[libvirt] [PATCH v7 00/19] Add support for vTPM state encryption

Thursday, 25 July 2019

This series of patches addresses the RFE in BZ 172830:
https://bugzilla.redhat.com/show_bug.cgi?id=1728030

This series of patches adds support for vTPM state encryption by passing
the read-end of a pipe's file descriptor to 'swtpm_setup' and 'swtpm'
where they can read a passphrase from and derive a key from that passphrase.

The TPM's domain XML looks to enable state encryption looks like this:

    <tpm model='tpm-tis'>
      <backend type='emulator' version='1.2'>
        <encryption secret='2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd'/>
      </backend>
    </tpm>

The vTPM secret holding the passphrase looks like this:

<secret ephemeral='no' private='yes'>
  <uuid>2c9ceaba-c6ef-4f38-86fd-6e3adb2df5cd</uuid>
  <description>vTPM passphrase example</description>
  <usage type='vtpm'>
    <name>vtpm_example</name>
  </usage>
</secret>

The swtpm v0.2 is needed that supports the command line option
--print-capabilities returning a JSON object that identifies features added
since v0.1. One such features is the possibility to pass a passphrase via a
file descriptor.

The patches do some refactoring of existing code on the way.

  Stefan

v1->v2:
 - Added Marc-André's R-bs
 - Addressed comments
 - Added patches to extend virCommand to be able to write contents of multiple
   buffers to file descriptors for a spawned process to read from

v2->v3:
 - Fixed some pointer issues following conversion to use VIR_AUTOFREE

v3->v4:
 - Added test case for virCommandSetSendBuffer() to commantest.c
 - Addressed other issues raised by Marc-André

v4->v5:
 - Simplified encryption node in TPM's domain XML and adapted everything that
   depends on this; dropped some patches and removed some R-bs for non-trivial
   stuff
 - Not limiting write size for fd's with O_NONBLOCK set

v5->v6:
 - Addressed comments on v5

v6->v7:
 - Stubbed out virCommandSetSendBuffer if F_SETFL is not defined. Also having
   'the other' occurrence of F_SETFL cause an error if F_SETFL is not defined.

Stefan Berger (19):
  secret: Add support for usage type vTPM, extend schema and test case
  tests: Add already existing test case tpm-emulator-tpm2
  conf: Extend TPM XML parser with encryption support
  tests: Add test for TPM XML encryption parser and formatter
  tests: Add tests for QEMU command line generation with encrypted TPM
  tpm: Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c
  tpm: Refactor virTPMEmulatorInit to use loop
  tpm: Check whether previously found executables were updated
  tpm: Parse the capabilities supported by swtpm and swtpm_setup
  utils: Implement function to pass a buffer to send via a fd to
    virCommand
  utils: Convert pollfd array to be allocated
  utils: Mark inpipe as non-blocking
  utils: Extend virCommandProcessIO to include the send buffers
  tests: Extend command test to transfer large data to process on
    multiple fds
  tpm: Use fd to pass password to swtpm_setup and swtpm
  tpm: Pass migration key passphrase via fd to swtpm
  tpm: Check TPM XML device configuration changes after edit
  docs: Extend Secret XML documentation with vtpm usage type
  docs: Extend TPM docs with new encryption element

 docs/formatdomain.html.in                     |  12 +
 docs/formatsecret.html.in                     |  61 +++-
 docs/schemas/domaincommon.rng                 |  11 +
 docs/schemas/secret.rng                       |  10 +
 include/libvirt/libvirt-secret.h              |   1 +
 include/libvirt/virterror.h                   |   2 +
 src/conf/domain_conf.c                        |  87 ++++-
 src/conf/domain_conf.h                        |   6 +
 src/conf/secret_conf.c                        |  13 +
 src/libvirt_private.syms                      |  10 +
 src/qemu/qemu_driver.c                        |  28 ++
 src/qemu/qemu_extdevice.c                     |   2 +-
 src/qemu/qemu_extdevice.h                     |   3 +
 src/qemu/qemu_tpm.c                           | 211 ++++++++-----
 src/util/vircommand.c                         | 171 +++++++++-
 src/util/vircommand.h                         |   5 +
 src/util/virerror.c                           |   2 +
 src/util/virsecret.c                          |   2 +-
 src/util/virtpm.c                             | 298 +++++++++++++++++-
 src/util/virtpm.h                             |  23 ++
 tests/commandhelper.c                         |  70 +++-
 tests/commandtest.c                           | 113 +++++++
 .../tpm-emulator-tpm2-enc.x86_64-latest.args  |  35 ++
 .../tpm-emulator-tpm2-enc.xml                 |  32 ++
 tests/qemuxml2argvtest.c                      |   1 +
 .../tpm-emulator-tpm2-enc.xml                 |  36 +++
 tests/qemuxml2xmltest.c                       |   2 +
 tests/secretxml2xmlin/usage-vtpm.xml          |   7 +
 tests/secretxml2xmltest.c                     |   1 +
 29 files changed, 1168 insertions(+), 87 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.x86_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2-enc.xml
 create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2-enc.xml
 create mode 100644 tests/secretxml2xmlin/usage-vtpm.xml

-- 
2.20.1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt] [PATCH v7 00/19] Add support for vTPM state encryption