm: Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c
Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c and introduce
a few functions to query the executables needed for virCommands.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/libvirt_private.syms | 4 ++
src/qemu/qemu_tpm.c | 83 ++++--------------------------------
src/tpm/virtpm.c | 91 ++++++++++++++++++++++++++++++++++++++++
src/tpm/virtpm.h | 5 +++
4 files changed, 108 insertions(+), 75 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index e29007cab1..e33d7d9f14 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1447,6 +1447,10 @@ virSecurityManagerVerify;
# tpm/virtpm.h
virTPMCreateCancelPath;
+virTPMEmulatorInit;
+virTPMGetSwtpm;
+virTPMGetSwtpmIoctl;
+virTPMGetSwtpmSetup;
# util/viralloc.h
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index cc8c69433b..61b4f72320 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -41,79 +41,12 @@
#include "configmake.h"
#include "dirname.h"
#include "qemu_tpm.h"
+#include "virtpm.h"
#define VIR_FROM_THIS VIR_FROM_NONE
VIR_LOG_INIT("qemu.tpm");
-/*
- * executables for the swtpm; to be found on the host
- */
-static char *swtpm_path;
-static char *swtpm_setup;
-static char *swtpm_ioctl;
-
-/*
- * qemuTPMEmulatorInit
- *
- * Initialize the Emulator functions by searching for necessary
- * executables that we will use to start and setup the swtpm
- */
-static int
-qemuTPMEmulatorInit(void)
-{
- if (!swtpm_path) {
- swtpm_path = virFindFileInPath("swtpm");
- if (!swtpm_path) {
- virReportSystemError(ENOENT, "%s",
- _("Unable to find 'swtpm' binary in
$PATH"));
- return -1;
- }
- if (!virFileIsExecutable(swtpm_path)) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("TPM emulator %s is not an executable"),
- swtpm_path);
- VIR_FREE(swtpm_path);
- return -1;
- }
- }
-
- if (!swtpm_setup) {
- swtpm_setup = virFindFileInPath("swtpm_setup");
- if (!swtpm_setup) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Could not find 'swtpm_setup' in PATH"));
- return -1;
- }
- if (!virFileIsExecutable(swtpm_setup)) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("'%s' is not an executable"),
- swtpm_setup);
- VIR_FREE(swtpm_setup);
- return -1;
- }
- }
-
- if (!swtpm_ioctl) {
- swtpm_ioctl = virFindFileInPath("swtpm_ioctl");
- if (!swtpm_ioctl) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Could not find swtpm_ioctl in PATH"));
- return -1;
- }
- if (!virFileIsExecutable(swtpm_ioctl)) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("swtpm_ioctl program %s is not an executable"),
- swtpm_ioctl);
- VIR_FREE(swtpm_ioctl);
- return -1;
- }
- }
-
- return 0;
-}
-
-
/*
* qemuTPMCreateEmulatorStoragePath
*
@@ -350,7 +283,7 @@ qemuTPMEmulatorGetPid(const char *swtpmStateDir,
if (!pidfile)
return -ENOMEM;
- ret = virPidFileReadPathIfAlive(pidfile, pid, swtpm_path);
+ ret = virPidFileReadPathIfAlive(pidfile, pid, virTPMGetSwtpm());
VIR_FREE(pidfile);
@@ -386,7 +319,7 @@ qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
{
int ret = -1;
- if (qemuTPMEmulatorInit() < 0)
+ if (virTPMEmulatorInit() < 0)
return -1;
/* create log dir ... allow 'tss' user to cd into it */
@@ -478,7 +411,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
"this requires privileged mode for a "
"TPM 1.2\n"), 0600);
- cmd = virCommandNew(swtpm_setup);
+ cmd = virCommandNew(virTPMGetSwtpmSetup());
if (!cmd)
goto cleanup;
@@ -518,7 +451,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Could not run '%s'. exitstatus: %d; "
"Check error log '%s' for details."),
- swtpm_setup, exitstatus, logfile);
+ virTPMGetSwtpmSetup(), exitstatus, logfile);
goto cleanup;
}
@@ -575,7 +508,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
unlink(tpm->data.emulator.source.data.nix.path);
- cmd = virCommandNew(swtpm_path);
+ cmd = virCommandNew(virTPMGetSwtpm());
if (!cmd)
goto error;
@@ -640,7 +573,7 @@ qemuTPMEmulatorStop(const char *swtpmStateDir,
char *pathname;
char *errbuf = NULL;
- if (qemuTPMEmulatorInit() < 0)
+ if (virTPMEmulatorInit() < 0)
return;
if (!(pathname = qemuTPMCreateEmulatorSocket(swtpmStateDir, shortName)))
@@ -649,7 +582,7 @@ qemuTPMEmulatorStop(const char *swtpmStateDir,
if (!virFileExists(pathname))
goto cleanup;
- cmd = virCommandNew(swtpm_ioctl);
+ cmd = virCommandNew(virTPMGetSwtpmIoctl());
if (!cmd)
goto cleanup;
diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c
index 583b9a64a4..4635d8add0 100644
--- a/src/tpm/virtpm.c
+++ b/src/tpm/virtpm.c
@@ -72,3 +72,94 @@ virTPMCreateCancelPath(const char *devpath)
cleanup:
return path;
}
+
+/*
+ * executables for the swtpm; to be found on the host
+ */
+static char *swtpm_path;
+static char *swtpm_setup;
+static char *swtpm_ioctl;
+
+const char *
+virTPMGetSwtpm(void)
+{
+ if (!swtpm_path)
+ virTPMEmulatorInit();
+ return swtpm_path;
+}
+
+const char *
+virTPMGetSwtpmSetup(void)
+{
+ if (!swtpm_setup)
+ virTPMEmulatorInit();
+ return swtpm_setup;
+}
+
+const char *
+virTPMGetSwtpmIoctl(void)
+{
+ if (!swtpm_ioctl)
+ virTPMEmulatorInit();
+ return swtpm_ioctl;
+}
+
+/*
+ * virTPMEmulatorInit
+ *
+ * Initialize the Emulator functions by searching for necessary
+ * executables that we will use to start and setup the swtpm
+ */
+int
+virTPMEmulatorInit(void)
+{
+ if (!swtpm_path) {
+ swtpm_path = virFindFileInPath("swtpm");
+ if (!swtpm_path) {
+ virReportSystemError(ENOENT, "%s",
+ _("Unable to find 'swtpm' binary in
$PATH"));
+ return -1;
+ }
+ if (!virFileIsExecutable(swtpm_path)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("TPM emulator %s is not an executable"),
+ swtpm_path);
+ VIR_FREE(swtpm_path);
+ return -1;
+ }
+ }
+
+ if (!swtpm_setup) {
+ swtpm_setup = virFindFileInPath("swtpm_setup");
+ if (!swtpm_setup) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Could not find 'swtpm_setup' in PATH"));
+ return -1;
+ }
+ if (!virFileIsExecutable(swtpm_setup)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("'%s' is not an executable"),
+ swtpm_setup);
+ VIR_FREE(swtpm_setup);
+ return -1;
+ }
+ }
+
+ if (!swtpm_ioctl) {
+ swtpm_ioctl = virFindFileInPath("swtpm_ioctl");
+ if (!swtpm_ioctl) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Could not find swtpm_ioctl in PATH"));
+ return -1;
+ }
+ if (!virFileIsExecutable(swtpm_ioctl)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("swtpm_ioctl program %s is not an executable"),
+ swtpm_ioctl);
+ VIR_FREE(swtpm_ioctl);
+ return -1;
+ }
+ }
+
+ return 0;
+}
diff --git a/src/tpm/virtpm.h b/src/tpm/virtpm.h
index 4408bdb217..66d55fb231 100644
--- a/src/tpm/virtpm.h
+++ b/src/tpm/virtpm.h
@@ -21,3 +21,8 @@
#pragma once
char *virTPMCreateCancelPath(const char *devpath) ATTRIBUTE_NOINLINE;
+
+const char *virTPMGetSwtpm(void);
+const char *virTPMGetSwtpmSetup(void);
+const char *virTPMGetSwtpmIoctl(void);
+int virTPMEmulatorInit(void);
--
2.20.1
3:24 p.m.
New subject: [libvirt] [PATCH 10/18] tpm: Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c and introduce
a few functions to query the executables needed for virCommands.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
Couldn't there be a TOCTOU issue?
Anyway, for the move:
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
src/libvirt_private.syms | 4 ++
src/qemu/qemu_tpm.c | 83 ++++--------------------------------
src/tpm/virtpm.c | 91 ++++++++++++++++++++++++++++++++++++++++
src/tpm/virtpm.h | 5 +++
4 files changed, 108 insertions(+), 75 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index e29007cab1..e33d7d9f14 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1447,6 +1447,10 @@ virSecurityManagerVerify;
# tpm/virtpm.h
virTPMCreateCancelPath;
+virTPMEmulatorInit;
+virTPMGetSwtpm;
+virTPMGetSwtpmIoctl;
+virTPMGetSwtpmSetup;
# util/viralloc.h
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index cc8c69433b..61b4f72320 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -41,79 +41,12 @@
#include "configmake.h"
#include "dirname.h"
#include "qemu_tpm.h"
+#include "virtpm.h"
#define VIR_FROM_THIS VIR_FROM_NONE
VIR_LOG_INIT("qemu.tpm");
-/*
- * executables for the swtpm; to be found on the host
- */
-static char *swtpm_path;
-static char *swtpm_setup;
-static char *swtpm_ioctl;
-
-/*
- * qemuTPMEmulatorInit
- *
- * Initialize the Emulator functions by searching for necessary
- * executables that we will use to start and setup the swtpm
- */
-static int
-qemuTPMEmulatorInit(void)
-{
- if (!swtpm_path) {
- swtpm_path = virFindFileInPath("swtpm");
- if (!swtpm_path) {
- virReportSystemError(ENOENT, "%s",
- _("Unable to find 'swtpm' binary in
$PATH"));
- return -1;
- }
- if (!virFileIsExecutable(swtpm_path)) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("TPM emulator %s is not an executable"),
- swtpm_path);
- VIR_FREE(swtpm_path);
- return -1;
- }
- }
-
- if (!swtpm_setup) {
- swtpm_setup = virFindFileInPath("swtpm_setup");
- if (!swtpm_setup) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Could not find 'swtpm_setup' in
PATH"));
- return -1;
- }
- if (!virFileIsExecutable(swtpm_setup)) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("'%s' is not an executable"),
- swtpm_setup);
- VIR_FREE(swtpm_setup);
- return -1;
- }
- }
-
- if (!swtpm_ioctl) {
- swtpm_ioctl = virFindFileInPath("swtpm_ioctl");
- if (!swtpm_ioctl) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Could not find swtpm_ioctl in PATH"));
- return -1;
- }
- if (!virFileIsExecutable(swtpm_ioctl)) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("swtpm_ioctl program %s is not an executable"),
- swtpm_ioctl);
- VIR_FREE(swtpm_ioctl);
- return -1;
- }
- }
-
- return 0;
-}
-
-
/*
* qemuTPMCreateEmulatorStoragePath
*
@@ -350,7 +283,7 @@ qemuTPMEmulatorGetPid(const char *swtpmStateDir,
if (!pidfile)
return -ENOMEM;
- ret = virPidFileReadPathIfAlive(pidfile, pid, swtpm_path);
+ ret = virPidFileReadPathIfAlive(pidfile, pid, virTPMGetSwtpm());
VIR_FREE(pidfile);
@@ -386,7 +319,7 @@ qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
{
int ret = -1;
- if (qemuTPMEmulatorInit() < 0)
+ if (virTPMEmulatorInit() < 0)
return -1;
/* create log dir ... allow 'tss' user to cd into it */
@@ -478,7 +411,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
"this requires privileged mode for a "
"TPM 1.2\n"), 0600);
- cmd = virCommandNew(swtpm_setup);
+ cmd = virCommandNew(virTPMGetSwtpmSetup());
if (!cmd)
goto cleanup;
@@ -518,7 +451,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Could not run '%s'. exitstatus: %d; "
"Check error log '%s' for details."),
- swtpm_setup, exitstatus, logfile);
+ virTPMGetSwtpmSetup(), exitstatus, logfile);
goto cleanup;
}
@@ -575,7 +508,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
unlink(tpm->data.emulator.source.data.nix.path);
- cmd = virCommandNew(swtpm_path);
+ cmd = virCommandNew(virTPMGetSwtpm());
if (!cmd)
goto error;
@@ -640,7 +573,7 @@ qemuTPMEmulatorStop(const char *swtpmStateDir,
char *pathname;
char *errbuf = NULL;
- if (qemuTPMEmulatorInit() < 0)
+ if (virTPMEmulatorInit() < 0)
return;
if (!(pathname = qemuTPMCreateEmulatorSocket(swtpmStateDir, shortName)))
@@ -649,7 +582,7 @@ qemuTPMEmulatorStop(const char *swtpmStateDir,
if (!virFileExists(pathname))
goto cleanup;
- cmd = virCommandNew(swtpm_ioctl);
+ cmd = virCommandNew(virTPMGetSwtpmIoctl());
if (!cmd)
goto cleanup;
diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c
index 583b9a64a4..4635d8add0 100644
--- a/src/tpm/virtpm.c
+++ b/src/tpm/virtpm.c
@@ -72,3 +72,94 @@ virTPMCreateCancelPath(const char *devpath)
cleanup:
return path;
}
+
+/*
+ * executables for the swtpm; to be found on the host
+ */
+static char *swtpm_path;
+static char *swtpm_setup;
+static char *swtpm_ioctl;
+
+const char *
+virTPMGetSwtpm(void)
+{
+ if (!swtpm_path)
+ virTPMEmulatorInit();
+ return swtpm_path;
+}
+
+const char *
+virTPMGetSwtpmSetup(void)
+{
+ if (!swtpm_setup)
+ virTPMEmulatorInit();
+ return swtpm_setup;
+}
+
+const char *
+virTPMGetSwtpmIoctl(void)
+{
+ if (!swtpm_ioctl)
+ virTPMEmulatorInit();
+ return swtpm_ioctl;
+}
+
+/*
+ * virTPMEmulatorInit
+ *
+ * Initialize the Emulator functions by searching for necessary
+ * executables that we will use to start and setup the swtpm
+ */
+int
+virTPMEmulatorInit(void)
+{
+ if (!swtpm_path) {
+ swtpm_path = virFindFileInPath("swtpm");
+ if (!swtpm_path) {
+ virReportSystemError(ENOENT, "%s",
+ _("Unable to find 'swtpm' binary in
$PATH"));
+ return -1;
+ }
+ if (!virFileIsExecutable(swtpm_path)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("TPM emulator %s is not an executable"),
+ swtpm_path);
+ VIR_FREE(swtpm_path);
+ return -1;
+ }
+ }
+
+ if (!swtpm_setup) {
+ swtpm_setup = virFindFileInPath("swtpm_setup");
+ if (!swtpm_setup) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Could not find 'swtpm_setup' in
PATH"));
+ return -1;
+ }
+ if (!virFileIsExecutable(swtpm_setup)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("'%s' is not an executable"),
+ swtpm_setup);
+ VIR_FREE(swtpm_setup);
+ return -1;
+ }
+ }
+
+ if (!swtpm_ioctl) {
+ swtpm_ioctl = virFindFileInPath("swtpm_ioctl");
+ if (!swtpm_ioctl) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Could not find swtpm_ioctl in PATH"));
+ return -1;
+ }
+ if (!virFileIsExecutable(swtpm_ioctl)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("swtpm_ioctl program %s is not an executable"),
+ swtpm_ioctl);
+ VIR_FREE(swtpm_ioctl);
+ return -1;
+ }
+ }
+
+ return 0;
+}
diff --git a/src/tpm/virtpm.h b/src/tpm/virtpm.h
index 4408bdb217..66d55fb231 100644
--- a/src/tpm/virtpm.h
+++ b/src/tpm/virtpm.h
@@ -21,3 +21,8 @@
#pragma once
char *virTPMCreateCancelPath(const char *devpath) ATTRIBUTE_NOINLINE;
+
+const char *virTPMGetSwtpm(void);
+const char *virTPMGetSwtpmSetup(void);
+const char *virTPMGetSwtpmIoctl(void);
+int virTPMEmulatorInit(void);
--
2.20.1
6:49 a.m.
