From b2f6a5c68876166c62de10ab41b9925258f5ceec Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Thu, 25 Jul 2019 14:22:15 -0400 Subject: [PATCH] docs: Extend TPM docs with new encryption element MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Describe the encryption element in the TPM's domain XML. Signed-off-by: Stefan Berger Reviewed-by: Daniel P. Berrangé --- docs/formatdomain.html.in | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 1d57729394..1938bd875c 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -8215,6 +8215,9 @@ qemu-kvm -net nic,model=? /dev/null TPM functionality for each VM. QEMU talks to it over a Unix socket. With the emulator device type each guest gets its own private TPM. 'emulator' since 4.5.0 + The state of the TPM emulator can be encrypted by providing an + encryption element. + 'encryption' since 5.6.0

Example: usage of the TPM Emulator @@ -8224,6 +8227,7 @@ qemu-kvm -net nic,model=? /dev/null <devices> <tpm model='tpm-tis'> <backend type='emulator' version='2.0'> + <encryption secret='6dd3e4a5-1d76-44ce-961f-f119f5aad935'/> </backend> </tpm> </devices> @@ -8286,6 +8290,14 @@ qemu-kvm -net nic,model=? /dev/null

  • '2.0' : creates a TPM 2.0
    • +
    encryption
    +
    +

    + The encryption element allows the state of a TPM emulator + to be encrypted. The secret must reference a secret object + that holds the passphrase from which the encryption key will be derived. +

    +

    NVRAM device