On Fri, Jul 12, 2019 at 12:23:50PM -0400, Stefan Berger wrote:
Allow vTPM state encryption when swtpm_setup and swtpm support passing a passphrase using a file descriptor.
This patch enables the encryption of the vTPM state only. It does not encrypt the state during migration, so the destination secret does not need to have the same password at this point.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- src/libvirt_private.syms | 2 + src/qemu/qemu_tpm.c | 110 ++++++++++++++++++++++++++++++++++++++- src/util/virtpm.c | 16 ++++++ src/util/virtpm.h | 3 ++ 4 files changed, 129 insertions(+), 2 deletions(-)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|