Re: [libvirt] [PATCH v9 06/17] qemu: Extend QEMU with external TPM support

Wednesday, 6 June 2018


...

...
 +static int
 +qemuExtTPMStartEmulator(virQEMUDriverPtr driver,
 +                        virDomainDefPtr def,
 +                        qemuDomainLogContextPtr logCtxt)
 +{ 
...

...
 +    if (!(cmd = qemuTPMEmulatorBuildCommand(tpm, def->name,
def->uuid,
 +                                            driver->privileged,
 +                                            cfg->swtpm_user,
 +                                            cfg->swtpm_group)))
 +        goto cleanup;
 +
 +    if (qemuExtDeviceLogCommand(logCtxt, cmd, "TPM Emulator") < 0)
 +        goto cleanup;
 +
 +    virCommandSetErrorBuffer(cmd, &errbuf);
 +
 +    if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus != 0) {
 +        virReportError(VIR_ERR_INTERNAL_ERROR,
 +                       _("Could not start 'swtpm'. exitstatus: %d, "
 +                         "error: %s"), exitstatus, errbuf);
 +        goto cleanup;
 +    } 
Now that the sensitive data in NVRAM need to be protected,  it might be a feasible way
that swtpm uses the 'key' to encrypt it when VM shutdown.
I wonder why don't use the key when swtpm process is launched here.
Of course, we should avoid to let the key exposed in system log when we design the
encryption scheme.
Another question is: where we can store the key securely. Maybe physical TPM can help
this.
What do you think about this question?

...

Thanks,
Shuanshuan Bu

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [libvirt] [PATCH v9 06/17] qemu: Extend QEMU with external TPM support