[13.4-stable] vTPM communication and error handling refactoring #4429
Commits on Nov 6, 2024
-
vTPM : refactor control socket communication and error handling
This changes refactors the control socket communication and error handling in the vTPM (server) and KVM (client). The control socket communication is now handled by HTTP over UDS, and the error handling is improved, since the vTPM server now returns an error message when an error occurs. Signed-off-by: Shahriyar Jalayeri <[email protected]> (cherry picked from commit d965fa1)
-
Domainmgr : refactor virtual TPM setup and termination
Use a defer function to ensure that the virtual TPM is always terminated when the domain manager hits an error during the setup process or boot process. Signed-off-by: Shahriyar Jalayeri <[email protected]> (cherry picked from commit 20da6cd)
-
vTPM : fix bug when getting launch request
When server gets a launch request, it checks if the the requested instance is already running, but it only checks the internal list and not actually the running instances. This can lead to server thinking the instance is running but client fails to get the PID with error "failed to get pid from file ...". Signed-off-by: Shahriyar Jalayeri <[email protected]> (cherry picked from commit 25af0d6)
-
vTPM : validate id before using it in the request
Validate ID before using it in, it must be in form of a UUID. Signed-off-by: Shahriyar Jalayeri <[email protected]> (cherry picked from commit 7294cce)
-
Rename wd kicker in proc utils. Signed-off-by: Shahriyar Jalayeri <[email protected]> (cherry picked from commit 9db3b4d)
-
domainmgr : call vTPM asynchronously and refactor setup functions
Refactor vTPM setup/term/teardown functions to call the vTPM server endpoints asynchronously, this remove the timeout guessworks and make the vTPM setup more reliable. Refactor vTPM setup functions to accept all watchdog related parameters as struct. Signed-off-by: Shahriyar Jalayeri <[email protected]> (cherry picked from commit 18abc71)
-
The domainmanager calls vTPM server asynchronously, so we dont need to worry and set the wait time too low to return quicly to prevent a watchdog kill on pillar. Signed-off-by: Shahriyar Jalayeri <[email protected]> (cherry picked from commit bd856c7)
-
add vtpm vendor directory to .spdxignore
Add vtpm vendor directory to .spdxignore. Signed-off-by: Shahriyar Jalayeri <[email protected]> (cherry picked from commit 5d4f771) Signed-off-by: Shahriyar Jalayeri <[email protected]>
-
The TestSwtpmAbruptTerminationRequest function verifies that if swtpm is terminated without vTPM notice, no stale id is left in the vtpm internal bookkeeping and vtpm can launch a new instance with the same id. The TestSwtpmMultipleLaucnhRequest function verifies that if swtpm is launched multiple times with the same id, only one instance is created and other requests are ignored. Signed-off-by: Shahriyar Jalayeri <[email protected]> (cherry picked from commit bc80a42)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.