New subject: [libvirt] [PATCH 10/18] tpm: Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c
On 7/9/19 4:24 PM, Marc-André Lureau wrote:
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger
<stefanb(a)linux.vnet.ibm.com> wrote:
> Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c and introduce
> a few functions to query the executables needed for virCommands.
>
> Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
Couldn't there be a TOCTOU issue?
It's not atomic and we cannot prevent modifications to the filesystem,
if that's what you mean.
Anyway, for the move:
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Thanks. Stefan
12:23 p.m.
New subject: [libvirt] [PATCH 11/18] tpm: Refactor virTPMEmulatorInit to use loop
Refactor virTPMEmulatorInit to use a loop with parameters. This allows
for easier extension later on.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/tpm/virtpm.c | 80 ++++++++++++++++++++++--------------------------
1 file changed, 37 insertions(+), 43 deletions(-)
diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c
index 4635d8add0..0179b1e8be 100644
--- a/src/tpm/virtpm.c
+++ b/src/tpm/virtpm.c
@@ -113,51 +113,45 @@ virTPMGetSwtpmIoctl(void)
int
virTPMEmulatorInit(void)
{
- if (!swtpm_path) {
- swtpm_path = virFindFileInPath("swtpm");
- if (!swtpm_path) {
- virReportSystemError(ENOENT, "%s",
- _("Unable to find 'swtpm' binary in
$PATH"));
- return -1;
+ static const struct {
+ const char *name;
+ char **path;
+ } prgs[] = {
+ {
+ .name = "swtpm",
+ .path = &swtpm_path,
+ },
+ {
+ .name = "swtpm_setup",
+ .path = &swtpm_setup,
+ },
+ {
+ .name = "swtpm_ioctl",
+ .path = &swtpm_ioctl,
}
- if (!virFileIsExecutable(swtpm_path)) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("TPM emulator %s is not an executable"),
- swtpm_path);
- VIR_FREE(swtpm_path);
- return -1;
- }
- }
-
- if (!swtpm_setup) {
- swtpm_setup = virFindFileInPath("swtpm_setup");
- if (!swtpm_setup) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Could not find 'swtpm_setup' in PATH"));
- return -1;
- }
- if (!virFileIsExecutable(swtpm_setup)) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("'%s' is not an executable"),
- swtpm_setup);
- VIR_FREE(swtpm_setup);
- return -1;
- }
- }
+ };
+ size_t i;
- if (!swtpm_ioctl) {
- swtpm_ioctl = virFindFileInPath("swtpm_ioctl");
- if (!swtpm_ioctl) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Could not find swtpm_ioctl in PATH"));
- return -1;
- }
- if (!virFileIsExecutable(swtpm_ioctl)) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("swtpm_ioctl program %s is not an executable"),
- swtpm_ioctl);
- VIR_FREE(swtpm_ioctl);
- return -1;
+ for (i = 0; i < ARRAY_CARDINALITY(prgs); i++) {
+ char *path;
+ bool findit = *prgs[i].path == NULL;
+
+ if (findit) {
+ path = virFindFileInPath(prgs[i].name);
+ if (!path) {
+ virReportSystemError(ENOENT,
+ _("Unable to find '%s' binary in
$PATH"),
+ prgs[i].name);
+ return -1;
+ }
+ if (!virFileIsExecutable(path)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("%s is not an executable"),
+ path);
+ VIR_FREE(path);
+ return -1;
+ }
+ *prgs[i].path = path;
}
}
--
2.20.1
3:23 p.m.
New subject: [libvirt] [PATCH 11/18] tpm: Refactor virTPMEmulatorInit to use loop
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Refactor virTPMEmulatorInit to use a loop with parameters. This allows
for easier extension later on.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
for the refactoring,
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
src/tpm/virtpm.c | 80 ++++++++++++++++++++++--------------------------
1 file changed, 37 insertions(+), 43 deletions(-)
diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c
index 4635d8add0..0179b1e8be 100644
--- a/src/tpm/virtpm.c
+++ b/src/tpm/virtpm.c
@@ -113,51 +113,45 @@ virTPMGetSwtpmIoctl(void)
int
virTPMEmulatorInit(void)
{
- if (!swtpm_path) {
- swtpm_path = virFindFileInPath("swtpm");
- if (!swtpm_path) {
- virReportSystemError(ENOENT, "%s",
- _("Unable to find 'swtpm' binary in
$PATH"));
- return -1;
+ static const struct {
+ const char *name;
+ char **path;
+ } prgs[] = {
+ {
+ .name = "swtpm",
+ .path = &swtpm_path,
+ },
+ {
+ .name = "swtpm_setup",
+ .path = &swtpm_setup,
+ },
+ {
+ .name = "swtpm_ioctl",
+ .path = &swtpm_ioctl,
}
- if (!virFileIsExecutable(swtpm_path)) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("TPM emulator %s is not an executable"),
- swtpm_path);
- VIR_FREE(swtpm_path);
- return -1;
- }
- }
-
- if (!swtpm_setup) {
- swtpm_setup = virFindFileInPath("swtpm_setup");
- if (!swtpm_setup) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Could not find 'swtpm_setup' in
PATH"));
- return -1;
- }
- if (!virFileIsExecutable(swtpm_setup)) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("'%s' is not an executable"),
- swtpm_setup);
- VIR_FREE(swtpm_setup);
- return -1;
- }
- }
+ };
+ size_t i;
- if (!swtpm_ioctl) {
- swtpm_ioctl = virFindFileInPath("swtpm_ioctl");
- if (!swtpm_ioctl) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Could not find swtpm_ioctl in PATH"));
- return -1;
- }
- if (!virFileIsExecutable(swtpm_ioctl)) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("swtpm_ioctl program %s is not an executable"),
- swtpm_ioctl);
- VIR_FREE(swtpm_ioctl);
- return -1;
+ for (i = 0; i < ARRAY_CARDINALITY(prgs); i++) {
+ char *path;
+ bool findit = *prgs[i].path == NULL;
+
+ if (findit) {
+ path = virFindFileInPath(prgs[i].name);
+ if (!path) {
+ virReportSystemError(ENOENT,
+ _("Unable to find '%s' binary in
$PATH"),
+ prgs[i].name);
+ return -1;
+ }
+ if (!virFileIsExecutable(path)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("%s is not an executable"),
+ path);
+ VIR_FREE(path);
+ return -1;
+ }
+ *prgs[i].path = path;
}
}
--
2.20.1
12:23 p.m.
New subject: [libvirt] [PATCH 12/18] tpm: Check whether previously found executables were updated
Check whether previously found executables were updated and if
so look for them again. This helps to use updated features of
swtpm and its tools upon updating them.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/qemu/qemu_tpm.c | 1 +
src/tpm/virtpm.c | 34 ++++++++++++++++++++++++++++++++++
2 files changed, 35 insertions(+)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 61b4f72320..2afa8db448 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -20,6 +20,7 @@
#include <config.h>
+#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <fcntl.h>
diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c
index 0179b1e8be..e4735f9c4d 100644
--- a/src/tpm/virtpm.c
+++ b/src/tpm/virtpm.c
@@ -77,8 +77,13 @@ virTPMCreateCancelPath(const char *devpath)
* executables for the swtpm; to be found on the host
*/
static char *swtpm_path;
+static struct stat swtpm_stat;
+
static char *swtpm_setup;
+static struct stat swtpm_setup_stat;
+
static char *swtpm_ioctl;
+static struct stat swtpm_ioctl_stat;
const char *
virTPMGetSwtpm(void)
@@ -116,18 +121,22 @@ virTPMEmulatorInit(void)
static const struct {
const char *name;
char **path;
+ struct stat *stat;
} prgs[] = {
{
.name = "swtpm",
.path = &swtpm_path,
+ .stat = &swtpm_stat,
},
{
.name = "swtpm_setup",
.path = &swtpm_setup,
+ .stat = &swtpm_setup_stat,
},
{
.name = "swtpm_ioctl",
.path = &swtpm_ioctl,
+ .stat = &swtpm_ioctl_stat,
}
};
size_t i;
@@ -135,6 +144,23 @@ virTPMEmulatorInit(void)
for (i = 0; i < ARRAY_CARDINALITY(prgs); i++) {
char *path;
bool findit = *prgs[i].path == NULL;
+ struct stat statbuf;
+ char *tmp;
+
+ if (!findit) {
+ /* has executables changed? */
+ if (stat(*prgs[i].path, &statbuf) < 0) {
+ virReportSystemError(errno,
+ _("Could not stat %s"), path);
+ findit = true;
+ }
+ if (!findit &&
+ memcmp(&statbuf.st_mtim,
+ &prgs[i].stat->st_mtime,
+ sizeof(statbuf.st_mtim))) {
+ findit = true;
+ }
+ }
if (findit) {
path = virFindFileInPath(prgs[i].name);
@@ -151,7 +177,15 @@ virTPMEmulatorInit(void)
VIR_FREE(path);
return -1;
}
+ if (stat(path, prgs[i].stat) < 0) {
+ virReportSystemError(errno,
+ _("Could not stat %s"), path);
+ VIR_FREE(path);
+ return -1;
+ }
+ tmp = *prgs[i].path;
*prgs[i].path = path;
+ VIR_FREE(tmp);
}
}
--
2.20.1
3:24 p.m.
