NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Move adding of keys to swtpm command line into own function

Browse Source 
Factor-out code related to adding key to the swtpm command line into its
own function.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Stefan Berger 2024-11-13 12:39:49 -05:00 committed by Michal Privoznik
parent cd37721d19
commit fc9a333f37
1 changed files with 37 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
src/qemu/qemu_tpm.c
View File

@ -575,6 +575,39 @@ qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDef *emulator,
return 0; return 0;
} }
static int
qemuTPMVirCommandSwtpmAddEncryption(virCommand *cmd,
const virDomainTPMEmulatorDef *emulator,
const char *swtpm)
{
int pwdfile_fd = -1;
int migpwdfile_fd = -1;
if (!emulator->hassecretuuid)
return 0;
if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) {
virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
_("%1$s does not support passing passphrase via file descriptor"),
swtpm);
return -1;
}
if (qemuTPMSetupEncryption(emulator->secretuuid,
cmd, &pwdfile_fd) < 0)
return -1;
if (qemuTPMSetupEncryption(emulator->secretuuid,
cmd, &migpwdfile_fd) < 0)
return -1;
virCommandAddArg(cmd, "--key");
virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", pwdfile_fd);
virCommandAddArg(cmd, "--migration-key");
virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", migpwdfile_fd);
return 0;
}
/* /*
* qemuTPMEmulatorBuildCommand: * qemuTPMEmulatorBuildCommand:
@ -602,8 +635,6 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
bool created = false; bool created = false;
bool run_setup = false; bool run_setup = false;
g_autofree char *swtpm = virTPMGetSwtpm(); g_autofree char *swtpm = virTPMGetSwtpm();
int pwdfile_fd = -1;
int migpwdfile_fd = -1;
const unsigned char *secretuuid = NULL; const unsigned char *secretuuid = NULL;
bool create_storage = true; bool create_storage = true;
bool on_shared_storage; bool on_shared_storage;
@ -698,28 +729,10 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
break; break;
} }
if (tpm->data.emulator.hassecretuuid) { if (qemuTPMVirCommandSwtpmAddEncryption(cmd,
if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) { &tpm->data.emulator,
virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, swtpm) < 0)
_("%1$s does not support passing passphrase via file descriptor"),
swtpm);
goto error; goto error;
}
if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid,
cmd, &pwdfile_fd) < 0)
goto error;
if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid,
cmd, &migpwdfile_fd) < 0)
goto error;
virCommandAddArg(cmd, "--key");
virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", pwdfile_fd);
virCommandAddArg(cmd, "--migration-key");
virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", migpwdfile_fd);
}
/* If swtpm supports it and the TPM state is stored on shared storage, /* If swtpm supports it and the TPM state is stored on shared storage,
* start swtpm with --migration release-lock-outgoing so it can migrate * start swtpm with --migration release-lock-outgoing so it can migrate