mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 21:34:54 +03:00
Add documentation and schema for TPM passthrough
Supported TPM passthrough XML may look as follows: <tpm model='tpm-tis'> <backend type='passthrough'> <device path='/dev/tpm0'/> </backend> </tpm> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com> Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
This commit is contained in:
parent
069219577b
commit
5eac4f600c
@ -4415,6 +4415,64 @@ qemu-kvm -net nic,model=? /dev/null
|
||||
|
||||
</dl>
|
||||
|
||||
<h4><a name="elementsTpm">TPM device</a></h4>
|
||||
|
||||
<p>
|
||||
The TPM device enables a QEMU guest to have access to TPM
|
||||
functionality.
|
||||
</p>
|
||||
<p>
|
||||
The TPM passthrough device type provides access to the host's TPM
|
||||
for one QEMU guest. No other software may be is using the TPM device,
|
||||
typically /dev/tpm0, at the time the QEMU guest is started.
|
||||
<span class="since">'passthrough' since 1.0.5</span>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Example: usage of the TPM passthrough device
|
||||
</p>
|
||||
<pre>
|
||||
...
|
||||
<devices>
|
||||
<tpm model='tpm-tis'>
|
||||
<backend type='passthrough'>
|
||||
<backend path='/dev/tpm0'/>
|
||||
</backend>
|
||||
</tpm>
|
||||
</devices>
|
||||
...
|
||||
</pre>
|
||||
<dl>
|
||||
<dt><code>model</code></dt>
|
||||
<dd>
|
||||
<p>
|
||||
The <code>model</code> attribute specifies what device
|
||||
model QEMU provides to the guest. If no model name is provided,
|
||||
<code>tpm-tis</code> will automatically be chosen.
|
||||
</p>
|
||||
</dd>
|
||||
<dt><code>backend</code></dt>
|
||||
<dd>
|
||||
<p>
|
||||
The <code>backend</code> element specifies the type of
|
||||
TPM device. The following types are supported:
|
||||
</p>
|
||||
<ul>
|
||||
<li>'passthrough' — use the host's TPM device.
|
||||
</ul>
|
||||
</dd>
|
||||
<dt><code>backend type='passthrough'</code></dt>
|
||||
<dd>
|
||||
<p>
|
||||
This backend type requires exclusive access to a TPM device on
|
||||
the host.
|
||||
An example for such a device is /dev/tpm0. The filename is
|
||||
specified as path attribute of the <code>source</code> element.
|
||||
If no file name is specified then /dev/tpm0 is automatically used.
|
||||
</p>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<h3><a name="seclabel">Security label</a></h3>
|
||||
|
||||
<p>
|
||||
|
@ -2876,6 +2876,48 @@
|
||||
<text/>
|
||||
</element>
|
||||
</define>
|
||||
|
||||
<define name="tpm">
|
||||
<element name="tpm">
|
||||
<optional>
|
||||
<attribute name="model">
|
||||
<choice>
|
||||
<value>tpm-tis</value>
|
||||
</choice>
|
||||
</attribute>
|
||||
</optional>
|
||||
<ref name="tpm-backend"/>
|
||||
<optional>
|
||||
<ref name="alias"/>
|
||||
</optional>
|
||||
</element>
|
||||
</define>
|
||||
|
||||
<define name="tpm-backend">
|
||||
<element name="backend">
|
||||
<choice>
|
||||
<group>
|
||||
<attribute name="type">
|
||||
<value>passthrough</value>
|
||||
</attribute>
|
||||
<ref name="tpm-passthrough-device"/>
|
||||
</group>
|
||||
</choice>
|
||||
</element>
|
||||
</define>
|
||||
|
||||
<define name="tpm-passthrough-device">
|
||||
<optional>
|
||||
<element name="device">
|
||||
<optional>
|
||||
<attribute name="path">
|
||||
<ref name="filePath"/>
|
||||
</attribute>
|
||||
</optional>
|
||||
</element>
|
||||
</optional>
|
||||
</define>
|
||||
|
||||
<define name="input">
|
||||
<element name="input">
|
||||
<attribute name="type">
|
||||
@ -3200,6 +3242,7 @@
|
||||
<ref name="redirdev"/>
|
||||
<ref name="redirfilter"/>
|
||||
<ref name="rng"/>
|
||||
<ref name="tpm"/>
|
||||
</choice>
|
||||
</zeroOrMore>
|
||||
<optional>
|
||||
|
Loading…
Reference in New Issue
Block a user