New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Series to allow running tpm2 setup with unprivileged user #63
Series to allow running tpm2 setup with unprivileged user #63
Conversation
This allows to run swtpm_setup as regular user. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
This will allow to expand environment variables in config files, such as: statedir = $XDG_RUNTIME_DIR/swtpm-localca Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Thanks a lot. Now we can run swtpm_setup under a user account and launch it by libvirt. We may need to document this. |
With the following config files I was able to create a VM with attached TPM 2. The certs were created for that TPM 2 using that locally generated CA:
Contents of ~/.config/swtpm_setup.conf:
Contents of ~/.config/swtpm-localca.conf:
Contents of ~/.config/swtpm-localca.options:
The log file showed this:
|
I guess the only thing I don't like is that we need to store swtpm_setup.conf in $XDG_CONFIG_HOME primarily because there are already so many directories there. |
Patch to apply to currently proposed libvirt support:
|
Use local configuation if run under regular / xdg desktop user.