diff options
author | Alexey Krasikov <alex-krasikov@yandex-team.ru> | 2020-05-25 14:19:12 +0300 |
---|---|---|
committer | Daniel P. Berrangé <berrange@redhat.com> | 2020-06-15 11:33:51 +0100 |
commit | 54e7aac0562452e4fcab65ca5001d030eef2de15 (patch) | |
tree | b348bbbee075fad62aaf161e7d32096610d18d4c /configure | |
parent | 4862bd3cd2052f1b48e4d08b1820e70a255c4859 (diff) |
crypto/linux_keyring: add 'secret_keyring' secret object.
Add the ability for the secret object to obtain secret data from the
Linux in-kernel key managment and retention facility, as an extra option
to the existing ones: reading from a file or passing directly as a
string.
The secret is identified by the key serial number. The upper layers
need to instantiate the key and make sure the QEMU process has access
permissions to read it.
Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru>
- Fixed up detection logic default behaviour in configure
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'configure')
-rwxr-xr-x | configure | 45 |
1 files changed, 45 insertions, 0 deletions
@@ -510,6 +510,7 @@ default_devices="yes" plugins="no" fuzzing="no" rng_none="no" +secret_keyring="" supported_cpu="no" supported_os="no" @@ -1606,6 +1607,10 @@ for opt do ;; --disable-rng-none) rng_none=no ;; + --enable-keyring) secret_keyring="yes" + ;; + --disable-keyring) secret_keyring="no" + ;; *) echo "ERROR: unknown option $opt" echo "Try '$0 --help' for more information" @@ -6290,6 +6295,41 @@ case "$slirp" in ;; esac +########################################## +# check for usable __NR_keyctl syscall + +if test "$linux" = "yes" ; then + + have_keyring=no + cat > $TMPC << EOF +#include <errno.h> +#include <asm/unistd.h> +#include <linux/keyctl.h> +#include <unistd.h> +int main(void) { + return syscall(__NR_keyctl, KEYCTL_READ, 0, NULL, NULL, 0); +} +EOF + if compile_prog "" "" ; then + have_keyring=yes + fi +fi +if test "$secret_keyring" != "no" +then + if test "$have_keyring" == "yes" + then + secret_keyring=yes + else + if test "$secret_keyring" = "yes" + then + error_exit "syscall __NR_keyctl requested, \ +but not implemented on your system" + else + secret_keyring=no + fi + fi +fi + ########################################## # End of CC checks @@ -6774,6 +6814,7 @@ echo "plugin support $plugins" echo "fuzzing support $fuzzing" echo "gdb $gdb_bin" echo "rng-none $rng_none" +echo "Linux keyring $secret_keyring" if test "$supported_cpu" = "no"; then echo @@ -7659,6 +7700,10 @@ if test -n "$gdb_bin" ; then echo "HAVE_GDB_BIN=$gdb_bin" >> $config_host_mak fi +if test "$secret_keyring" = "yes" ; then + echo "CONFIG_SECRET_KEYRING=y" >> $config_host_mak +fi + if test "$tcg_interpreter" = "yes"; then QEMU_INCLUDES="-iquote \$(SRC_PATH)/tcg/tci $QEMU_INCLUDES" elif test "$ARCH" = "sparc64" ; then |