New subject: [libvirt] [PATCH 12/18] tpm: Check whether previously found executables were updated
Hi
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Check whether previously found executables were updated and if
so look for them again. This helps to use updated features of
swtpm and its tools upon updating them.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
src/qemu/qemu_tpm.c | 1 +
src/tpm/virtpm.c | 34 ++++++++++++++++++++++++++++++++++
2 files changed, 35 insertions(+)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 61b4f72320..2afa8db448 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -20,6 +20,7 @@
#include <config.h>
+#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <fcntl.h>
diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c
index 0179b1e8be..e4735f9c4d 100644
--- a/src/tpm/virtpm.c
+++ b/src/tpm/virtpm.c
@@ -77,8 +77,13 @@ virTPMCreateCancelPath(const char *devpath)
* executables for the swtpm; to be found on the host
*/
static char *swtpm_path;
+static struct stat swtpm_stat;
+
static char *swtpm_setup;
+static struct stat swtpm_setup_stat;
+
static char *swtpm_ioctl;
+static struct stat swtpm_ioctl_stat;
const char *
virTPMGetSwtpm(void)
@@ -116,18 +121,22 @@ virTPMEmulatorInit(void)
static const struct {
const char *name;
char **path;
+ struct stat *stat;
} prgs[] = {
{
.name = "swtpm",
.path = &swtpm_path,
+ .stat = &swtpm_stat,
},
{
.name = "swtpm_setup",
.path = &swtpm_setup,
+ .stat = &swtpm_setup_stat,
},
{
.name = "swtpm_ioctl",
.path = &swtpm_ioctl,
+ .stat = &swtpm_ioctl_stat,
}
};
size_t i;
@@ -135,6 +144,23 @@ virTPMEmulatorInit(void)
for (i = 0; i < ARRAY_CARDINALITY(prgs); i++) {
char *path;
bool findit = *prgs[i].path == NULL;
+ struct stat statbuf;
+ char *tmp;
+
+ if (!findit) {
+ /* has executables changed? */
+ if (stat(*prgs[i].path, &statbuf) < 0) {
+ virReportSystemError(errno,
+ _("Could not stat %s"), path);
+ findit = true;
+ }
+ if (!findit &&
+ memcmp(&statbuf.st_mtim,
+ &prgs[i].stat->st_mtime,
+ sizeof(statbuf.st_mtim))) {
+ findit = true;
+ }
+ }
if (findit) {
path = virFindFileInPath(prgs[i].name);
@@ -151,7 +177,15 @@ virTPMEmulatorInit(void)
VIR_FREE(path);
return -1;
}
+ if (stat(path, prgs[i].stat) < 0) {
+ virReportSystemError(errno,
+ _("Could not stat %s"), path);
+ VIR_FREE(path);
+ return -1;
+ }
+ tmp = *prgs[i].path;
*prgs[i].path = path;
+ VIR_FREE(tmp);
}
}
--
2.20.1
12:23 p.m.
New subject: [libvirt] [PATCH 13/18] tpm: Parse the capabilities supported by swtpm and swtpm_setup
Run 'swtpm socket --print-capabilities' and
'swtpm_setup --print-capabilities' to get the JSON object of the
features the programs are supporting and parse them into a bitmap.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/conf/Makefile.inc.am | 6 ++
src/conf/virtpm_conf.c | 36 ++++++++++++
src/conf/virtpm_conf.h | 36 ++++++++++++
src/libvirt_private.syms | 5 ++
src/tpm/Makefile.inc.am | 5 +-
src/tpm/virtpm.c | 123 ++++++++++++++++++++++++++++++++++++++-
6 files changed, 209 insertions(+), 2 deletions(-)
create mode 100644 src/conf/virtpm_conf.c
create mode 100644 src/conf/virtpm_conf.h
diff --git a/src/conf/Makefile.inc.am b/src/conf/Makefile.inc.am
index 08c7c9da7f..e42425fcc5 100644
--- a/src/conf/Makefile.inc.am
+++ b/src/conf/Makefile.inc.am
@@ -153,6 +153,11 @@ DEVICE_CONF_SOURCES = \
conf/device_conf.h \
$(NULL)
+TPM_CONF_SOURCES = \
+ conf/virtpm_conf.c \
+ conf/virtpm_conf.h \
+ $(NULL)
+
CONF_SOURCES = \
$(NETDEV_CONF_SOURCES) \
$(DOMAIN_CONF_SOURCES) \
@@ -171,6 +176,7 @@ CONF_SOURCES = \
$(CPU_CONF_SOURCES) \
$(CHRDEV_CONF_SOURCES) \
$(DEVICE_CONF_SOURCES) \
+ $(TPM_CONF_SOURCES) \
$(NULL)
noinst_LTLIBRARIES += libvirt_conf.la
diff --git a/src/conf/virtpm_conf.c b/src/conf/virtpm_conf.c
new file mode 100644
index 0000000000..12e69e67b3
--- /dev/null
+++ b/src/conf/virtpm_conf.c
@@ -0,0 +1,36 @@
+/*
+ * virtpm_conf.c: vTPM XML processing
+ *
+ * Copyright (C) 2019 IBM Corporation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>;.
+ */
+
+#include <config.h>
+
+#include "virenum.h"
+#include "virtpm_conf.h"
+
+#define VIR_FROM_THIS VIR_FROM_NONE
+
+VIR_ENUM_IMPL(virTPMSwtpmFeature,
+ VIR_TPM_SWTPM_FEATURE_LAST,
+ "cmdarg-pwd-fd",
+);
+
+VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
+ VIR_TPM_SWTPM_SETUP_FEATURE_LAST,
+ "cmdarg-pwdfile-fd",
+);
diff --git a/src/conf/virtpm_conf.h b/src/conf/virtpm_conf.h
new file mode 100644
index 0000000000..73c6c67271
--- /dev/null
+++ b/src/conf/virtpm_conf.h
@@ -0,0 +1,36 @@
+/*
+ * virtpm_conf.h: vTPM XML processing
+ *
+ * Copyright (C) 2019 IBM Corporation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>;.
+ */
+
+#pragma once
+
+typedef enum {
+ VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD,
+
+ VIR_TPM_SWTPM_FEATURE_LAST
+} virTPMSwtpmFeature;
+
+typedef enum {
+ VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD,
+
+ VIR_TPM_SWTPM_SETUP_FEATURE_LAST
+} virTPMSwtpmSetupFeature;
+
+VIR_ENUM_DECL(virTPMSwtpmFeature);
+VIR_ENUM_DECL(virTPMSwtpmSetupFeature);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index e33d7d9f14..d2045895a1 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1236,6 +1236,11 @@ virStoragePoolObjVolumeGetNames;
virStoragePoolObjVolumeListExport;
+# conf/virtpm_conf.h
+virTPMSwtpmFeatureTypeFromString;
+virTPMSwtpmSetupFeatureTypeFromString;
+
+
# cpu/cpu.h
cpuDecode;
cpuEncode;
diff --git a/src/tpm/Makefile.inc.am b/src/tpm/Makefile.inc.am
index 1f5131bf34..d8a15c406c 100644
--- a/src/tpm/Makefile.inc.am
+++ b/src/tpm/Makefile.inc.am
@@ -12,6 +12,9 @@ EXTRA_DIST += \
noinst_LTLIBRARIES += libvirt_tpm.la
libvirt_la_BUILT_LIBADD += libvirt_tpm.la
-libvirt_tpm_la_CFLAGS = $(AM_CFLAGS)
+libvirt_tpm_la_CFLAGS = \
+ -I$(srcdir)/conf \
+ $(AM_CFLAGS) \
+ $(NULL)
libvirt_tpm_la_LDFLAGS = $(AM_LDFLAGS)
libvirt_tpm_la_SOURCES = $(TPM_UTIL_SOURCES)
diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c
index e4735f9c4d..42dd2b1bb2 100644
--- a/src/tpm/virtpm.c
+++ b/src/tpm/virtpm.c
@@ -27,6 +27,10 @@
#include "viralloc.h"
#include "virfile.h"
#include "virtpm.h"
+#include "vircommand.h"
+#include "virbitmap.h"
+#include "virjson.h"
+#include "virtpm_conf.h"
#define VIR_FROM_THIS VIR_FROM_NONE
@@ -74,17 +78,22 @@ virTPMCreateCancelPath(const char *devpath)
}
/*
- * executables for the swtpm; to be found on the host
+ * executables for the swtpm; to be found on the host along with
+ * capabilties bitmap
*/
static char *swtpm_path;
static struct stat swtpm_stat;
+static virBitmapPtr swtpm_caps;
static char *swtpm_setup;
static struct stat swtpm_setup_stat;
+static virBitmapPtr swtpm_setup_caps;
static char *swtpm_ioctl;
static struct stat swtpm_ioctl_stat;
+typedef int (*TypeFromStringFn)(const char *);
+
const char *
virTPMGetSwtpm(void)
{
@@ -109,6 +118,106 @@ virTPMGetSwtpmIoctl(void)
return swtpm_ioctl;
}
+/* virTPMExecGetCaps
+ *
+ * Execute the prepared command and parse the returned JSON object
+ * to get the capabilities supported by the executable.
+ * A JSON object like this is expected:
+ *
+ * {
+ * "type": "swtpm",
+ * "features": [
+ * "cmdarg-seccomp",
+ * "cmdarg-key-fd",
+ * "cmdarg-pwd-fd"
+ * ]
+ * }
+ */
+static virBitmapPtr
+virTPMExecGetCaps(virCommandPtr cmd,
+ TypeFromStringFn typeFromStringFn)
+{
+ int exitstatus;
+ virBitmapPtr bitmap;
+ char *outbuf = NULL;
+ virJSONValuePtr json = NULL;
+ virJSONValuePtr featureList;
+ virJSONValuePtr item;
+ size_t idx;
+ const char *str;
+ int typ;
+
+ if (!(bitmap = virBitmapNewEmpty()))
+ return NULL;
+
+ virCommandSetOutputBuffer(cmd, &outbuf);
+ /* We allow the command to fail since older versions of it may
+ * not support --print-capabilities
+ */
+ if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus != 0)
+ goto cleanup;
+
+ json = virJSONValueFromString(outbuf);
+ if (!json)
+ goto error_bad_json;
+
+ featureList = virJSONValueObjectGetArray(json, "features");
+ if (!featureList)
+ goto error_bad_json;
+
+ if (!virJSONValueIsArray(featureList))
+ goto error_bad_json;
+
+ for (idx = 0; idx < virJSONValueArraySize(featureList); idx++) {
+ item = virJSONValueArrayGet(featureList, idx);
+ if (!item)
+ continue;
+
+ str = virJSONValueGetString(item);
+ if (!str)
+ goto error_bad_json;
+ typ = typeFromStringFn(str);
+ if (typ < 0)
+ continue;
+
+ if (virBitmapSetBitExpand(bitmap, typ) < 0)
+ goto cleanup;
+ }
+
+ cleanup:
+ VIR_FREE(outbuf);
+ virJSONValueFree(json);
+
+ return bitmap;
+
+ error_bad_json:
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unexpected JSON format: %s"), outbuf);
+ goto cleanup;
+}
+
+static virBitmapPtr
+virTPMGetCaps(TypeFromStringFn typeFromStringFn,
+ const char *exec, const char *param1)
+{
+ virCommandPtr cmd;
+ virBitmapPtr bitmap;
+
+ cmd = virCommandNew(exec);
+ if (!cmd)
+ return NULL;
+ if (param1)
+ virCommandAddArg(cmd, param1);
+ virCommandAddArg(cmd, "--print-capabilities");
+ virCommandClearCaps(cmd);
+
+ bitmap = virTPMExecGetCaps(cmd, typeFromStringFn);
+
+ virCommandFree(cmd);
+
+ return bitmap;
+}
+
/*
* virTPMEmulatorInit
*
@@ -122,16 +231,24 @@ virTPMEmulatorInit(void)
const char *name;
char **path;
struct stat *stat;
+ const char *parm;
+ virBitmapPtr *caps;
+ TypeFromStringFn typeFromStringFn;
} prgs[] = {
{
.name = "swtpm",
.path = &swtpm_path,
.stat = &swtpm_stat,
+ .parm = "socket",
+ .caps = &swtpm_caps,
+ .typeFromStringFn = virTPMSwtpmFeatureTypeFromString,
},
{
.name = "swtpm_setup",
.path = &swtpm_setup,
.stat = &swtpm_setup_stat,
+ .caps = &swtpm_setup_caps,
+ .typeFromStringFn = virTPMSwtpmSetupFeatureTypeFromString,
},
{
.name = "swtpm_ioctl",
@@ -186,6 +303,10 @@ virTPMEmulatorInit(void)
tmp = *prgs[i].path;
*prgs[i].path = path;
VIR_FREE(tmp);
+
+ if (prgs[i].caps)
+ *prgs[i].caps = virTPMGetCaps(prgs[i].typeFromStringFn,
+ path, prgs[i].parm);
}
}
--
2.20.1
3:24 p.m.
