Re: [libvirt] [PATCH v4 06/11] qemu: Extend QEMU with external TPM support

On Thu, May 10, 2018 at 11:57 PM +0200, Stefan Berger <stefanb(a)linux.vnet.ibm.com&gt; wrote: > Implement functions for managing the storage of the external swtpm as well > as starting and stopping it. Also implement functions to use swtpm_setup, > which simulates the manufacturing of a TPM, which includes creation of > certificates for the device. > > Further, the external TPM needs storage on the host that we need to set > up before it can be run. We can clean up the host once the domain is > undefined. > > This patch also implements a small layer for external device support that > calls into the TPM device layer if a domain has an attached TPM. This is > the layer we will wire up later on. > > Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com&gt; > --- […snip…] > + > +/* > + * qemuExtTPMStartEmulator: > + * > + * @driver: QEMU driver > + * @def: domain definition > + * @logCtxt: log context > + * > + * Start the external TPM Emulator: > + * - have the command line built > + * - start the external TPM Emulator and sync with it before QEMU start > + */ > +static int > +qemuExtTPMStartEmulator(virQEMUDriverPtr driver, > + virDomainDefPtr def, > + qemuDomainLogContextPtr logCtxt) > +{ > + int ret = -1; > + virCommandPtr cmd = NULL; > + int exitstatus; > + char *errbuf = NULL; > + virQEMUDriverConfigPtr cfg; > + virDomainTPMDefPtr tpm = def->tpm; > + char *shortName = virDomainDefGetShortName(def); > + > + if (!shortName) > + return -1; > + > + cfg = virQEMUDriverGetConfig(driver); > + > + /* stop any left-over TPM emulator for this VM */ > + qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName); > + > + if (!(cmd = qemuTPMEmulatorBuildCommand(tpm, def->name, def->uuid, > + driver->privileged, > + cfg->swtpm_user, > + cfg->swtpm_group))) > + goto cleanup; > + > + if (qemuExtDeviceLogCommand(logCtxt, cmd, "TPM Emulator") < 0) > + goto cleanup; > + > + virCommandSetErrorBuffer(cmd, &errbuf); > + > + if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus != 0) { > + VIR_ERROR(_("Could not start 'swtpm'. exitstatus: %d " > + "stderr: %s"), exitstatus, errbuf); > + virReportError(VIR_ERR_INTERNAL_ERROR, > + _("Could not start 'swtpm'. exitstatus: %d, " > + "error: %s"), exitstatus, errbuf); Do we need both? (VIR_ERROR and virReportError)?