aboutsummaryrefslogtreecommitdiff
path: root/configure
diff options
context:
space:
mode:
authorAlexey Krasikov <alex-krasikov@yandex-team.ru>2020-05-25 14:19:12 +0300
committerDaniel P. Berrangé <berrange@redhat.com>2020-06-15 11:33:51 +0100
commit54e7aac0562452e4fcab65ca5001d030eef2de15 (patch)
treeb348bbbee075fad62aaf161e7d32096610d18d4c /configure
parent4862bd3cd2052f1b48e4d08b1820e70a255c4859 (diff)
crypto/linux_keyring: add 'secret_keyring' secret object.
Add the ability for the secret object to obtain secret data from the Linux in-kernel key managment and retention facility, as an extra option to the existing ones: reading from a file or passing directly as a string. The secret is identified by the key serial number. The upper layers need to instantiate the key and make sure the QEMU process has access permissions to read it. Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru> - Fixed up detection logic default behaviour in configure Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'configure')
-rwxr-xr-xconfigure45
1 files changed, 45 insertions, 0 deletions
diff --git a/configure b/configure
index 997284e094..3fbb61905a 100755
--- a/configure
+++ b/configure
@@ -510,6 +510,7 @@ default_devices="yes"
plugins="no"
fuzzing="no"
rng_none="no"
+secret_keyring=""
supported_cpu="no"
supported_os="no"
@@ -1606,6 +1607,10 @@ for opt do
;;
--disable-rng-none) rng_none=no
;;
+ --enable-keyring) secret_keyring="yes"
+ ;;
+ --disable-keyring) secret_keyring="no"
+ ;;
*)
echo "ERROR: unknown option $opt"
echo "Try '$0 --help' for more information"
@@ -6290,6 +6295,41 @@ case "$slirp" in
;;
esac
+##########################################
+# check for usable __NR_keyctl syscall
+
+if test "$linux" = "yes" ; then
+
+ have_keyring=no
+ cat > $TMPC << EOF
+#include <errno.h>
+#include <asm/unistd.h>
+#include <linux/keyctl.h>
+#include <unistd.h>
+int main(void) {
+ return syscall(__NR_keyctl, KEYCTL_READ, 0, NULL, NULL, 0);
+}
+EOF
+ if compile_prog "" "" ; then
+ have_keyring=yes
+ fi
+fi
+if test "$secret_keyring" != "no"
+then
+ if test "$have_keyring" == "yes"
+ then
+ secret_keyring=yes
+ else
+ if test "$secret_keyring" = "yes"
+ then
+ error_exit "syscall __NR_keyctl requested, \
+but not implemented on your system"
+ else
+ secret_keyring=no
+ fi
+ fi
+fi
+
##########################################
# End of CC checks
@@ -6774,6 +6814,7 @@ echo "plugin support $plugins"
echo "fuzzing support $fuzzing"
echo "gdb $gdb_bin"
echo "rng-none $rng_none"
+echo "Linux keyring $secret_keyring"
if test "$supported_cpu" = "no"; then
echo
@@ -7659,6 +7700,10 @@ if test -n "$gdb_bin" ; then
echo "HAVE_GDB_BIN=$gdb_bin" >> $config_host_mak
fi
+if test "$secret_keyring" = "yes" ; then
+ echo "CONFIG_SECRET_KEYRING=y" >> $config_host_mak
+fi
+
if test "$tcg_interpreter" = "yes"; then
QEMU_INCLUDES="-iquote \$(SRC_PATH)/tcg/tci $QEMU_INCLUDES"
elif test "$ARCH" = "sparc64" ; then