New subject: [libvirt] [PATCH 13/18] tpm: Parse the capabilities supported by swtpm and swtpm_setup
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Run 'swtpm socket --print-capabilities' and
'swtpm_setup --print-capabilities' to get the JSON object of the
features the programs are supporting and parse them into a bitmap.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/conf/Makefile.inc.am | 6 ++
src/conf/virtpm_conf.c | 36 ++++++++++++
src/conf/virtpm_conf.h | 36 ++++++++++++
src/libvirt_private.syms | 5 ++
src/tpm/Makefile.inc.am | 5 +-
src/tpm/virtpm.c | 123 ++++++++++++++++++++++++++++++++++++++-
6 files changed, 209 insertions(+), 2 deletions(-)
create mode 100644 src/conf/virtpm_conf.c
create mode 100644 src/conf/virtpm_conf.h
diff --git a/src/conf/Makefile.inc.am b/src/conf/Makefile.inc.am
index 08c7c9da7f..e42425fcc5 100644
--- a/src/conf/Makefile.inc.am
+++ b/src/conf/Makefile.inc.am
@@ -153,6 +153,11 @@ DEVICE_CONF_SOURCES = \
conf/device_conf.h \
$(NULL)
+TPM_CONF_SOURCES = \
+ conf/virtpm_conf.c \
+ conf/virtpm_conf.h \
+ $(NULL)
+
CONF_SOURCES = \
$(NETDEV_CONF_SOURCES) \
$(DOMAIN_CONF_SOURCES) \
@@ -171,6 +176,7 @@ CONF_SOURCES = \
$(CPU_CONF_SOURCES) \
$(CHRDEV_CONF_SOURCES) \
$(DEVICE_CONF_SOURCES) \
+ $(TPM_CONF_SOURCES) \
$(NULL)
noinst_LTLIBRARIES += libvirt_conf.la
diff --git a/src/conf/virtpm_conf.c b/src/conf/virtpm_conf.c
new file mode 100644
index 0000000000..12e69e67b3
--- /dev/null
+++ b/src/conf/virtpm_conf.c
@@ -0,0 +1,36 @@
+/*
+ * virtpm_conf.c: vTPM XML processing
+ *
+ * Copyright (C) 2019 IBM Corporation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>;.
+ */
+
+#include <config.h>
+
+#include "virenum.h"
+#include "virtpm_conf.h"
+
+#define VIR_FROM_THIS VIR_FROM_NONE
+
+VIR_ENUM_IMPL(virTPMSwtpmFeature,
+ VIR_TPM_SWTPM_FEATURE_LAST,
+ "cmdarg-pwd-fd",
+);
+
+VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
+ VIR_TPM_SWTPM_SETUP_FEATURE_LAST,
+ "cmdarg-pwdfile-fd",
+);
diff --git a/src/conf/virtpm_conf.h b/src/conf/virtpm_conf.h
new file mode 100644
index 0000000000..73c6c67271
--- /dev/null
+++ b/src/conf/virtpm_conf.h
@@ -0,0 +1,36 @@
+/*
+ * virtpm_conf.h: vTPM XML processing
+ *
+ * Copyright (C) 2019 IBM Corporation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>;.
+ */
+
+#pragma once
+
+typedef enum {
+ VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD,
+
+ VIR_TPM_SWTPM_FEATURE_LAST
+} virTPMSwtpmFeature;
+
+typedef enum {
+ VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD,
+
+ VIR_TPM_SWTPM_SETUP_FEATURE_LAST
+} virTPMSwtpmSetupFeature;
+
+VIR_ENUM_DECL(virTPMSwtpmFeature);
+VIR_ENUM_DECL(virTPMSwtpmSetupFeature);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index e33d7d9f14..d2045895a1 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1236,6 +1236,11 @@ virStoragePoolObjVolumeGetNames;
virStoragePoolObjVolumeListExport;
+# conf/virtpm_conf.h
+virTPMSwtpmFeatureTypeFromString;
+virTPMSwtpmSetupFeatureTypeFromString;
+
+
# cpu/cpu.h
cpuDecode;
cpuEncode;
diff --git a/src/tpm/Makefile.inc.am b/src/tpm/Makefile.inc.am
index 1f5131bf34..d8a15c406c 100644
--- a/src/tpm/Makefile.inc.am
+++ b/src/tpm/Makefile.inc.am
@@ -12,6 +12,9 @@ EXTRA_DIST += \
noinst_LTLIBRARIES += libvirt_tpm.la
libvirt_la_BUILT_LIBADD += libvirt_tpm.la
-libvirt_tpm_la_CFLAGS = $(AM_CFLAGS)
+libvirt_tpm_la_CFLAGS = \
+ -I$(srcdir)/conf \
+ $(AM_CFLAGS) \
+ $(NULL)
libvirt_tpm_la_LDFLAGS = $(AM_LDFLAGS)
libvirt_tpm_la_SOURCES = $(TPM_UTIL_SOURCES)
diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c
index e4735f9c4d..42dd2b1bb2 100644
--- a/src/tpm/virtpm.c
+++ b/src/tpm/virtpm.c
@@ -27,6 +27,10 @@
#include "viralloc.h"
#include "virfile.h"
#include "virtpm.h"
+#include "vircommand.h"
+#include "virbitmap.h"
+#include "virjson.h"
+#include "virtpm_conf.h"
#define VIR_FROM_THIS VIR_FROM_NONE
@@ -74,17 +78,22 @@ virTPMCreateCancelPath(const char *devpath)
}
/*
- * executables for the swtpm; to be found on the host
+ * executables for the swtpm; to be found on the host along with
+ * capabilties bitmap
*/
static char *swtpm_path;
static struct stat swtpm_stat;
+static virBitmapPtr swtpm_caps;
static char *swtpm_setup;
static struct stat swtpm_setup_stat;
+static virBitmapPtr swtpm_setup_caps;
static char *swtpm_ioctl;
static struct stat swtpm_ioctl_stat;
+typedef int (*TypeFromStringFn)(const char *);
+
const char *
virTPMGetSwtpm(void)
{
@@ -109,6 +118,106 @@ virTPMGetSwtpmIoctl(void)
return swtpm_ioctl;
}
+/* virTPMExecGetCaps
+ *
+ * Execute the prepared command and parse the returned JSON object
+ * to get the capabilities supported by the executable.
+ * A JSON object like this is expected:
+ *
+ * {
+ * "type": "swtpm",
+ * "features": [
+ * "cmdarg-seccomp",
+ * "cmdarg-key-fd",
+ * "cmdarg-pwd-fd"
+ * ]
+ * }
+ */
+static virBitmapPtr
+virTPMExecGetCaps(virCommandPtr cmd,
+ TypeFromStringFn typeFromStringFn)
+{
+ int exitstatus;
+ virBitmapPtr bitmap;
+ char *outbuf = NULL;
+ virJSONValuePtr json = NULL;
+ virJSONValuePtr featureList;
+ virJSONValuePtr item;
+ size_t idx;
+ const char *str;
+ int typ;
+
+ if (!(bitmap = virBitmapNewEmpty()))
+ return NULL;
+
+ virCommandSetOutputBuffer(cmd, &outbuf);
+ /* We allow the command to fail since older versions of it may
+ * not support --print-capabilities
+ */
+ if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus != 0)
+ goto cleanup;
We should probably fail if the command failed to run, and skip if
exitstatus != 0.
+
+ json = virJSONValueFromString(outbuf);
+ if (!json)
+ goto error_bad_json;
+
+ featureList = virJSONValueObjectGetArray(json, "features");
+ if (!featureList)
+ goto error_bad_json;
+
+ if (!virJSONValueIsArray(featureList))
+ goto error_bad_json;
+
+ for (idx = 0; idx < virJSONValueArraySize(featureList); idx++) {
+ item = virJSONValueArrayGet(featureList, idx);
+ if (!item)
+ continue;
+
+ str = virJSONValueGetString(item);
+ if (!str)
+ goto error_bad_json;
+ typ = typeFromStringFn(str);
+ if (typ < 0)
+ continue;
+
+ if (virBitmapSetBitExpand(bitmap, typ) < 0)
+ goto cleanup;
+ }
+
+ cleanup:
+ VIR_FREE(outbuf);
+ virJSONValueFree(json);
Please use VIR_AUTOFREE and VIR_AUTOPTR
+
+ return bitmap;
+
+ error_bad_json:
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unexpected JSON format: %s"), outbuf);
+ goto cleanup;
+}
+
+static virBitmapPtr
+virTPMGetCaps(TypeFromStringFn typeFromStringFn,
+ const char *exec, const char *param1)
+{
+ virCommandPtr cmd;
+ virBitmapPtr bitmap;
+
+ cmd = virCommandNew(exec);
+ if (!cmd)
+ return NULL;
+ if (param1)
+ virCommandAddArg(cmd, param1);
Hmm, I would expect --print-capabilites to be top-level argument, not
a sub-command argument.
+ virCommandAddArg(cmd, "--print-capabilities");
+ virCommandClearCaps(cmd);
+
+ bitmap = virTPMExecGetCaps(cmd, typeFromStringFn);
+
+ virCommandFree(cmd);
+
+ return bitmap;
+}
+
/*
* virTPMEmulatorInit
*
@@ -122,16 +231,24 @@ virTPMEmulatorInit(void)
const char *name;
char **path;
struct stat *stat;
+ const char *parm;
+ virBitmapPtr *caps;
+ TypeFromStringFn typeFromStringFn;
} prgs[] = {
{
.name = "swtpm",
.path = &swtpm_path,
.stat = &swtpm_stat,
+ .parm = "socket",
+ .caps = &swtpm_caps,
+ .typeFromStringFn = virTPMSwtpmFeatureTypeFromString,
},
{
.name = "swtpm_setup",
.path = &swtpm_setup,
.stat = &swtpm_setup_stat,
+ .caps = &swtpm_setup_caps,
+ .typeFromStringFn = virTPMSwtpmSetupFeatureTypeFromString,
},
{
.name = "swtpm_ioctl",
@@ -186,6 +303,10 @@ virTPMEmulatorInit(void)
tmp = *prgs[i].path;
*prgs[i].path = path;
VIR_FREE(tmp);
+
+ if (prgs[i].caps)
+ *prgs[i].caps = virTPMGetCaps(prgs[i].typeFromStringFn,
+ path, prgs[i].parm);
}
}
--
2.20.1
other than that, looks good
6:48 a.m.
New subject: [libvirt] [PATCH 13/18] tpm: Parse the capabilities supported by swtpm and swtpm_setup
On 7/9/19 4:24 PM, Marc-André Lureau wrote:
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger
<stefanb(a)linux.vnet.ibm.com> wrote:
> Run 'swtpm socket --print-capabilities' and
> 'swtpm_setup --print-capabilities' to get the JSON object of the
> features the programs are supporting and parse them into a bitmap.
>
> Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
> ---
> src/conf/Makefile.inc.am | 6 ++
> src/conf/virtpm_conf.c | 36 ++++++++++++
> src/conf/virtpm_conf.h | 36 ++++++++++++
> src/libvirt_private.syms | 5 ++
> src/tpm/Makefile.inc.am | 5 +-
> src/tpm/virtpm.c | 123 ++++++++++++++++++++++++++++++++++++++-
> 6 files changed, 209 insertions(+), 2 deletions(-)
> create mode 100644 src/conf/virtpm_conf.c
> create mode 100644 src/conf/virtpm_conf.h
>
> diff --git a/src/conf/Makefile.inc.am b/src/conf/Makefile.inc.am
> index 08c7c9da7f..e42425fcc5 100644
> --- a/src/conf/Makefile.inc.am
> +++ b/src/conf/Makefile.inc.am
> @@ -153,6 +153,11 @@ DEVICE_CONF_SOURCES = \
> conf/device_conf.h \
> $(NULL)
>
> +TPM_CONF_SOURCES = \
> + conf/virtpm_conf.c \
> + conf/virtpm_conf.h \
> + $(NULL)
> +
> CONF_SOURCES = \
> $(NETDEV_CONF_SOURCES) \
> $(DOMAIN_CONF_SOURCES) \
> @@ -171,6 +176,7 @@ CONF_SOURCES = \
> $(CPU_CONF_SOURCES) \
> $(CHRDEV_CONF_SOURCES) \
> $(DEVICE_CONF_SOURCES) \
> + $(TPM_CONF_SOURCES) \
> $(NULL)
>
> noinst_LTLIBRARIES += libvirt_conf.la
> diff --git a/src/conf/virtpm_conf.c b/src/conf/virtpm_conf.c
> new file mode 100644
> index 0000000000..12e69e67b3
> --- /dev/null
> +++ b/src/conf/virtpm_conf.c
> @@ -0,0 +1,36 @@
> +/*
> + * virtpm_conf.c: vTPM XML processing
> + *
> + * Copyright (C) 2019 IBM Corporation
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library. If not, see
> + * <http://www.gnu.org/licenses/>;.
