Martin Polednik has uploaded a new change for review.

Change subject: [WIP]vdsm: add support for TPM device passthrough ......................................................................

[WIP]vdsm: add support for TPM device passthrough

This patch adds basic support for TPM (to be expanded) passthrough, which allows VM to be given access directly to host's TPM module.

Currently missing: reporting host's tpm status (nonexistant / passed to VM / available)

Engine constraints: vm with assigned TPM cannot be allowed to migrate, host cannot pass single TPM to multiple VMs using passthrough protocol (currently only supported protocol http://wiki.qemu.org/Features/TPM)

Change-Id: I53a77a0977d367d1066e85590dd35b18bb5fa32a Signed-off-by: Martin Polednik mpoledni@redhat.com --- M tests/vmTests.py M vdsm/vm.py M vdsm_api/vdsmapi-schema.json 3 files changed, 90 insertions(+), 1 deletion(-)

git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/49/20649/1

diff --git a/tests/vmTests.py b/tests/vmTests.py index 1f69f0a..b879e5f 100644 --- a/tests/vmTests.py +++ b/tests/vmTests.py @@ -114,6 +114,20 @@ smartcard = vm.SmartCardDevice(self.conf, self.log, **dev) self.assertXML(smartcard.getXML(), smartcardXML)

+ def testTpmXML(self): + tpmXML = """ + <tpm model="tpm-tis"> + <backend type="passthrough"> + <device path="/dev/tpm0"/> + </backend> + </tpm> + """ + dev = {'device': 'tpm', + 'specParams': {'type': 'passthrough', + 'path': '/dev/tpm0', 'model': 'tpm-tis'}} + tpm = vm.TpmDevice(self.conf, self.log, **dev) + self.assertXML(tpm.getXML(), tpmXML) + def testFeaturesXML(self): featuresXML = """ <features> diff --git a/vdsm/vm.py b/vdsm/vm.py index 0c12334..d73e83e 100644 --- a/vdsm/vm.py +++ b/vdsm/vm.py @@ -1673,6 +1673,26 @@ return card

+class TpmDevice(VmDevice): + def getXML(self): + """ + Add tpm section to domain xml + + <tpm model='tpm-tis'> + <backend type='passthrough'> + <device path='/dev/tpm0'> + </backend> + </tpm> + """ + tpm = self.createXmlElem(self.device, None) + tpm.setAttrs(**{'model': self.specParams['model']}) + backend = tpm.appendChildWithArgs('backend', + type=self.specParams['type']) + backend.appendChildWithArgs('device', + path=self.specParams['path']) + return tpm + + class RedirDevice(VmDevice): def getXML(self): """ diff --git a/vdsm_api/vdsmapi-schema.json b/vdsm_api/vdsmapi-schema.json index 73889d1..1be8e9d 100644 --- a/vdsm_api/vdsmapi-schema.json +++ b/vdsm_api/vdsmapi-schema.json @@ -1832,7 +1832,7 @@ ## {'enum': 'VmDeviceType', 'data': ['disk', 'interface', 'video', 'sound', 'controller', 'balloon', - 'channel', 'console', 'smartcard']} + 'channel', 'console', 'tpm', 'smartcard']}

## # @VmDiskDeviceType: @@ -2590,6 +2590,61 @@ 'address': 'VmDeviceAddress', 'alias': 'str', 'deviceId': 'UUID'}}

## +# @VmTpmDeviceType: +# +# An enumeration of VM tpm device types. +# +# @passthrough: use hosts TPM +# +# Since: 4.10.3 +## +{'enum': 'VmTpmDeviceType', 'data': ['passthrough']} + +## +# @VmTpmDeviceModel: +# +# An enumeration of VM tpm device modes. +# +# @tpm-tis: TODO +# +# Since: 4.10.3 +## +{'enum': 'VmTpmDeviceModel', 'data': ['tpm-tis']} + +## +# @VmTpmDeviceSpecParams: +# +# Additional VM tpm device parameters. +# +# @type: #optional Protocol used by tpmdevice (defaults to @passthrough) +# +# @model: #optional Model of TPM device (defaults to @tpm-tis) +# +# @path: #optional Path to hosts device TPM (defaults to /dev/tpm0) +# +# Since: 4.10.3 +## +{'type': 'VmTpmDeviceSpecParams', + 'data': {'*model': 'VmTpmDeviceModel', + '*path': 'str', + '*type': 'VmTpmDeviceType'}} + +## +# @VmTpmDevice: +# +# Properties of a VM tpm device. +# +# @deviceType: The device type (always @tpm) +# +# @specParams: #optional Additional device parameters +# +# Since: 4.10.3 +## +{'type': 'VmTpmDevice', + 'data': {'deviceType': 'VmDeviceType', + '*specParams': 'VmTpmDeviceSpecParams'}} + +## # @VmSmartcardDeviceProtocol: # # An enumeration of VM smartcard device protocols.