device/virtio-nsm: Support for Nitro Secure Module device

Nitro Secure Module (NSM)[1] device is used in AWS Nitro Enclaves[2]
for stripped down TPM functionality like cryptographic attestation.
The requests to and responses from NSM device are CBOR[3] encoded.

This commit adds support for NSM device in QEMU. Although related to
AWS Nitro Enclaves, the virito-nsm device is independent and can be
used in other machine types as well. The libcbor[4] library has been
used for the CBOR encoding and decoding functionalities.

[1] https://lists.oasis-open.org/archives/virtio-comment/202310/msg00387.html
[2] https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html
[3] http://cbor.io/
[4] https://libcbor.readthedocs.io/en/latest/

Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com>
Reviewed-by: Alexander Graf <graf@amazon.com>
Link: https://lore.kernel.org/r/20241008211727.49088-3-dorjoychy111@gmail.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Dorjoy Chowdhury 2024-10-09 03:17:23 +06:00 committed by Paolo Bonzini
parent 1ac32dc8ea
commit bb154e3e0c
12 changed files with 2252 additions and 0 deletions

View File

@ -5,6 +5,9 @@
config LINUX config LINUX
bool bool
config LIBCBOR
bool
config OPENGL config OPENGL
bool bool

View File

@ -2293,6 +2293,16 @@ F: include/sysemu/rng*.h
F: backends/rng*.c F: backends/rng*.c
F: tests/qtest/virtio-rng-test.c F: tests/qtest/virtio-rng-test.c
virtio-nsm
M: Alexander Graf <graf@amazon.com>
M: Dorjoy Chowdhury <dorjoychy111@gmail.com>
S: Maintained
F: hw/virtio/cbor-helpers.c
F: hw/virtio/virtio-nsm.c
F: hw/virtio/virtio-nsm-pci.c
F: include/hw/virtio/cbor-helpers.h
F: include/hw/virtio/virtio-nsm.h
vhost-user-stubs vhost-user-stubs
M: Alex Bennée <alex.bennee@linaro.org> M: Alex Bennée <alex.bennee@linaro.org>
S: Maintained S: Maintained

View File

@ -6,6 +6,10 @@ config VIRTIO_RNG
default y default y
depends on VIRTIO depends on VIRTIO
config VIRTIO_NSM
bool
depends on LIBCBOR && VIRTIO
config VIRTIO_IOMMU config VIRTIO_IOMMU
bool bool
default y default y