> + */
> +
> +#include <config.h>
> +
> +#include "virenum.h"
> +#include "virtpm_conf.h"
> +
> +#define VIR_FROM_THIS VIR_FROM_NONE
> +
> +VIR_ENUM_IMPL(virTPMSwtpmFeature,
> + VIR_TPM_SWTPM_FEATURE_LAST,
> + "cmdarg-pwd-fd",
> +);
> +
> +VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
> + VIR_TPM_SWTPM_SETUP_FEATURE_LAST,
> + "cmdarg-pwdfile-fd",
> +);
> diff --git a/src/conf/virtpm_conf.h b/src/conf/virtpm_conf.h
> new file mode 100644
> index 0000000000..73c6c67271
> --- /dev/null
> +++ b/src/conf/virtpm_conf.h
> @@ -0,0 +1,36 @@
> +/*
> + * virtpm_conf.h: vTPM XML processing
> + *
> + * Copyright (C) 2019 IBM Corporation
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.1 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library. If not, see
> + * <http://www.gnu.org/licenses/>;.
> + */
> +
> +#pragma once
> +
> +typedef enum {
> + VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD,
> +
> + VIR_TPM_SWTPM_FEATURE_LAST
> +} virTPMSwtpmFeature;
> +
> +typedef enum {
> + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD,
> +
> + VIR_TPM_SWTPM_SETUP_FEATURE_LAST
> +} virTPMSwtpmSetupFeature;
> +
> +VIR_ENUM_DECL(virTPMSwtpmFeature);
> +VIR_ENUM_DECL(virTPMSwtpmSetupFeature);
> diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
> index e33d7d9f14..d2045895a1 100644
> --- a/src/libvirt_private.syms
> +++ b/src/libvirt_private.syms
> @@ -1236,6 +1236,11 @@ virStoragePoolObjVolumeGetNames;
> virStoragePoolObjVolumeListExport;
>
>
> +# conf/virtpm_conf.h
> +virTPMSwtpmFeatureTypeFromString;
> +virTPMSwtpmSetupFeatureTypeFromString;
> +
> +
> # cpu/cpu.h
> cpuDecode;
> cpuEncode;
> diff --git a/src/tpm/Makefile.inc.am b/src/tpm/Makefile.inc.am
> index 1f5131bf34..d8a15c406c 100644
> --- a/src/tpm/Makefile.inc.am
> +++ b/src/tpm/Makefile.inc.am
> @@ -12,6 +12,9 @@ EXTRA_DIST += \
>
> noinst_LTLIBRARIES += libvirt_tpm.la
> libvirt_la_BUILT_LIBADD += libvirt_tpm.la
> -libvirt_tpm_la_CFLAGS = $(AM_CFLAGS)
> +libvirt_tpm_la_CFLAGS = \
> + -I$(srcdir)/conf \
> + $(AM_CFLAGS) \
> + $(NULL)
> libvirt_tpm_la_LDFLAGS = $(AM_LDFLAGS)
> libvirt_tpm_la_SOURCES = $(TPM_UTIL_SOURCES)
> diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c
> index e4735f9c4d..42dd2b1bb2 100644
> --- a/src/tpm/virtpm.c
> +++ b/src/tpm/virtpm.c
> @@ -27,6 +27,10 @@
> #include "viralloc.h"
> #include "virfile.h"
> #include "virtpm.h"
> +#include "vircommand.h"
> +#include "virbitmap.h"
> +#include "virjson.h"
> +#include "virtpm_conf.h"
>
> #define VIR_FROM_THIS VIR_FROM_NONE
>
> @@ -74,17 +78,22 @@ virTPMCreateCancelPath(const char *devpath)
> }
>
> /*
> - * executables for the swtpm; to be found on the host
> + * executables for the swtpm; to be found on the host along with
> + * capabilties bitmap
> */
> static char *swtpm_path;
> static struct stat swtpm_stat;
> +static virBitmapPtr swtpm_caps;
>
> static char *swtpm_setup;
> static struct stat swtpm_setup_stat;
> +static virBitmapPtr swtpm_setup_caps;
>
> static char *swtpm_ioctl;
> static struct stat swtpm_ioctl_stat;
>
> +typedef int (*TypeFromStringFn)(const char *);
> +
> const char *
> virTPMGetSwtpm(void)
> {
> @@ -109,6 +118,106 @@ virTPMGetSwtpmIoctl(void)
> return swtpm_ioctl;
> }
>
> +/* virTPMExecGetCaps
> + *
> + * Execute the prepared command and parse the returned JSON object
> + * to get the capabilities supported by the executable.
> + * A JSON object like this is expected:
> + *
> + * {
> + * "type": "swtpm",
> + * "features": [
> + * "cmdarg-seccomp",
> + * "cmdarg-key-fd",
> + * "cmdarg-pwd-fd"
> + * ]
> + * }
> + */
> +static virBitmapPtr
> +virTPMExecGetCaps(virCommandPtr cmd,
> + TypeFromStringFn typeFromStringFn)
> +{
> + int exitstatus;
> + virBitmapPtr bitmap;
> + char *outbuf = NULL;
> + virJSONValuePtr json = NULL;
> + virJSONValuePtr featureList;
> + virJSONValuePtr item;
> + size_t idx;
> + const char *str;
> + int typ;
> +
> + if (!(bitmap = virBitmapNewEmpty()))
> + return NULL;
> +
> + virCommandSetOutputBuffer(cmd, &outbuf);
> + /* We allow the command to fail since older versions of it may
> + * not support --print-capabilities
> + */
> + if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus != 0)
> + goto cleanup;
We should probably fail if the command failed to run, and skip if
exitstatus != 0.
> +
> + json = virJSONValueFromString(outbuf);
> + if (!json)
> + goto error_bad_json;
> +
> + featureList = virJSONValueObjectGetArray(json, "features");
> + if (!featureList)
> + goto error_bad_json;
> +
> + if (!virJSONValueIsArray(featureList))
> + goto error_bad_json;
> +
> + for (idx = 0; idx < virJSONValueArraySize(featureList); idx++) {
> + item = virJSONValueArrayGet(featureList, idx);
> + if (!item)
> + continue;
> +
> + str = virJSONValueGetString(item);
> + if (!str)
> + goto error_bad_json;
> + typ = typeFromStringFn(str);
> + if (typ < 0)
> + continue;
> +
> + if (virBitmapSetBitExpand(bitmap, typ) < 0)
> + goto cleanup;
> + }
> +
> + cleanup:
> + VIR_FREE(outbuf);
> + virJSONValueFree(json);
Please use VIR_AUTOFREE and VIR_AUTOPTR
The new stuff. Forgot about it... Will fix.
> +
> + return bitmap;
> +
> + error_bad_json:
> + virReportError(VIR_ERR_INTERNAL_ERROR,
> + _("Unexpected JSON format: %s"), outbuf);
> + goto cleanup;
> +}
> +
> +static virBitmapPtr
> +virTPMGetCaps(TypeFromStringFn typeFromStringFn,
> + const char *exec, const char *param1)
> +{
> + virCommandPtr cmd;
> + virBitmapPtr bitmap;
> +
> + cmd = virCommandNew(exec);
> + if (!cmd)
> + return NULL;
> + if (param1)
> + virCommandAddArg(cmd, param1);
Hmm, I would expect --print-capabilites to be top-level argument, not
a sub-command argument.
'swtpm' has 'swtpm socket' and 'swtpm cuse' and advertises
different
capabilities for 'swtpm socket --print-capabilities' than for 'swtpm
cuse --print-capabilities'. It doesn't support 'swtpm
--print-capabilities'.
Thanks,
Stefan
12:23 p.m.
New subject: [libvirt] [PATCH 14/18] tpm: Use fd to pass password to swtpm_setup and swtpm
Allow vTPM state encryption when swtpm_setup and swtpm support
passing a passphrase using a file descriptor.
This patch enables the encryption of the vTPM state only. It does
not encrypt the state during migration, so the destination secret
does not need to have the same password at this point.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/libvirt_private.syms | 2 +
src/qemu/qemu_tpm.c | 101 ++++++++++++++++++++++++++++++++++++++-
src/tpm/virtpm.c | 16 +++++++
src/tpm/virtpm.h | 3 ++
4 files changed, 120 insertions(+), 2 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index d2045895a1..d693f7facb 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1456,6 +1456,8 @@ virTPMEmulatorInit;
virTPMGetSwtpm;
virTPMGetSwtpmIoctl;
virTPMGetSwtpmSetup;
+virTPMSwtpmCapsGet;
+virTPMSwtpmSetupCapsGet;
# util/viralloc.h
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 2afa8db448..6e7d38b7e0 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -43,6 +43,8 @@
#include "dirname.h"
#include "qemu_tpm.h"
#include "virtpm.h"
+#include "secret_util.h"
+#include "virtpm_conf.h"
#define VIR_FROM_THIS VIR_FROM_NONE
@@ -372,6 +374,60 @@ qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
return ret;
}
+/*
+ * qemuTPMSetupEncryption
+ *
+ * @encryption: pointer to virStorageEncryption holding secret
+ *
+ * Returns file descriptor representing the read-end of a pipe.
+ * The passphrase can be read from this pipe. Returns < 0 in case
+ * of error.
+ *
+ * This function reads the passphrase and writes it into the
+ * write-end of a pipe so that the read-end of the pipe can be
+ * passed to the emulator for reading the passphrase from.
+ */
+static int
+qemuTPMSetupEncryption(virStorageEncryptionPtr encryption)
+{
+ int ret = -1;
+ int pipefd[2] = { -1, -1 };
+ virConnectPtr conn;
+ uint8_t *secret = NULL;
+ size_t secret_len;
+
+ conn = virGetConnectSecret();
+ if (!conn)
+ return -1;
+
+ if (virSecretGetSecretString(conn, &encryption->secrets[0]->seclookupdef,
+ VIR_SECRET_USAGE_TYPE_VTPM,
+ &secret, &secret_len) < 0)
+ goto error;
+
+ if (pipe(pipefd) == -1) {
+ virReportSystemError(errno, "%s",
+ _("Unable to create pipe"));
+ goto error;
+ }
+
+ if (safewrite(pipefd[1], secret, secret_len) != secret_len)
+ goto error;
+
+ ret = pipefd[0];
+
+ cleanup:
+ VIR_FREE(secret);
+ VIR_FORCE_CLOSE(pipefd[1]);
+ virObjectUnref(conn);
+
+ return ret;
+
+ error:
+ VIR_FORCE_CLOSE(pipefd[0]);
+
+ goto cleanup;
+}
/*
* qemuTPMEmulatorRunSetup
@@ -386,6 +442,7 @@ qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
* @logfile: The file to write the log into; it must be writable
* for the user given by userid or 'tss'
* @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2
+ * @encryption: pointer to virStorageEncryption holding secret
*
* Setup the external swtpm by creating endorsement key and
* certificates for it.
