From a9d6f1c0542df93cc7c588f01aeea6e5c4e28b71 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Thu, 25 Jul 2019 14:22:12 -0400 Subject: [PATCH] tpm: Pass migration key passphrase via fd to swtpm MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch now passes the passphrase as a migration key to swtpm. This now encrypts the state of the TPM while a VM is migrated between hosts or when suspended into a file. Since the migration key secret is the same as the state encryption secret, this now requires that the migration destination host has the same secret value. Signed-off-by: Stefan Berger Reviewed-by: Daniel P. Berrangé --- src/qemu/qemu_tpm.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 27a31efe50..7efd635831 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -584,6 +584,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, char *pidfile; VIR_AUTOFREE(char *) swtpm = virTPMGetSwtpm(); VIR_AUTOCLOSE pwdfile_fd = -1; + VIR_AUTOCLOSE migpwdfile_fd = -1; const unsigned char *secretuuid = NULL; if (!swtpm) @@ -653,6 +654,9 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, pwdfile_fd = qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, cmd); if (pwdfile_fd) + migpwdfile_fd = qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, + cmd); + if (pwdfile_fd < 0 || migpwdfile_fd < 0) goto error; virCommandAddArg(cmd, "--key"); @@ -660,6 +664,12 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, pwdfile_fd); virCommandPassFD(cmd, pwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT); pwdfile_fd = -1; + + virCommandAddArg(cmd, "--migration-key"); + virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", + migpwdfile_fd); + virCommandPassFD(cmd, migpwdfile_fd, VIR_COMMAND_PASS_FD_CLOSE_PARENT); + migpwdfile_fd = -1; } return cmd; -- GitLab