From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Thu, 25 Jul 2019 18:22:15 +0000 (-0400)
Subject: docs: Extend TPM docs with new encryption element
X-Git-Tag: v5.6.0-rc1~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b2f6a5c68876166c62de10ab41b9925258f5ceec;p=thirdparty%2Flibvirt.git

docs: Extend TPM docs with new encryption element

Describe the encryption element in the TPM's domain XML.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 1d57729394..1938bd875c 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -8215,6 +8215,9 @@ qemu-kvm -net nic,model=? /dev/null
       TPM functionality for each VM. QEMU talks to it over a Unix socket. With
       the emulator device type each guest gets its own private TPM.
       <span class="since">'emulator' since 4.5.0</span>
+      The state of the TPM emulator can be encrypted by providing an
+      <code>encryption</code> element.
+      <span class="since">'encryption' since 5.6.0</span>
     </p>
     <p>
      Example: usage of the TPM Emulator
@@ -8224,6 +8227,7 @@ qemu-kvm -net nic,model=? /dev/null
   &lt;devices&gt;
     &lt;tpm model='tpm-tis'&gt;
       &lt;backend type='emulator' version='2.0'&gt;
+        &lt;encryption secret='6dd3e4a5-1d76-44ce-961f-f119f5aad935'/&gt;
       &lt;/backend&gt;
     &lt;/tpm&gt;
   &lt;/devices&gt;
@@ -8286,6 +8290,14 @@ qemu-kvm -net nic,model=? /dev/null
           <li>'2.0' : creates a TPM 2.0</li>
         </ul>
       </dd>
+      <dt><code>encryption</code></dt>
+      <dd>
+        <p>
+          The <code>encryption</code> element allows the state of a TPM emulator
+          to be encrypted. The <code>secret</code> must reference a secret object
+          that holds the passphrase from which the encryption key will be derived.
+        </p>
+      </dd>
     </dl>
 
     <h4><a id="elementsNVRAM">NVRAM device</a></h4>