@@ -398,13 +455,15 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
uid_t swtpm_user,
gid_t swtpm_group,
const char *logfile,
- const virDomainTPMVersion tpmversion)
+ const virDomainTPMVersion tpmversion,
+ virStorageEncryptionPtr encryption)
{
virCommandPtr cmd = NULL;
int exitstatus;
int ret = -1;
char uuid[VIR_UUID_STRING_BUFLEN];
char *vmid = NULL;
+ int pwdfile_fd = -1;
if (!privileged && tpmversion == VIR_DOMAIN_TPM_VERSION_1_2)
return virFileWriteStr(logfile,
@@ -434,6 +493,22 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
break;
}
+ if (encryption) {
+ if (!virTPMSwtpmSetupCapsGet(
+ VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD)) {
+ virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
+ _("%s does not support passing a passphrase using a file "
+ "descriptor"), virTPMGetSwtpmSetup());
+ goto cleanup;
+ }
+ if ((pwdfile_fd = qemuTPMSetupEncryption(encryption)) < 0)
+ goto cleanup;
+
+ virCommandAddArg(cmd, "--pwdfile-fd");
+ virCommandAddArgFormat(cmd, "%d", pwdfile_fd);
+ virCommandAddArgList(cmd, "--cipher", "aes-256-cbc", NULL);
+ virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
+ }
virCommandAddArgList(cmd,
"--tpm-state", storagepath,
@@ -461,6 +536,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
cleanup:
VIR_FREE(vmid);
virCommandFree(cmd);
+ VIR_FORCE_CLOSE(pwdfile_fd);
return ret;
}
@@ -496,6 +572,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
virCommandPtr cmd = NULL;
bool created = false;
char *pidfile;
+ int pwdfile_fd = -1;
if (qemuTPMCreateEmulatorStorage(tpm->data.emulator.storagepath,
&created, swtpm_user, swtpm_group) < 0)
@@ -504,7 +581,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
if (created &&
qemuTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vmuuid,
privileged, swtpm_user, swtpm_group,
- tpm->data.emulator.logfile, tpm->version) < 0)
+ tpm->data.emulator.logfile, tpm->version,
+ tpm->data.emulator.encryption) < 0)
goto error;
unlink(tpm->data.emulator.source.data.nix.path);
@@ -547,11 +625,30 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
virCommandAddArgFormat(cmd, "file=%s", pidfile);
VIR_FREE(pidfile);
+ if (tpm->data.emulator.encryption) {
+ if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) {
+ virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
+ _("%s does not support passing passphrase via file
descriptor"),
+ virTPMGetSwtpm());
+ goto error;
+ }
+
+ pwdfile_fd = qemuTPMSetupEncryption(tpm->data.emulator.encryption);
+ if (pwdfile_fd < 0)
+ goto error;
+
+ virCommandAddArg(cmd, "--key");
+ virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc,kdf=pbkdf2",
+ pwdfile_fd);
+ virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
+ }
+
return cmd;
error:
if (created)
qemuTPMDeleteEmulatorStorage(tpm);
+ VIR_FORCE_CLOSE(pwdfile_fd);
virCommandFree(cmd);
diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c
index 42dd2b1bb2..7e95dbad6f 100644
--- a/src/tpm/virtpm.c
+++ b/src/tpm/virtpm.c
@@ -312,3 +312,19 @@ virTPMEmulatorInit(void)
return 0;
}
+
+bool
+virTPMSwtpmCapsGet(unsigned int cap)
+{
+ if (virTPMEmulatorInit() < 0)
+ return false;
+ return virBitmapIsBitSet(swtpm_caps, cap);
+}
+
+bool
+virTPMSwtpmSetupCapsGet(unsigned int cap)
+{
+ if (virTPMEmulatorInit() < 0)
+ return false;
+ return virBitmapIsBitSet(swtpm_setup_caps, cap);
+}
diff --git a/src/tpm/virtpm.h b/src/tpm/virtpm.h
index 66d55fb231..a8bb6e1ba0 100644
--- a/src/tpm/virtpm.h
+++ b/src/tpm/virtpm.h
@@ -26,3 +26,6 @@ const char *virTPMGetSwtpm(void);
const char *virTPMGetSwtpmSetup(void);
const char *virTPMGetSwtpmIoctl(void);
int virTPMEmulatorInit(void);
+
+bool virTPMSwtpmCapsGet(unsigned int cap);
+bool virTPMSwtpmSetupCapsGet(unsigned int cap);
--
2.20.1
3:25 p.m.
New subject: [libvirt] [PATCH 14/18] tpm: Use fd to pass password to swtpm_setup and swtpm
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Allow vTPM state encryption when swtpm_setup and swtpm support
passing a passphrase using a file descriptor.
This patch enables the encryption of the vTPM state only. It does
not encrypt the state during migration, so the destination secret
does not need to have the same password at this point.
You could add that it is addressed in the following patch
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/libvirt_private.syms | 2 +
src/qemu/qemu_tpm.c | 101 ++++++++++++++++++++++++++++++++++++++-
src/tpm/virtpm.c | 16 +++++++
src/tpm/virtpm.h | 3 ++
4 files changed, 120 insertions(+), 2 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index d2045895a1..d693f7facb 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1456,6 +1456,8 @@ virTPMEmulatorInit;
virTPMGetSwtpm;
virTPMGetSwtpmIoctl;
virTPMGetSwtpmSetup;
+virTPMSwtpmCapsGet;
+virTPMSwtpmSetupCapsGet;
# util/viralloc.h
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 2afa8db448..6e7d38b7e0 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -43,6 +43,8 @@
#include "dirname.h"
#include "qemu_tpm.h"
#include "virtpm.h"
+#include "secret_util.h"
+#include "virtpm_conf.h"
#define VIR_FROM_THIS VIR_FROM_NONE
@@ -372,6 +374,60 @@ qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
return ret;
}
+/*
+ * qemuTPMSetupEncryption
+ *
+ * @encryption: pointer to virStorageEncryption holding secret
+ *
+ * Returns file descriptor representing the read-end of a pipe.
+ * The passphrase can be read from this pipe. Returns < 0 in case
+ * of error.
+ *
+ * This function reads the passphrase and writes it into the
+ * write-end of a pipe so that the read-end of the pipe can be
+ * passed to the emulator for reading the passphrase from.
+ */
+static int
+qemuTPMSetupEncryption(virStorageEncryptionPtr encryption)
+{
+ int ret = -1;
+ int pipefd[2] = { -1, -1 };
+ virConnectPtr conn;
+ uint8_t *secret = NULL;
+ size_t secret_len;
+
+ conn = virGetConnectSecret();
+ if (!conn)
+ return -1;
+
+ if (virSecretGetSecretString(conn, &encryption->secrets[0]->seclookupdef,
+ VIR_SECRET_USAGE_TYPE_VTPM,
+ &secret, &secret_len) < 0)
+ goto error;
+
+ if (pipe(pipefd) == -1) {
+ virReportSystemError(errno, "%s",
+ _("Unable to create pipe"));
+ goto error;
+ }
+
+ if (safewrite(pipefd[1], secret, secret_len) != secret_len)
+ goto error;
Hmm, I am not sure you can reliably buffer data on a pipe end and
close it before the other end read. Got any documentation pointer
about that?
+
+ ret = pipefd[0];
+
+ cleanup:
+ VIR_FREE(secret);
+ VIR_FORCE_CLOSE(pipefd[1]);
+ virObjectUnref(conn);
+
+ return ret;
+
+ error:
+ VIR_FORCE_CLOSE(pipefd[0]);
+
+ goto cleanup;
+}
/*
* qemuTPMEmulatorRunSetup
@@ -386,6 +442,7 @@ qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
* @logfile: The file to write the log into; it must be writable
* for the user given by userid or 'tss'
* @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2
+ * @encryption: pointer to virStorageEncryption holding secret
*
* Setup the external swtpm by creating endorsement key and
* certificates for it.
@@ -398,13 +455,15 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
uid_t swtpm_user,
gid_t swtpm_group,
const char *logfile,
- const virDomainTPMVersion tpmversion)
+ const virDomainTPMVersion tpmversion,
+ virStorageEncryptionPtr encryption)
{
virCommandPtr cmd = NULL;
int exitstatus;
int ret = -1;
char uuid[VIR_UUID_STRING_BUFLEN];
char *vmid = NULL;
+ int pwdfile_fd = -1;
if (!privileged && tpmversion == VIR_DOMAIN_TPM_VERSION_1_2)
return virFileWriteStr(logfile,
@@ -434,6 +493,22 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
break;
}
+ if (encryption) {
+ if (!virTPMSwtpmSetupCapsGet(
+ VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD)) {
+ virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
+ _("%s does not support passing a passphrase using a file "
+ "descriptor"), virTPMGetSwtpmSetup());
+ goto cleanup;
+ }
+ if ((pwdfile_fd = qemuTPMSetupEncryption(encryption)) < 0)
+ goto cleanup;
+
+ virCommandAddArg(cmd, "--pwdfile-fd");
+ virCommandAddArgFormat(cmd, "%d", pwdfile_fd);
+ virCommandAddArgList(cmd, "--cipher", "aes-256-cbc", NULL);
+ virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
+ }
virCommandAddArgList(cmd,
"--tpm-state", storagepath,
@@ -461,6 +536,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
cleanup:
VIR_FREE(vmid);
virCommandFree(cmd);
+ VIR_FORCE_CLOSE(pwdfile_fd);
virCommandPassFD() doc says:
"The parent should cease using the @fd when this call completes"
return ret;
}
@@ -496,6 +572,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
virCommandPtr cmd = NULL;
bool created = false;
char *pidfile;
+ int pwdfile_fd = -1;
if (qemuTPMCreateEmulatorStorage(tpm->data.emulator.storagepath,
&created, swtpm_user, swtpm_group) < 0)
@@ -504,7 +581,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
if (created &&
qemuTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vmuuid,
privileged, swtpm_user, swtpm_group,
- tpm->data.emulator.logfile, tpm->version) < 0)
+ tpm->data.emulator.logfile, tpm->version,
+ tpm->data.emulator.encryption) < 0)
goto error;
unlink(tpm->data.emulator.source.data.nix.path);
@@ -547,11 +625,30 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
virCommandAddArgFormat(cmd, "file=%s", pidfile);
VIR_FREE(pidfile);
+ if (tpm->data.emulator.encryption) {
+ if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) {
+ virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
+ _("%s does not support passing passphrase via file
descriptor"),
+ virTPMGetSwtpm());
+ goto error;
+ }
+
+ pwdfile_fd = qemuTPMSetupEncryption(tpm->data.emulator.encryption);
+ if (pwdfile_fd < 0)
+ goto error;
+
+ virCommandAddArg(cmd, "--key");
+ virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc,kdf=pbkdf2",
+ pwdfile_fd);
+ virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
+ }
+
return cmd;
error:
if (created)
qemuTPMDeleteEmulatorStorage(tpm);
+ VIR_FORCE_CLOSE(pwdfile_fd);
same, and similarly in next patch
virCommandFree(cmd);
diff --git a/src/tpm/virtpm.c b/src/tpm/virtpm.c
index 42dd2b1bb2..7e95dbad6f 100644
--- a/src/tpm/virtpm.c
+++ b/src/tpm/virtpm.c
@@ -312,3 +312,19 @@ virTPMEmulatorInit(void)
return 0;
}
+
+bool
+virTPMSwtpmCapsGet(unsigned int cap)
+{
+ if (virTPMEmulatorInit() < 0)
+ return false;
+ return virBitmapIsBitSet(swtpm_caps, cap);
+}
+
+bool
+virTPMSwtpmSetupCapsGet(unsigned int cap)
+{
+ if (virTPMEmulatorInit() < 0)
+ return false;
+ return virBitmapIsBitSet(swtpm_setup_caps, cap);
+}
diff --git a/src/tpm/virtpm.h b/src/tpm/virtpm.h
index 66d55fb231..a8bb6e1ba0 100644
--- a/src/tpm/virtpm.h
+++ b/src/tpm/virtpm.h
@@ -26,3 +26,6 @@ const char *virTPMGetSwtpm(void);
const char *virTPMGetSwtpmSetup(void);
const char *virTPMGetSwtpmIoctl(void);
int virTPMEmulatorInit(void);
+
+bool virTPMSwtpmCapsGet(unsigned int cap);
+bool virTPMSwtpmSetupCapsGet(unsigned int cap);
--
2.20.1
6:44 a.m.
New subject: [libvirt] [PATCH 14/18] tpm: Use fd to pass password to swtpm_setup and swtpm
On 7/9/19 4:25 PM, Marc-André Lureau wrote:
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger
<stefanb(a)linux.vnet.ibm.com> wrote:
> Allow vTPM state encryption when swtpm_setup and swtpm support
> passing a passphrase using a file descriptor.
>
> This patch enables the encryption of the vTPM state only. It does
> not encrypt the state during migration, so the destination secret
> does not need to have the same password at this point.
