mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
qemu: Move code to add encryption options for swtpm_setup into function
Move the code that adds encryption options for the swtpm_setup command line into its own function. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
parent
74447e404d
commit
488711a6ed
@ -422,6 +422,42 @@ qemuTPMCreateConfigFiles(const char *swtpm_setup)
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Add encryption parameters to swtpm_setup command line.
|
||||
*
|
||||
* @cmd: virCommand to add options to
|
||||
* @swtpm_setup: swtpm_setup tool path
|
||||
* @secretuuid: The secret's uuid; may be NULL
|
||||
*/
|
||||
static int
|
||||
qemuTPMVirCommandAddEncryption(virCommand *cmd,
|
||||
const char *swtpm_setup,
|
||||
const unsigned char *secretuuid)
|
||||
{
|
||||
int pwdfile_fd;
|
||||
|
||||
if (!secretuuid)
|
||||
return 0;
|
||||
|
||||
if (!virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD)) {
|
||||
virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
|
||||
_("%s does not support passing a passphrase using a file "
|
||||
"descriptor"), swtpm_setup);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if ((pwdfile_fd = qemuTPMSetupEncryption(secretuuid, cmd)) < 0)
|
||||
return -1;
|
||||
|
||||
virCommandAddArg(cmd, "--pwdfile-fd");
|
||||
virCommandAddArgFormat(cmd, "%d", pwdfile_fd);
|
||||
virCommandAddArgList(cmd, "--cipher", "aes-256-cbc", NULL);
|
||||
virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* qemuTPMEmulatorRunSetup
|
||||
*
|
||||
@ -458,7 +494,6 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
|
||||
char uuid[VIR_UUID_STRING_BUFLEN];
|
||||
g_autofree char *vmid = NULL;
|
||||
g_autofree char *swtpm_setup = virTPMGetSwtpmSetup();
|
||||
VIR_AUTOCLOSE pwdfile_fd = -1;
|
||||
|
||||
if (!swtpm_setup)
|
||||
return -1;
|
||||
@ -495,23 +530,8 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
|
||||
break;
|
||||
}
|
||||
|
||||
if (secretuuid) {
|
||||
if (!virTPMSwtpmSetupCapsGet(
|
||||
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD)) {
|
||||
virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
|
||||
_("%s does not support passing a passphrase using a file "
|
||||
"descriptor"), swtpm_setup);
|
||||
return -1;
|
||||
}
|
||||
if ((pwdfile_fd = qemuTPMSetupEncryption(secretuuid, cmd)) < 0)
|
||||
return -1;
|
||||
|
||||
virCommandAddArg(cmd, "--pwdfile-fd");
|
||||
virCommandAddArgFormat(cmd, "%d", pwdfile_fd);
|
||||
virCommandAddArgList(cmd, "--cipher", "aes-256-cbc", NULL);
|
||||
virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
|
||||
pwdfile_fd = -1;
|
||||
}
|
||||
if (qemuTPMVirCommandAddEncryption(cmd, swtpm_setup, secretuuid) < 0)
|
||||
return -1;
|
||||
|
||||
if (!incomingMigration) {
|
||||
virCommandAddArgList(cmd,
|
||||
|
Loading…
x
Reference in New Issue
Block a user