On a Tuesday in 2024, Michal Privoznik wrote:
If user requests their virSecret value to be encrypted using
hosts' TPM we can now honour such request as we have all the APIs
ready. The value is still stored in a file (obj->base64File) but
because it was encrypted by TPM it's not readable (even though
it's still base64 encoded).
And since we can detect usability of host's TPM, let's do that
when a virSecret is defined and TPM is requested. This avoids
unpleasant surprises later on.
Resolves:
https://issues.redhat.com/browse/RHEL-7125
That link is private so it does not belong in an upstream commit message.
Jano
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/conf/virsecretobj.c | 32 +++++++++++++++++++++++++++++---
src/secret/secret_driver.c | 7 +++++++
2 files changed, 36 insertions(+), 3 deletions(-)