mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 09:53:10 +00:00
a5bbe1a8b6
Extend the TPM backend XML with a node 'active_pcr_banks' that allows a user to specify the PCR banks to activate before starting a VM. Valid choices for PCR banks are sha1, sha256, sha384 and sha512. When the XML node is provided, the set of active PCR banks is 'enforced' by running swtpm_setup before every start of the VM. The activation requires that swtpm_setup v0.7 or later is installed and may not have any effect otherwise. <tpm model='tpm-tis'> <backend type='emulator' version='2.0'> <active_pcr_banks> <sha256/> <sha384/> </active_pcr_banks> </backend> </tpm> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2016599 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
36 lines
995 B
XML
36 lines
995 B
XML
<domain type='qemu'>
|
|
<name>TPM-VM</name>
|
|
<uuid>11d7cd22-da89-3094-6212-079a48a309a1</uuid>
|
|
<memory unit='KiB'>2097152</memory>
|
|
<currentMemory unit='KiB'>512288</currentMemory>
|
|
<vcpu placement='static'>1</vcpu>
|
|
<os>
|
|
<type arch='x86_64' machine='pc-i440fx-2.12'>hvm</type>
|
|
<boot dev='hd'/>
|
|
<bootmenu enable='yes'/>
|
|
</os>
|
|
<features>
|
|
<acpi/>
|
|
</features>
|
|
<clock offset='utc'/>
|
|
<on_poweroff>destroy</on_poweroff>
|
|
<on_reboot>restart</on_reboot>
|
|
<on_crash>destroy</on_crash>
|
|
<devices>
|
|
<emulator>/usr/bin/qemu-system-x86_64</emulator>
|
|
<controller type='usb' index='0'/>
|
|
<controller type='pci' index='0' model='pci-root'/>
|
|
<input type='mouse' bus='ps2'/>
|
|
<input type='keyboard' bus='ps2'/>
|
|
<tpm model='tpm-tis'>
|
|
<backend type='emulator' version='2.0'>
|
|
<active_pcr_banks>
|
|
<sha256/>
|
|
<sha512/>
|
|
</active_pcr_banks>
|
|
</backend>
|
|
</tpm>
|
|
<memballoon model='virtio'/>
|
|
</devices>
|
|
</domain>
|