321
hw/virtio/cbor-helpers.c Normal file
View File

@ -0,0 +1,321 @@
/*
* QEMU CBOR helpers
*
* Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com>
*
* This work is licensed under the terms of the GNU GPL, version 2 or
* (at your option) any later version. See the COPYING file in the
* top-level directory.
*/
#include "hw/virtio/cbor-helpers.h"
bool qemu_cbor_map_add(cbor_item_t *map, cbor_item_t *key, cbor_item_t *value)
{
bool success = false;
struct cbor_pair pair = (struct cbor_pair) {
.key = cbor_move(key),
.value = cbor_move(value)
};
success = cbor_map_add(map, pair);
if (!success) {
cbor_incref(pair.key);
cbor_incref(pair.value);
}
return success;
}
bool qemu_cbor_array_push(cbor_item_t *array, cbor_item_t *value)
{
bool success = false;
success = cbor_array_push(array, cbor_move(value));
if (!success) {
cbor_incref(value);
}
return success;
}
bool qemu_cbor_add_bool_to_map(cbor_item_t *map, const char *key, bool value)
{
cbor_item_t *key_cbor = NULL;
cbor_item_t *value_cbor = NULL;
key_cbor = cbor_build_string(key);
if (!key_cbor) {
goto cleanup;
}
value_cbor = cbor_build_bool(value);
if (!value_cbor) {
goto cleanup;
}
if (!qemu_cbor_map_add(map, key_cbor, value_cbor)) {
goto cleanup;
}
return true;
cleanup:
if (key_cbor) {
cbor_decref(&key_cbor);
}
if (value_cbor) {
cbor_decref(&value_cbor);
}
return false;
}
bool qemu_cbor_add_uint8_to_map(cbor_item_t *map, const char *key,
uint8_t value)
{
cbor_item_t *key_cbor = NULL;
cbor_item_t *value_cbor = NULL;
key_cbor = cbor_build_string(key);
if (!key_cbor) {
goto cleanup;
}
value_cbor = cbor_build_uint8(value);
if (!value_cbor) {
goto cleanup;
}
if (!qemu_cbor_map_add(map, key_cbor, value_cbor)) {
goto cleanup;
}
return true;
cleanup:
if (key_cbor) {
cbor_decref(&key_cbor);
}
if (value_cbor) {
cbor_decref(&value_cbor);
}
return false;
}
bool qemu_cbor_add_map_to_map(cbor_item_t *map, const char *key,
size_t nested_map_size,
cbor_item_t **nested_map)
{
cbor_item_t *key_cbor = NULL;
cbor_item_t *value_cbor = NULL;
key_cbor = cbor_build_string(key);
if (!key_cbor) {
goto cleanup;
}
value_cbor = cbor_new_definite_map(nested_map_size);
if (!value_cbor) {
goto cleanup;
}
if (!qemu_cbor_map_add(map, key_cbor, value_cbor)) {
goto cleanup;
}
*nested_map = value_cbor;
return true;
cleanup:
if (key_cbor) {
cbor_decref(&key_cbor);
}
if (value_cbor) {
cbor_decref(&value_cbor);
}
return false;
}
bool qemu_cbor_add_bytestring_to_map(cbor_item_t *map, const char *key,
uint8_t *arr, size_t len)
{
cbor_item_t *key_cbor = NULL;
cbor_item_t *value_cbor = NULL;
key_cbor = cbor_build_string(key);
if (!key_cbor) {
goto cleanup;
}
value_cbor = cbor_build_bytestring(arr, len);
if (!value_cbor) {
goto cleanup;
}
if (!qemu_cbor_map_add(map, key_cbor, value_cbor)) {
goto cleanup;
