Re: [libvirt] [PATCH v5 17/20] tpm: Pass migration key passphrase via fd to swtpm

On Fri, Jul 12, 2019 at 12:23:51PM -0400, Stefan Berger wrote: > This patch now passes the passphrase as a migration key to swtpm. > This now encrypts the state of the TPM while a VM is migrated between > hosts or when suspended into a file. Since the migration key secret > is the same as the state encryption secret, this now requires that > the migration destination host has the same secret value. > > Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com&gt; > --- > src/qemu/qemu_tpm.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > @@ -651,6 +655,12 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, > pwdfile_fd); > virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT); > pwdfile_fd = -1; > + > + virCommandAddArg(cmd, "--migration-key"); > + virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc,kdf=pbkdf2", > + migpwdfile_fd); Why do we have to specify a kdf for migration, but not for the original on disk encryoptiuon ?

> + virCommandPassFD(cmd, migpwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT); > + migpwdfile_fd = -1; Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com&gt; Regards, Daniel