You could add that it is addressed in the following patch
> Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
> ---
> src/libvirt_private.syms | 2 +
> src/qemu/qemu_tpm.c | 101 ++++++++++++++++++++++++++++++++++++++-
> src/tpm/virtpm.c | 16 +++++++
> src/tpm/virtpm.h | 3 ++
> 4 files changed, 120 insertions(+), 2 deletions(-)
>
> diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
> index d2045895a1..d693f7facb 100644
> --- a/src/libvirt_private.syms
> +++ b/src/libvirt_private.syms
> @@ -1456,6 +1456,8 @@ virTPMEmulatorInit;
> virTPMGetSwtpm;
> virTPMGetSwtpmIoctl;
> virTPMGetSwtpmSetup;
> +virTPMSwtpmCapsGet;
> +virTPMSwtpmSetupCapsGet;
>
>
> # util/viralloc.h
> diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
> index 2afa8db448..6e7d38b7e0 100644
> --- a/src/qemu/qemu_tpm.c
> +++ b/src/qemu/qemu_tpm.c
> @@ -43,6 +43,8 @@
> #include "dirname.h"
> #include "qemu_tpm.h"
> #include "virtpm.h"
> +#include "secret_util.h"
> +#include "virtpm_conf.h"
>
> #define VIR_FROM_THIS VIR_FROM_NONE
>
> @@ -372,6 +374,60 @@ qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
> return ret;
> }
>
> +/*
> + * qemuTPMSetupEncryption
> + *
> + * @encryption: pointer to virStorageEncryption holding secret
> + *
> + * Returns file descriptor representing the read-end of a pipe.
> + * The passphrase can be read from this pipe. Returns < 0 in case
> + * of error.
> + *
> + * This function reads the passphrase and writes it into the
> + * write-end of a pipe so that the read-end of the pipe can be
> + * passed to the emulator for reading the passphrase from.
> + */
> +static int
> +qemuTPMSetupEncryption(virStorageEncryptionPtr encryption)
> +{
> + int ret = -1;
> + int pipefd[2] = { -1, -1 };
> + virConnectPtr conn;
> + uint8_t *secret = NULL;
> + size_t secret_len;
> +
> + conn = virGetConnectSecret();
> + if (!conn)
> + return -1;
> +
> + if (virSecretGetSecretString(conn,
&encryption->secrets[0]->seclookupdef,
> + VIR_SECRET_USAGE_TYPE_VTPM,
> + &secret, &secret_len) < 0)
> + goto error;
> +
> + if (pipe(pipefd) == -1) {
> + virReportSystemError(errno, "%s",
> + _("Unable to create pipe"));
> + goto error;
> + }
> +
> + if (safewrite(pipefd[1], secret, secret_len) != secret_len)
> + goto error;
Hmm, I am not sure you can reliably buffer data on a pipe end and
close it before the other end read. Got any documentation pointer
about that?
I wasn't sure about this, either, but the man page says:
"[...] Data written to the write end of the pipe is
buffered by the kernel until it is read from the read end of the
pipe. For further details, see pipe(7)"
http://man7.org/linux/man-pages/man2/pipe.2.html
From 'man 7 pipe': http://man7.org/linux/man-pages/man7/pipe.7.html
In Linux versions before 2.6.11, the capacity of a pipe was the same
as the system page size (e.g., 4096 bytes on i386). Since Linux
2.6.11, the pipe capacity is 16 pages (i.e., 65,536 bytes in a
system
with a page size of 4096 bytes). Since Linux 2.6.35, the default
pipe capacity is 16 pages, but the capacity can be queried and set
using the fcntl(2) F_GETPIPE_SZ and F_SETPIPE_SZ operations. See
fcntl(2) for more information.
I would say on Linux the size of the pipe is large enough for the
purpose of passing a secret, or do we need to assume 65kb sized secrets?
Code that may write to the pipe in virCommand after the fork() may never
get exercised unless we were to change the capacity or initiate the
writing to the pipe only after the fork() happened.
Which other systems is libvirt running on ?
https://unix.stackexchange.com/questions/11946/how-big-is-the-pipe-buffer
"Mac OS X, for example, uses a capacity of 16384 bytes by default, but
can switch to 65336 byte capacities if large write are made to the pipe,
or will switch to a capacity of a single system page if too much kernel
memory is already being used by pipe buffers (see xnu/bsd/sys/pipe.h,
and xnu/bsd/kern/sys_pipe.c; since these are from FreeBSD, the same
behavior may happen there, too)."
> +
> + ret = pipefd[0];
> +
> + cleanup:
> + VIR_FREE(secret);
> + VIR_FORCE_CLOSE(pipefd[1]);
> + virObjectUnref(conn);
> +
> + return ret;
> +
> + error:
> + VIR_FORCE_CLOSE(pipefd[0]);
> +
> + goto cleanup;
> +}
>
> /*
> * qemuTPMEmulatorRunSetup
> @@ -386,6 +442,7 @@ qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
> * @logfile: The file to write the log into; it must be writable
> * for the user given by userid or 'tss'
> * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2
> + * @encryption: pointer to virStorageEncryption holding secret
> *
> * Setup the external swtpm by creating endorsement key and
> * certificates for it.
> @@ -398,13 +455,15 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
> uid_t swtpm_user,
> gid_t swtpm_group,
> const char *logfile,
> - const virDomainTPMVersion tpmversion)
> + const virDomainTPMVersion tpmversion,
> + virStorageEncryptionPtr encryption)
> {
> virCommandPtr cmd = NULL;
> int exitstatus;
> int ret = -1;
> char uuid[VIR_UUID_STRING_BUFLEN];
> char *vmid = NULL;
> + int pwdfile_fd = -1;
>
> if (!privileged && tpmversion == VIR_DOMAIN_TPM_VERSION_1_2)
> return virFileWriteStr(logfile,
> @@ -434,6 +493,22 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
> break;
> }
>
> + if (encryption) {
> + if (!virTPMSwtpmSetupCapsGet(
> + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD)) {
> + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
> + _("%s does not support passing a passphrase using a file
"
> + "descriptor"), virTPMGetSwtpmSetup());
> + goto cleanup;
> + }
> + if ((pwdfile_fd = qemuTPMSetupEncryption(encryption)) < 0)
> + goto cleanup;
> +
> + virCommandAddArg(cmd, "--pwdfile-fd");
> + virCommandAddArgFormat(cmd, "%d", pwdfile_fd);
> + virCommandAddArgList(cmd, "--cipher", "aes-256-cbc",
NULL);
> + virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
> + }
>
> virCommandAddArgList(cmd,
> "--tpm-state", storagepath,
> @@ -461,6 +536,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
> cleanup:
> VIR_FREE(vmid);
> virCommandFree(cmd);
> + VIR_FORCE_CLOSE(pwdfile_fd);
virCommandPassFD() doc says:
"The parent should cease using the @fd when this call completes"
Right,
need to remove this.
> return ret;
> }
> @@ -496,6 +572,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
> virCommandPtr cmd = NULL;
> bool created = false;
> char *pidfile;
> + int pwdfile_fd = -1;
>
> if (qemuTPMCreateEmulatorStorage(tpm->data.emulator.storagepath,
> &created, swtpm_user, swtpm_group) <
0)
> @@ -504,7 +581,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
> if (created &&
> qemuTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vmuuid,
> privileged, swtpm_user, swtpm_group,
> - tpm->data.emulator.logfile, tpm->version) <
0)
> + tpm->data.emulator.logfile, tpm->version,
> + tpm->data.emulator.encryption) < 0)
> goto error;
>
> unlink(tpm->data.emulator.source.data.nix.path);
> @@ -547,11 +625,30 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
> virCommandAddArgFormat(cmd, "file=%s", pidfile);
> VIR_FREE(pidfile);
>
> + if (tpm->data.emulator.encryption) {
> + if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) {
> + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
> + _("%s does not support passing passphrase via file
descriptor"),
> + virTPMGetSwtpm());
> + goto error;
> + }
> +
> + pwdfile_fd = qemuTPMSetupEncryption(tpm->data.emulator.encryption);
> + if (pwdfile_fd < 0)
> + goto error;
> +
> + virCommandAddArg(cmd, "--key");
> + virCommandAddArgFormat(cmd,
"pwdfd=%d,mode=aes-256-cbc,kdf=pbkdf2",
> + pwdfile_fd);
> + virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
> + }
> +
> return cmd;
>
> error:
> if (created)
> qemuTPMDeleteEmulatorStorage(tpm);
> + VIR_FORCE_CLOSE(pwdfile_fd);
same, and similarly in next patch
Will remove.
Thanks,
Stefan
12:23 p.m.
New subject: [libvirt] [PATCH 15/18] tpm: Pass migration key passphrase via fd to swtpm
This patch now passes the passphrase as a migration key to swtpm.
This now encrypts the state of the TPM while a VM is migrated between
hosts or when suspended into a file. Since the migration key secret
is the same as the state encryption secret, this now requires that
the migration destination host has the same secret value.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/qemu/qemu_tpm.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 6e7d38b7e0..8890647722 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -573,6 +573,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
bool created = false;
char *pidfile;
int pwdfile_fd = -1;
+ int migpwdfile_fd = -1;
if (qemuTPMCreateEmulatorStorage(tpm->data.emulator.storagepath,
&created, swtpm_user, swtpm_group) < 0)
@@ -634,13 +635,19 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
}
pwdfile_fd = qemuTPMSetupEncryption(tpm->data.emulator.encryption);
- if (pwdfile_fd < 0)
+ migpwdfile_fd = qemuTPMSetupEncryption(tpm->data.emulator.encryption);
+ if (pwdfile_fd < 0 || migpwdfile_fd < 0)
goto error;
virCommandAddArg(cmd, "--key");
virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc,kdf=pbkdf2",
pwdfile_fd);
virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
+
+ virCommandAddArg(cmd, "--migration-key");
+ virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc,kdf=pbkdf2",
+ migpwdfile_fd);
+ virCommandPassFD(cmd, migpwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
}
return cmd;
@@ -649,6 +656,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
if (created)
qemuTPMDeleteEmulatorStorage(tpm);
VIR_FORCE_CLOSE(pwdfile_fd);
+ VIR_FORCE_CLOSE(migpwdfile_fd);
virCommandFree(cmd);
--
2.20.1
12:23 p.m.
New subject: [libvirt] [PATCH 16/18] tpm: Check TPM XML device configuration changes after edit
Since swtpm does not support getting started once it was created
with encrypted enabled, we don't allow encryption to be removed.
Similarly, we do not allow encrypted to be added once swtpm has
run.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/conf/domain_conf.c | 56 +++++++++++++++++++++++++++++++++++++++
src/conf/domain_conf.h | 4 +++
src/libvirt_private.syms | 1 +
src/qemu/qemu_driver.c | 28 ++++++++++++++++++++
src/qemu/qemu_extdevice.c | 2 +-
src/qemu/qemu_extdevice.h | 3 +++
6 files changed, 93 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index df6238c299..68ffdcd4df 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -31435,3 +31435,59 @@ virDomainGraphicsNeedsAutoRenderNode(const virDomainGraphicsDef
*graphics)
return true;
}
+
+
+static int
+virDomainCheckTPMChanges(virDomainDefPtr def,
+ virDomainDefPtr newDef)
+{
+ bool oldEnc, newEnc;
+
+ if (!def->tpm)
+ return 0;
+
+ switch (def->tpm->type) {
+ case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+ if (virFileExists(def->tpm->data.emulator.storagepath)) {
+ /* VM has been started */
+ /* Once a VM was started with an encrypted state we allow
+ * less configuration changes.