}
return true;
cleanup:
if (key_cbor) {
cbor_decref(&key_cbor);
}
if (value_cbor) {
cbor_decref(&value_cbor);
}
return false;
}
bool qemu_cbor_add_null_to_map(cbor_item_t *map, const char *key)
{
cbor_item_t *key_cbor = NULL;
cbor_item_t *value_cbor = NULL;
key_cbor = cbor_build_string(key);
if (!key_cbor) {
goto cleanup;
}
value_cbor = cbor_new_null();
if (!value_cbor) {
goto cleanup;
}
if (!qemu_cbor_map_add(map, key_cbor, value_cbor)) {
goto cleanup;
}
return true;
cleanup:
if (key_cbor) {
cbor_decref(&key_cbor);
}
if (value_cbor) {
cbor_decref(&value_cbor);
}
return false;
}
bool qemu_cbor_add_string_to_map(cbor_item_t *map, const char *key,
const char *value)
{
cbor_item_t *key_cbor = NULL;
cbor_item_t *value_cbor = NULL;
key_cbor = cbor_build_string(key);
if (!key_cbor) {
goto cleanup;
}
value_cbor = cbor_build_string(value);
if (!value_cbor) {
goto cleanup;
}
if (!qemu_cbor_map_add(map, key_cbor, value_cbor)) {
goto cleanup;
}
return true;
cleanup:
if (key_cbor) {
cbor_decref(&key_cbor);
}
if (value_cbor) {
cbor_decref(&value_cbor);
}
return false;
}
bool qemu_cbor_add_uint8_array_to_map(cbor_item_t *map, const char *key,
uint8_t *arr, size_t len)
{
cbor_item_t *key_cbor = NULL;
cbor_item_t *value_cbor = NULL;
key_cbor = cbor_build_string(key);
if (!key_cbor) {
goto cleanup;
}
value_cbor = cbor_new_definite_array(len);
if (!value_cbor) {
goto cleanup;
}
for (int i = 0; i < len; ++i) {
cbor_item_t *tmp = cbor_build_uint8(arr[i]);
if (!tmp) {
goto cleanup;
}
if (!qemu_cbor_array_push(value_cbor, tmp)) {
cbor_decref(&tmp);
goto cleanup;
}
}
if (!qemu_cbor_map_add(map, key_cbor, value_cbor)) {
goto cleanup;
}
return true;
cleanup:
if (key_cbor) {
cbor_decref(&key_cbor);
}
if (value_cbor) {
cbor_decref(&value_cbor);
}
return false;
}
bool qemu_cbor_add_uint8_key_bytestring_to_map(cbor_item_t *map, uint8_t key,
uint8_t *buf, size_t len)
{
cbor_item_t *key_cbor = NULL;
cbor_item_t *value_cbor = NULL;
key_cbor = cbor_build_uint8(key);
if (!key_cbor) {
goto cleanup;
}
value_cbor = cbor_build_bytestring(buf, len);
if (!value_cbor) {
goto cleanup;
}
if (!qemu_cbor_map_add(map, key_cbor, value_cbor)) {
goto cleanup;
}
return true;
cleanup:
if (key_cbor) {
cbor_decref(&key_cbor);
}
if (value_cbor) {
cbor_decref(&value_cbor);
}
return false;
}
bool qemu_cbor_add_uint64_to_map(cbor_item_t *map, const char *key,
uint64_t value)
{
cbor_item_t *key_cbor = NULL;
cbor_item_t *value_cbor = NULL;
key_cbor = cbor_build_string(key);
if (!key_cbor) {
goto cleanup;
}
value_cbor = cbor_build_uint64(value);
if (!value_cbor) {
goto cleanup;
}
if (!qemu_cbor_map_add(map, key_cbor, value_cbor)) {
goto cleanup;
}
return true;
cleanup:
if (key_cbor) {
cbor_decref(&key_cbor);
}
if (value_cbor) {
cbor_decref(&value_cbor);
}
return false;
}

