[libvirt] [PATCH v2 00/21] Add support for vTPM state encryption

Wednesday, 10 July 2019

This series of patches addresses the RFE in BZ 172830:
https://bugzilla.redhat.com/show_bug.cgi?id=1728030

This series of patches adds support for vTPM state encryption by passing
the read-end of a pipe's file descriptor to 'swtpm_setup' and 'swtpm'
where they can read a passphrase from and derive a key from that passphrase.

The TPM's domain XML looks to enable state encryption looks like this:

    <tpm model='tpm-tis'>
      <backend type='emulator' version='1.2'>
        <encryption format='vtpm'>
          <secret type='passphrase'
uuid='2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd'/>
        </encryption>
      </backend>
      <alias name='tpm0'/>
    </tpm>

The vTPM secret holding the passphrase looks like this:

<secret ephemeral='no' private='yes'>
  <uuid>2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd</uuid>
  <description>vTPM passphrase example</description>
  <usage type='vtpm'>
    <name>vtpm_example</name>
  </usage>
</secret>

The swtpm v0.2 (upcoming) is needed that supports the command line option
--print-capabilities returning a JSON object that identifies features added
since v0.1. One such features is the possibility to pass a passphrase via a
file descriptor.

The patches do some refactoring of existing code on the way.

  Stefan

v1->v2:
 - Added Marc-André's R-bs
 - Addressed comments
 - Added patches to extend virCommand to be able to write contents of multiple
   buffers to file descriptors for a spawned process to read from

Stefan Berger (21):
  secret: Add support for usage type vTPM, extend schema and test case
  tests: Add already existing test case tpm-emulator-tpm2
  util: Add VIR_STORAGE_ENCRYPTION_FORMAT_VTPM
  conf: Extend TPM XML parser with encryption support
  schema: Extend the TPM XML schema with support for encryption
  tests: Add test for TPM XML encryption parser and formatter
  tests: Add tests for QEMU command line generation with encrypted TPM
  tpm: Move virtpm.c from utils dir to own tpm dir
  tpm: Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c
  tpm: Refactor virTPMEmulatorInit to use loop
  tpm: Check whether previously found executables were updated
  tpm: Parse the capabilities supported by swtpm and swtpm_setup
  utils: Implement function to pass a buffer to send via a fd to
    virCommand
  utils: Convert pollfd array to be allocated
  utils: Write a maximum of MAX_PIPE_FEED_BYTES into a pipe
  utils: Extend virCommandProcessIO to including the send buffers
  tpm: Use fd to pass password to swtpm_setup and swtpm
  tpm: Pass migration key passphrase via fd to swtpm
  tpm: Check TPM XML device configuration changes after edit
  docs: Extend Secret XML documentation with vtpm usage type
  docs: Extend TPM docs with new encryption element

 docs/formatdomain.html.in                     |  16 +
 docs/formatsecret.html.in                     |  61 +++-
 docs/schemas/domaincommon.rng                 |  30 ++
 docs/schemas/secret.rng                       |  10 +
 include/libvirt/libvirt-secret.h              |   1 +
 po/POTFILES                                   |   2 +-
 src/Makefile.am                               |   1 +
 src/conf/Makefile.inc.am                      |   7 +
 src/conf/domain_conf.c                        |  96 +++++-
 src/conf/domain_conf.h                        |   5 +
 src/conf/secret_conf.c                        |  13 +
 src/conf/virtpm_conf.c                        |  36 ++
 src/conf/virtpm_conf.h                        |  36 ++
 src/libvirt_private.syms                      |  21 +-
 src/qemu/Makefile.inc.am                      |   1 +
 src/qemu/qemu_block.c                         |   1 +
 src/qemu/qemu_driver.c                        |  28 ++
 src/qemu/qemu_extdevice.c                     |   2 +-
 src/qemu/qemu_extdevice.h                     |   3 +
 src/qemu/qemu_tpm.c                           | 197 ++++++-----
 src/security/Makefile.inc.am                  |   1 +
 src/tpm/Makefile.inc.am                       |  20 ++
 src/tpm/virtpm.c                              | 325 ++++++++++++++++++
 src/{util => tpm}/virtpm.h                    |   8 +
 src/util/Makefile.inc.am                      |   2 -
 src/util/vircommand.c                         | 139 +++++++-
 src/util/vircommand.h                         |   5 +
 src/util/virsecret.c                          |   2 +-
 src/util/virstorageencryption.c               |   2 +-
 src/util/virstorageencryption.h               |   1 +
 src/util/virtpm.c                             |  74 ----
 tests/Makefile.am                             |   1 +
 .../tpm-emulator-tpm2-enc.x86_64-latest.args  |  35 ++
 .../tpm-emulator-tpm2-enc.xml                 |  34 ++
 tests/qemuxml2argvtest.c                      |   1 +
 .../tpm-emulator-tpm2-enc.xml                 |  38 ++
 tests/qemuxml2xmltest.c                       |   2 +
 tests/secretxml2xmlin/usage-vtpm.xml          |   7 +
 tests/secretxml2xmltest.c                     |   1 +
 39 files changed, 1099 insertions(+), 166 deletions(-)
 create mode 100644 src/conf/virtpm_conf.c
 create mode 100644 src/conf/virtpm_conf.h
 create mode 100644 src/tpm/Makefile.inc.am
 create mode 100644 src/tpm/virtpm.c
 rename src/{util => tpm}/virtpm.h (77%)
 delete mode 100644 src/util/virtpm.c
 create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
 create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
 create mode 100644 tests/secretxml2xmlin/usage-vtpm.xml

-- 
2.20.1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH v2 00/21] Add support for vTPM state encryption