External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-01 17:35:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: Extend Secret XML documentation with vtpm usage type

Browse Source 
Extend the Secret XML documentation with vtpm usage type.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Stefan Berger 2019-07-25 14:22:14 -04:00 committed by Daniel P. Berrangé
parent 94b3aa55f8
commit a90f98c071
1 changed files with 59 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
docs/formatsecret.html.in
View File

@ -42,8 +42,8 @@
Specifies what this secret is used for. A mandatory Specifies what this secret is used for. A mandatory
<code>type</code> attribute specifies the usage category, currently <code>type</code> attribute specifies the usage category, currently
only <code>volume</code>, <code>ceph</code>, <code>iscsi</code>, only <code>volume</code>, <code>ceph</code>, <code>iscsi</code>,
and <code>tls</code> are defined. Specific usage categories <code>tls</code>, and <code>vtpm</code> are defined. Specific usage
are described below. categories are described below.
</dd> </dd>
</dl> </dl>
@ -322,6 +322,63 @@ Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created
<pre> <pre>
# MYSECRET=`printf %s "letmein" | base64` # MYSECRET=`printf %s "letmein" | base64`
# virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET # virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET
Secret value set
</pre>
<h3><a id="vTPMUsageType">Usage type "vtpm"</a></h3>
<p>
This secret is associated with a virtualized TPM (vTPM) and serves
as a passphrase for deriving a key from for encrypting the state
of the vTPM.
The <code>&lt;usage type='vtpm'&gt;</code> element must contain
a single <code>name</code> element that specifies a usage name
for the secret. The vTPM secret can then be used by UUID or by
this usage name via the <code>&lt;encryption&gt;</code> element of
a <a href="formatdomain.html#elementsTpm">tpm</a> when using an
emulator.
<span class="since">Since 5.6.0</span>. The following is an example
of the steps to be taken. First create a vtpm-secret.xml file: </p>
<pre>
# cat vtpm-secret.xml
&lt;secret ephemeral='no' private='yes'&gt;
&lt;description&gt;sample vTPM secret&lt;/description&gt;
&lt;usage type='vtpm'&gt;
&lt;name&gt;VTPM_example&lt;/name&gt;
&lt;/usage&gt;
&lt;/secret&gt;
# virsh secret-define vtpm-secret.xml
Secret 6dd3e4a5-1d76-44ce-961f-f119f5aad935 created
# virsh secret-list
UUID Usage
----------------------------------------------------------------------------------------
6dd3e4a5-1d76-44ce-961f-f119f5aad935 vtpm VTPM_example
#
</pre>
<p>
A secret may also be defined via the
<a href="html/libvirt-libvirt-secret.html#virSecretDefineXML">
<code>virSecretDefineXML</code></a> API.
Once the secret is defined, a secret value will need to be set. The
secret would be the passphrase used to decrypt the vTPM state.
The following is a simple example of using
<code>virsh secret-set-value</code> to set the secret value. The
<a href="html/libvirt-libvirt-secret.html#virSecretSetValue">
<code>virSecretSetValue</code></a> API may also be used to set
a more secure secret without using printable/readable characters.
</p>
<pre>
# MYSECRET=`printf %s "open sesame" | base64`
# virsh secret-set-value 6dd3e4a5-1d76-44ce-961f-f119f5aad935 $MYSECRET
Secret value set Secret value set
</pre> </pre>