External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

qemu: Move code to add encryption options for swtpm_setup into function

Browse Source 
Move the code that adds encryption options for the swtpm_setup command
line into its own function.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Stefan Berger 2021-11-01 13:23:39 -04:00 committed by Michal Privoznik
parent 74447e404d
commit 488711a6ed
1 changed files with 38 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
src/qemu/qemu_tpm.c
View File

@ -422,6 +422,42 @@ qemuTPMCreateConfigFiles(const char *swtpm_setup)
} }
/*
* Add encryption parameters to swtpm_setup command line.
*
* @cmd: virCommand to add options to
* @swtpm_setup: swtpm_setup tool path
* @secretuuid: The secret's uuid; may be NULL
*/
static int
qemuTPMVirCommandAddEncryption(virCommand *cmd,
const char *swtpm_setup,
const unsigned char *secretuuid)
{
int pwdfile_fd;
if (!secretuuid)
return 0;
if (!virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD)) {
virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
_("%s does not support passing a passphrase using a file "
"descriptor"), swtpm_setup);
return -1;
}
if ((pwdfile_fd = qemuTPMSetupEncryption(secretuuid, cmd)) < 0)
return -1;
virCommandAddArg(cmd, "--pwdfile-fd");
virCommandAddArgFormat(cmd, "%d", pwdfile_fd);
virCommandAddArgList(cmd, "--cipher", "aes-256-cbc", NULL);
virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
return 0;
}
/* /*
* qemuTPMEmulatorRunSetup * qemuTPMEmulatorRunSetup
* *
@ -458,7 +494,6 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
char uuid[VIR_UUID_STRING_BUFLEN]; char uuid[VIR_UUID_STRING_BUFLEN];
g_autofree char *vmid = NULL; g_autofree char *vmid = NULL;
g_autofree char *swtpm_setup = virTPMGetSwtpmSetup(); g_autofree char *swtpm_setup = virTPMGetSwtpmSetup();
VIR_AUTOCLOSE pwdfile_fd = -1;
if (!swtpm_setup) if (!swtpm_setup)
return -1; return -1;
@ -495,23 +530,8 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
break; break;
} }
if (secretuuid) { if (qemuTPMVirCommandAddEncryption(cmd, swtpm_setup, secretuuid) < 0)
if (!virTPMSwtpmSetupCapsGet( return -1;
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD)) {
virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
_("%s does not support passing a passphrase using a file "
"descriptor"), swtpm_setup);
return -1;
}
if ((pwdfile_fd = qemuTPMSetupEncryption(secretuuid, cmd)) < 0)
return -1;
virCommandAddArg(cmd, "--pwdfile-fd");
virCommandAddArgFormat(cmd, "%d", pwdfile_fd);
virCommandAddArgList(cmd, "--cipher", "aes-256-cbc", NULL);
virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT);
pwdfile_fd = -1;
}
if (!incomingMigration) { if (!incomingMigration) {
virCommandAddArgList(cmd, virCommandAddArgList(cmd,