+ */
+ oldEnc = def->tpm->data.emulator.encryption;
+ if (oldEnc && def->tpm->type != newDef->tpm->type) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Changing the type of TPM is not allowed"));
+ return -1;
+ }
+ if (oldEnc && !newDef->tpm) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Removing an encrypted TPM is not allowed"));
+ return -1;
+ }
+ newEnc = newDef->tpm->data.emulator.encryption;
+ if (oldEnc != newEnc) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("TPM state encryption cannot be changed "
+ "once VM was started"));
+ return -1;
+ }
+ }
+ break;
+ case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+ case VIR_DOMAIN_TPM_TYPE_LAST:
+ break;
+ }
+
+ return 0;
+}
+
+
+int
+virDomainCheckDeviceChanges(virDomainDefPtr def,
+ virDomainDefPtr newDef)
+{
+ if (!def || !newDef)
+ return 0;
+
+ return virDomainCheckTPMChanges(def, newDef);
+}
\ No newline at end of file
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index a03986623a..a61faa7d57 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -3623,3 +3623,7 @@ virDomainGraphicsGetRenderNode(const virDomainGraphicsDef
*graphics);
bool
virDomainGraphicsNeedsAutoRenderNode(const virDomainGraphicsDef *graphics);
+
+int
+virDomainCheckDeviceChanges(virDomainDefPtr def, virDomainDefPtr newDef)
+ ATTRIBUTE_NONNULL(2);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index d693f7facb..f6f05ab207 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -205,6 +205,7 @@ virDomainBootTypeFromString;
virDomainBootTypeToString;
virDomainCapabilitiesPolicyTypeToString;
virDomainCapsFeatureTypeToString;
+virDomainCheckDeviceChanges;
virDomainChrConsoleTargetTypeFromString;
virDomainChrConsoleTargetTypeToString;
virDomainChrDefForeach;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index ef2e980216..8f224582b6 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -52,6 +52,7 @@
#include "qemu_migration_params.h"
#include "qemu_blockjob.h"
#include "qemu_security.h"
+#include "qemu_extdevice.h"
#include "virerror.h"
#include "virlog.h"
@@ -7568,6 +7569,30 @@ qemuDomainCreate(virDomainPtr dom)
return qemuDomainCreateWithFlags(dom, 0);
}
+static int
+qemuDomainCheckDeviceChanges(virQEMUDriverPtr driver,
+ virDomainDefPtr def)
+{
+ virDomainObjPtr vm;
+ int ret;
+
+ vm = virDomainObjListFindByUUID(driver->domains, def->uuid);
+ if (!vm)
+ return 0;
+
+ if (qemuExtDevicesInitPaths(driver, vm->def) < 0) {
+ ret = -1;
+ goto cleanup;
+ }
+
+ ret = virDomainCheckDeviceChanges(vm->def, def);
+
+ cleanup:
+ virDomainObjEndAPI(&vm);
+
+ return ret;
+}
+
static virDomainPtr
qemuDomainDefineXMLFlags(virConnectPtr conn,
const char *xml,
@@ -7604,6 +7629,9 @@ qemuDomainDefineXMLFlags(virConnectPtr conn,
if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
goto cleanup;
+ if (qemuDomainCheckDeviceChanges(driver, def) < 0)
+ goto cleanup;
+
if (!(vm = virDomainObjListAdd(driver->domains, def,
driver->xmlopt,
0, &oldDef)))
diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
index a21caefaba..e576bca165 100644
--- a/src/qemu/qemu_extdevice.c
+++ b/src/qemu/qemu_extdevice.c
@@ -79,7 +79,7 @@ qemuExtDeviceLogCommand(qemuDomainLogContextPtr logCtxt,
* stored and we can remove directories and files in case of domain XML
* changes.
*/
-static int
+int
qemuExtDevicesInitPaths(virQEMUDriverPtr driver,
virDomainDefPtr def)
{
diff --git a/src/qemu/qemu_extdevice.h b/src/qemu/qemu_extdevice.h
index a72e05ce63..bbdb9a1cc2 100644
--- a/src/qemu/qemu_extdevice.h
+++ b/src/qemu/qemu_extdevice.h
@@ -53,3 +53,6 @@ bool qemuExtDevicesHasDevice(virDomainDefPtr def);
int qemuExtDevicesSetupCgroup(virQEMUDriverPtr driver,
virDomainDefPtr def,
virCgroupPtr cgroup);
+
+int qemuExtDevicesInitPaths(virQEMUDriverPtr driver,
+ virDomainDefPtr def);
--
2.20.1
12:23 p.m.
New subject: [libvirt] [PATCH 17/18] docs: Extend Secret XML documentation with vtpm usage type
Extend the Secret XML documentation with vtpm usage type.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
docs/formatsecret.html.in | 61 +++++++++++++++++++++++++++++++++++++--
1 file changed, 59 insertions(+), 2 deletions(-)
diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in
index defbe71731..aaa31bc76c 100644
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -42,8 +42,8 @@
Specifies what this secret is used for. A mandatory
<code>type</code> attribute specifies the usage category, currently
only <code>volume</code>, <code>ceph</code>,
<code>iscsi</code>,
- and <code>tls</code> are defined. Specific usage categories
- are described below.
+ <code>tls</code>, and <code>vtpm</code> are defined.
Specific usage
+ categories are described below.
</dd>
</dl>
@@ -322,6 +322,63 @@ Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created
<pre>
# MYSECRET=`printf %s "letmein" | base64`
# virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
+Secret value set
+
+ </pre>
+
+ <h3><a id="vTPMUsageType">Usage type
"vtpm"</a></h3>
+
+ <p>
+ This secret is associated with a virtualized TPM (vTPM) and serves
+ as a passphrase for deriving a key from for encrypting the state
+ of the vTPM.
+ The <code><usage type='vtpm'></code> element must
contain
+ a single <code>name</code> element that specifies a usage name
+ for the secret. The vTPM secret can then be used by UUID or by
+ this usage name via the <code><encryption></code> element
of
+ a <a href="formatdomain.html#elementsTpm">tpm</a> when using
an
+ emulator.
+ <span class="since">Since 5.5.0</span>. The following is an
example
+ of the steps to be taken. First create a vtpm-secret.xml file: </p>
+
+ <pre>
+# cat vtpm-secret.xml
+<secret ephemeral='no' private='yes'>
+ <description>sample vTPM secret</description>
+ <usage type='vtpm'>
+ <name>VTPM_example</name>
+ </usage>
+</secret>
+
+# virsh secret-define vtpm-secret.xml
+Secret 6dd3e4a5-1d76-44ce-961f-f119f5aad935 created
+
+# virsh secret-list
+ UUID Usage
+----------------------------------------------------------------------------------------
+ 6dd3e4a5-1d76-44ce-961f-f119f5aad935 vtpm VTPM_example
+
+#
+
+ </pre>
+
+ <p>
+ A secret may also be defined via the
+ <a href="html/libvirt-libvirt-secret.html#virSecretDefineXML">
+ <code>virSecretDefineXML</code></a> API.
+
+ Once the secret is defined, a secret value will need to be set. The
+ secret would be the passphrase used to decrypt the vTPM state.
+ The following is a simple example of using
+ <code>virsh secret-set-value</code> to set the secret value. The
+ <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
+ <code>virSecretSetValue</code></a> API may also be used to set
+ a more secure secret without using printable/readable characters.
+ </p>
+
+ <pre>
+# MYSECRET=`printf %s "open sesame" | base64`
+# virsh secret-set-value 6dd3e4a5-1d76-44ce-961f-f119f5aad935 $MYSECRET
Secret value set
</pre>
--
2.20.1
3:27 p.m.
New subject: [libvirt] [PATCH 17/18] docs: Extend Secret XML documentation with vtpm usage type
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Extend the Secret XML documentation with vtpm usage type.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
docs/formatsecret.html.in | 61 +++++++++++++++++++++++++++++++++++++--
1 file changed, 59 insertions(+), 2 deletions(-)
diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in
index defbe71731..aaa31bc76c 100644
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -42,8 +42,8 @@
Specifies what this secret is used for. A mandatory
<code>type</code> attribute specifies the usage category, currently
only <code>volume</code>, <code>ceph</code>,
<code>iscsi</code>,
- and <code>tls</code> are defined. Specific usage categories
- are described below.
+ <code>tls</code>, and <code>vtpm</code> are defined.
Specific usage
+ categories are described below.
</dd>
</dl>
@@ -322,6 +322,63 @@ Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created
<pre>
# MYSECRET=`printf %s "letmein" | base64`
# virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
+Secret value set
+
+ </pre>
+
+ <h3><a id="vTPMUsageType">Usage type
"vtpm"</a></h3>
+
+ <p>
+ This secret is associated with a virtualized TPM (vTPM) and serves
+ as a passphrase for deriving a key from for encrypting the state
+ of the vTPM.
+ The <code><usage type='vtpm'></code> element
must contain
+ a single <code>name</code> element that specifies a usage name
+ for the secret. The vTPM secret can then be used by UUID or by
+ this usage name via the <code><encryption></code>
element of
+ a <a href="formatdomain.html#elementsTpm">tpm</a> when using
an
+ emulator.
+ <span class="since">Since 5.5.0</span>. The following is an
example
will need to be updated, I guess 5.6.0 ?
+ of the steps to be taken. First create a vtpm-secret.xml
file: </p>
+
+ <pre>
+# cat vtpm-secret.xml
+<secret ephemeral='no' private='yes'>
+ <description>sample vTPM secret</description>
+ <usage type='vtpm'>
+ <name>VTPM_example</name>
+ </usage>
+</secret>
+
+# virsh secret-define vtpm-secret.xml
+Secret 6dd3e4a5-1d76-44ce-961f-f119f5aad935 created
+
+# virsh secret-list
+ UUID Usage
+----------------------------------------------------------------------------------------
+ 6dd3e4a5-1d76-44ce-961f-f119f5aad935 vtpm VTPM_example
+
+#
+
+ </pre>
+
+ <p>
+ A secret may also be defined via the
+ <a href="html/libvirt-libvirt-secret.html#virSecretDefineXML">
+ <code>virSecretDefineXML</code></a> API.
+
+ Once the secret is defined, a secret value will need to be set. The
+ secret would be the passphrase used to decrypt the vTPM state.
+ The following is a simple example of using
+ <code>virsh secret-set-value</code> to set the secret value. The
+ <a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
+ <code>virSecretSetValue</code></a> API may also be used to set
+ a more secure secret without using printable/readable characters.
+ </p>
+
+ <pre>
+# MYSECRET=`printf %s "open sesame" | base64`
+# virsh secret-set-value 6dd3e4a5-1d76-44ce-961f-f119f5aad935 $MYSECRET
Secret value set
</pre>
--
2.20.1
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
12:23 p.m.
New subject: [libvirt] [PATCH 18/18] docs: Extend TPM docs with new encryption element
Describe the encryption element in the TPM's domain XML.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
docs/formatdomain.html.in | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index a7a6ec32a5..b53ea7d6f4 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -8212,6 +8212,9 @@ qemu-kvm -net nic,model=? /dev/null
TPM functionality for each VM. QEMU talks to it over a Unix socket. With
the emulator device type each guest gets its own private TPM.
<span class="since">'emulator' since 4.5.0</span>
+ The state of the TPM emulator can be encrypted by providing an
+ <code>encryption</code> element.
+ <span class="since">'encryption' since 5.5.0</span>
</p>
<p>
Example: usage of the TPM Emulator
@@ -8221,6 +8224,9 @@ qemu-kvm -net nic,model=? /dev/null
<devices>
<tpm model='tpm-tis'>
<backend type='emulator' version='2.0'>
+ <encryption format='vtpm'>
+ <secret type='passphrase' usage='VTPM_example'/>
+ </encryption>
</backend>
</tpm>
</devices>
@@ -8283,6 +8289,16 @@ qemu-kvm -net nic,model=? /dev/null
<li>'2.0' : creates a TPM 2.0</li>
</ul>
</dd>
+ <dt><code>encryption</code></dt>
+ <dd>
+ <p>
+ The <code>encryption</code> element allows the state of a TPM
emulator
+ to be encrypted. The <code>format</code> attribute must be
<code>vtpm</code>.
+ The <code>secret</code> element must reference a secret object
using
+ either its <code>usage</code> or <code>uuid</code>. The
<code>type</code>
+ attribute must be set to <code>passphrase</code>.
+ </p>
+ </dd>
</dl>
<h4><a id="elementsNVRAM">NVRAM device</a></h4>
--
2.20.1
3:28 p.m.
New subject: [libvirt] [PATCH 18/18] docs: Extend TPM docs with new encryption element
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote:
Describe the encryption element in the TPM's domain XML.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
docs/formatdomain.html.in | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index a7a6ec32a5..b53ea7d6f4 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -8212,6 +8212,9 @@ qemu-kvm -net nic,model=? /dev/null
TPM functionality for each VM. QEMU talks to it over a Unix socket. With
the emulator device type each guest gets its own private TPM.
<span class="since">'emulator' since 4.5.0</span>
+ The state of the TPM emulator can be encrypted by providing an
+ <code>encryption</code> element.
+ <span class="since">'encryption' since 5.5.0</span>
here too, 5.6.0 I presume
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
</p>
<p>
Example: usage of the TPM Emulator
@@ -8221,6 +8224,9 @@ qemu-kvm -net nic,model=? /dev/null
<devices>
<tpm model='tpm-tis'>
<backend type='emulator' version='2.0'>
+ <encryption format='vtpm'>
+ <secret type='passphrase'
usage='VTPM_example'/>
+ </encryption>
</backend>
</tpm>
</devices>
@@ -8283,6 +8289,16 @@ qemu-kvm -net nic,model=? /dev/null
<li>'2.0' : creates a TPM 2.0</li>
</ul>
</dd>
+ <dt><code>encryption</code></dt>
+ <dd>
+ <p>
+ The <code>encryption</code> element allows the state of a TPM
emulator
+ to be encrypted. The <code>format</code> attribute must be
<code>vtpm</code>.
+ The <code>secret</code> element must reference a secret object
using
+ either its <code>usage</code> or <code>uuid</code>.
The <code>type</code>
+ attribute must be set to <code>passphrase</code>.
+ </p>
+ </dd>
</dl>
<h4><a id="elementsNVRAM">NVRAM device</a></h4>
--
2.20.1
1963
days inactive
1964
days old
37 comments
3 participants
participants (3)
-
Marc-André Lureau -
Stefan Berger -
Stefan Berger