Learn to parse a file path for the TPM state.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
The default version used depends on the combination of hypervisor, guest
architecture, TPM model and backend.
+``source``
+ The ``source`` element specifies the location of the TPM state storage . This
+ element only works with the ``emulator`` backend.
+
+ When specified, it is the user's responsability to prevent files from being
+ used by multiple VMs or emulators (swtpm will also use advisory locking). If
+ not specified, the storage configuration is left to libvirt discretion.
+
+ This element requires that swtpm v0.7 or later is installed.
+
+ The following attributes are supported:
+
+ ``type``
+ The type of storage. It's possible to provide "file" to utilize a single
+ file or block device where the TPM state will be stored.
+
+ ``path``
+ The path to the TPM state storage.
+
+ :since:`Since v10.9.0`
+
``persistent_state``
The ``persistent_state`` attribute indicates whether 'swtpm' TPM state is
kept or not when a transient domain is powered off or undefined. This
"2.0",
);
+VIR_ENUM_IMPL(virDomainTPMSourceType,
+ VIR_DOMAIN_TPM_SOURCE_TYPE_LAST,
+ "default",
+ "file",
+);
+
VIR_ENUM_IMPL(virDomainTPMPcrBank,
VIR_DOMAIN_TPM_PCR_BANK_LAST,
"sha1",
int nbackends;
int nnodes;
size_t i;
+ xmlNodePtr source_node = NULL;
g_autofree char *path = NULL;
g_autofree char *secretuuid = NULL;
g_autofree char *persistent_state = NULL;
def->data.emulator.hassecretuuid = true;
}
+ source_node = virXPathNode("./backend/source", ctxt);
+ if (source_node) {
+ if (virXMLPropEnum(source_node, "type",
+ virDomainTPMSourceTypeTypeFromString,
+ VIR_XML_PROP_NONZERO,
+ &def->data.emulator.source_type) < 0)
+ goto error;
+ path = virXMLPropString(source_node, "path");
+ if (!path) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing TPM source path"));
+ goto error;
+ }
+ def->data.emulator.source_path = g_steal_pointer(&path);
+ }
+
persistent_state = virXMLPropString(backends[0], "persistent_state");
if (persistent_state) {
if (virStringParseYesNo(persistent_state,
virXMLFormatElement(&backendChildBuf, "active_pcr_banks", NULL, &activePcrBanksBuf);
}
+ if (def->data.emulator.source_type != VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT) {
+ virBufferAsprintf(&backendChildBuf, "<source type='%s'",
+ virDomainTPMSourceTypeTypeToString(def->data.emulator.source_type));
+ virBufferEscapeString(&backendChildBuf, " path='%s'/>\n", def->data.emulator.source_path);
+ }
break;
case VIR_DOMAIN_TPM_TYPE_EXTERNAL:
if (def->data.external.source->type == VIR_DOMAIN_CHR_TYPE_UNIX) {
VIR_DOMAIN_TPM_PCR_BANK_LAST
} virDomainPcrBank;
+typedef enum {
+ VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT = 0,
+ VIR_DOMAIN_TPM_SOURCE_TYPE_FILE,
+
+ VIR_DOMAIN_TPM_SOURCE_TYPE_LAST
+} virDomainTPMSourceType;
+
#define VIR_DOMAIN_TPM_DEFAULT_DEVICE "/dev/tpm0"
struct _virDomainTPMDef {
struct {
virDomainTPMVersion version;
virDomainChrSourceDef *source;
+ virDomainTPMSourceType source_type;
char *source_path;
char *logfile;
unsigned int debug;
VIR_ENUM_DECL(virDomainTPMModel);
VIR_ENUM_DECL(virDomainTPMBackend);
VIR_ENUM_DECL(virDomainTPMVersion);
+VIR_ENUM_DECL(virDomainTPMSourceType);
VIR_ENUM_DECL(virDomainTPMPcrBank);
VIR_ENUM_DECL(virDomainMemoryModel);
VIR_ENUM_DECL(virDomainMemoryBackingModel);
<interleave>
<ref name="tpm-backend-emulator-encryption"/>
<ref name="tpm-backend-emulator-active-pcr-banks"/>
+ <ref name="tpm-backend-emulator-source"/>
</interleave>
<optional>
<attribute name="persistent_state">
</optional>
</define>
+ <define name="tpm-backend-emulator-source">
+ <optional>
+ <element name="source">
+ <attribute name="type">
+ <value>file</value>
+ </attribute>
+ <attribute name="path">
+ <ref name="absFilePath"/>
+ </attribute>
+ </element>
+ </optional>
+ </define>
+
<define name="tpm-backend-emulator-encryption">
<optional>
<element name="encryption">
<sha256/>
<sha512/>
</active_pcr_banks>
+ <source type='file' path='/path/to/state'/>
</backend>
</tpm>
<audio id='1' type='none'/>
projects / thirdparty / libvirt.git / commitdiff
