mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-03 05:17:54 +03:00
schema: add TPM emulator <source type='file' path='..'>
Learn to parse a file path for the TPM state. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
This commit is contained in:
parent
6d4eb07a55
commit
579fd44612
@ -8185,6 +8185,27 @@ Example: usage of the TPM Emulator
|
||||
The default version used depends on the combination of hypervisor, guest
|
||||
architecture, TPM model and backend.
|
||||
|
||||
``source``
|
||||
The ``source`` element specifies the location of the TPM state storage . This
|
||||
element only works with the ``emulator`` backend.
|
||||
|
||||
When specified, it is the user's responsability to prevent files from being
|
||||
used by multiple VMs or emulators (swtpm will also use advisory locking). If
|
||||
not specified, the storage configuration is left to libvirt discretion.
|
||||
|
||||
This element requires that swtpm v0.7 or later is installed.
|
||||
|
||||
The following attributes are supported:
|
||||
|
||||
``type``
|
||||
The type of storage. It's possible to provide "file" to utilize a single
|
||||
file or block device where the TPM state will be stored.
|
||||
|
||||
``path``
|
||||
The path to the TPM state storage.
|
||||
|
||||
:since:`Since v10.9.0`
|
||||
|
||||
``persistent_state``
|
||||
The ``persistent_state`` attribute indicates whether 'swtpm' TPM state is
|
||||
kept or not when a transient domain is powered off or undefined. This
|
||||
|
@ -1322,6 +1322,12 @@ VIR_ENUM_IMPL(virDomainTPMVersion,
|
||||
"2.0",
|
||||
);
|
||||
|
||||
VIR_ENUM_IMPL(virDomainTPMSourceType,
|
||||
VIR_DOMAIN_TPM_SOURCE_TYPE_LAST,
|
||||
"default",
|
||||
"file",
|
||||
);
|
||||
|
||||
VIR_ENUM_IMPL(virDomainTPMPcrBank,
|
||||
VIR_DOMAIN_TPM_PCR_BANK_LAST,
|
||||
"sha1",
|
||||
@ -10784,6 +10790,7 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt,
|
||||
int nbackends;
|
||||
int nnodes;
|
||||
size_t i;
|
||||
xmlNodePtr source_node = NULL;
|
||||
g_autofree char *path = NULL;
|
||||
g_autofree char *secretuuid = NULL;
|
||||
g_autofree char *persistent_state = NULL;
|
||||
@ -10857,6 +10864,22 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt,
|
||||
def->data.emulator.hassecretuuid = true;
|
||||
}
|
||||
|
||||
source_node = virXPathNode("./backend/source", ctxt);
|
||||
if (source_node) {
|
||||
if (virXMLPropEnum(source_node, "type",
|
||||
virDomainTPMSourceTypeTypeFromString,
|
||||
VIR_XML_PROP_NONZERO,
|
||||
&def->data.emulator.source_type) < 0)
|
||||
goto error;
|
||||
path = virXMLPropString(source_node, "path");
|
||||
if (!path) {
|
||||
virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||
_("missing TPM source path"));
|
||||
goto error;
|
||||
}
|
||||
def->data.emulator.source_path = g_steal_pointer(&path);
|
||||
}
|
||||
|
||||
persistent_state = virXMLPropString(backends[0], "persistent_state");
|
||||
if (persistent_state) {
|
||||
if (virStringParseYesNo(persistent_state,
|
||||
@ -25070,6 +25093,11 @@ virDomainTPMDefFormat(virBuffer *buf,
|
||||
|
||||
virXMLFormatElement(&backendChildBuf, "active_pcr_banks", NULL, &activePcrBanksBuf);
|
||||
}
|
||||
if (def->data.emulator.source_type != VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT) {
|
||||
virBufferAsprintf(&backendChildBuf, "<source type='%s'",
|
||||
virDomainTPMSourceTypeTypeToString(def->data.emulator.source_type));
|
||||
virBufferEscapeString(&backendChildBuf, " path='%s'/>\n", def->data.emulator.source_path);
|
||||
}
|
||||
break;
|
||||
case VIR_DOMAIN_TPM_TYPE_EXTERNAL:
|
||||
if (def->data.external.source->type == VIR_DOMAIN_CHR_TYPE_UNIX) {
|
||||
|
@ -1463,6 +1463,13 @@ typedef enum {
|
||||
VIR_DOMAIN_TPM_PCR_BANK_LAST
|
||||
} virDomainPcrBank;
|
||||
|
||||
typedef enum {
|
||||
VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT = 0,
|
||||
VIR_DOMAIN_TPM_SOURCE_TYPE_FILE,
|
||||
|
||||
VIR_DOMAIN_TPM_SOURCE_TYPE_LAST
|
||||
} virDomainTPMSourceType;
|
||||
|
||||
#define VIR_DOMAIN_TPM_DEFAULT_DEVICE "/dev/tpm0"
|
||||
|
||||
struct _virDomainTPMDef {
|
||||
@ -1478,6 +1485,7 @@ struct _virDomainTPMDef {
|
||||
struct {
|
||||
virDomainTPMVersion version;
|
||||
virDomainChrSourceDef *source;
|
||||
virDomainTPMSourceType source_type;
|
||||
char *source_path;
|
||||
char *logfile;
|
||||
unsigned int debug;
|
||||
@ -4277,6 +4285,7 @@ VIR_ENUM_DECL(virDomainRNGBackend);
|
||||
VIR_ENUM_DECL(virDomainTPMModel);
|
||||
VIR_ENUM_DECL(virDomainTPMBackend);
|
||||
VIR_ENUM_DECL(virDomainTPMVersion);
|
||||
VIR_ENUM_DECL(virDomainTPMSourceType);
|
||||
VIR_ENUM_DECL(virDomainTPMPcrBank);
|
||||
VIR_ENUM_DECL(virDomainMemoryModel);
|
||||
VIR_ENUM_DECL(virDomainMemoryBackingModel);
|
||||
|
@ -5923,6 +5923,7 @@
|
||||
<interleave>
|
||||
<ref name="tpm-backend-emulator-encryption"/>
|
||||
<ref name="tpm-backend-emulator-active-pcr-banks"/>
|
||||
<ref name="tpm-backend-emulator-source"/>
|
||||
</interleave>
|
||||
<optional>
|
||||
<attribute name="persistent_state">
|
||||
@ -5981,6 +5982,19 @@
|
||||
</optional>
|
||||
</define>
|
||||
|
||||
<define name="tpm-backend-emulator-source">
|
||||
<optional>
|
||||
<element name="source">
|
||||
<attribute name="type">
|
||||
<value>file</value>
|
||||
</attribute>
|
||||
<attribute name="path">
|
||||
<ref name="absFilePath"/>
|
||||
</attribute>
|
||||
</element>
|
||||
</optional>
|
||||
</define>
|
||||
|
||||
<define name="tpm-backend-emulator-encryption">
|
||||
<optional>
|
||||
<element name="encryption">
|
||||
|
@ -34,6 +34,7 @@
|
||||
<sha256/>
|
||||
<sha512/>
|
||||
</active_pcr_banks>
|
||||
<source type='file' path='/path/to/state'/>
|
||||
</backend>
|
||||
</tpm>
|
||||
<audio id='1' type='none'/>
|
||||
|
Loading…
Reference in New Issue
Block a user