View File

@ -54,6 +54,7 @@ specific_virtio_ss.add(when: 'CONFIG_VIRTIO_PMEM', if_true: files('virtio-pmem.c
specific_virtio_ss.add(when: 'CONFIG_VHOST_VSOCK', if_true: files('vhost-vsock.c')) specific_virtio_ss.add(when: 'CONFIG_VHOST_VSOCK', if_true: files('vhost-vsock.c'))
specific_virtio_ss.add(when: 'CONFIG_VHOST_USER_VSOCK', if_true: files('vhost-user-vsock.c')) specific_virtio_ss.add(when: 'CONFIG_VHOST_USER_VSOCK', if_true: files('vhost-user-vsock.c'))
specific_virtio_ss.add(when: 'CONFIG_VIRTIO_RNG', if_true: files('virtio-rng.c')) specific_virtio_ss.add(when: 'CONFIG_VIRTIO_RNG', if_true: files('virtio-rng.c'))
specific_virtio_ss.add(when: 'CONFIG_VIRTIO_NSM', if_true: [files('virtio-nsm.c', 'cbor-helpers.c'), libcbor])
specific_virtio_ss.add(when: 'CONFIG_VIRTIO_MEM', if_true: files('virtio-mem.c')) specific_virtio_ss.add(when: 'CONFIG_VIRTIO_MEM', if_true: files('virtio-mem.c'))
specific_virtio_ss.add(when: 'CONFIG_VHOST_USER_SCMI', if_true: files('vhost-user-scmi.c')) specific_virtio_ss.add(when: 'CONFIG_VHOST_USER_SCMI', if_true: files('vhost-user-scmi.c'))
specific_virtio_ss.add(when: ['CONFIG_VIRTIO_PCI', 'CONFIG_VHOST_USER_SCMI'], if_true: files('vhost-user-scmi-pci.c')) specific_virtio_ss.add(when: ['CONFIG_VIRTIO_PCI', 'CONFIG_VHOST_USER_SCMI'], if_true: files('vhost-user-scmi-pci.c'))
@ -70,6 +71,7 @@ virtio_pci_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('virtio-crypto-pc
virtio_pci_ss.add(when: 'CONFIG_VIRTIO_INPUT_HOST', if_true: files('virtio-input-host-pci.c')) virtio_pci_ss.add(when: 'CONFIG_VIRTIO_INPUT_HOST', if_true: files('virtio-input-host-pci.c'))
virtio_pci_ss.add(when: 'CONFIG_VIRTIO_INPUT', if_true: files('virtio-input-pci.c')) virtio_pci_ss.add(when: 'CONFIG_VIRTIO_INPUT', if_true: files('virtio-input-pci.c'))
virtio_pci_ss.add(when: 'CONFIG_VIRTIO_RNG', if_true: files('virtio-rng-pci.c')) virtio_pci_ss.add(when: 'CONFIG_VIRTIO_RNG', if_true: files('virtio-rng-pci.c'))
virtio_pci_ss.add(when: 'CONFIG_VIRTIO_NSM', if_true: [files('virtio-nsm-pci.c', 'cbor-helpers.c'), libcbor])
virtio_pci_ss.add(when: 'CONFIG_VIRTIO_BALLOON', if_true: files('virtio-balloon-pci.c')) virtio_pci_ss.add(when: 'CONFIG_VIRTIO_BALLOON', if_true: files('virtio-balloon-pci.c'))
virtio_pci_ss.add(when: 'CONFIG_VIRTIO_9P', if_true: files('virtio-9p-pci.c')) virtio_pci_ss.add(when: 'CONFIG_VIRTIO_9P', if_true: files('virtio-9p-pci.c'))
virtio_pci_ss.add(when: 'CONFIG_VIRTIO_SCSI', if_true: files('virtio-scsi-pci.c')) virtio_pci_ss.add(when: 'CONFIG_VIRTIO_SCSI', if_true: files('virtio-scsi-pci.c'))

View File

@ -0,0 +1,73 @@
/*
* AWS Nitro Secure Module (NSM) device
*
* Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com>
*
* This work is licensed under the terms of the GNU GPL, version 2 or
* (at your option) any later version. See the COPYING file in the
* top-level directory.
*/
#include "qemu/osdep.h"
#include "hw/virtio/virtio-pci.h"
#include "hw/virtio/virtio-nsm.h"
#include "hw/qdev-properties.h"
#include "qapi/error.h"
#include "qemu/module.h"
#include "qom/object.h"
typedef struct VirtIONsmPCI VirtIONsmPCI;
#define TYPE_VIRTIO_NSM_PCI "virtio-nsm-pci-base"
DECLARE_INSTANCE_CHECKER(VirtIONsmPCI, VIRTIO_NSM_PCI,
TYPE_VIRTIO_NSM_PCI)
struct VirtIONsmPCI {
VirtIOPCIProxy parent_obj;
VirtIONSM vdev;
};
static void virtio_nsm_pci_realize(VirtIOPCIProxy *vpci_dev, Error **errp)
{
VirtIONsmPCI *vnsm = VIRTIO_NSM_PCI(vpci_dev);
DeviceState *vdev = DEVICE(&vnsm->vdev);
virtio_pci_force_virtio_1(vpci_dev);
if (!qdev_realize(vdev, BUS(&vpci_dev->bus), errp)) {
return;
}
}
static void virtio_nsm_pci_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass);
k->realize = virtio_nsm_pci_realize;
set_bit(DEVICE_CATEGORY_MISC, dc->categories);
}
static void virtio_nsm_initfn(Object *obj)
{
VirtIONsmPCI *dev = VIRTIO_NSM_PCI(obj);
virtio_instance_init_common(obj, &dev->vdev, sizeof(dev->vdev),
TYPE_VIRTIO_NSM);
}
static const VirtioPCIDeviceTypeInfo virtio_nsm_pci_info = {
.base_name = TYPE_VIRTIO_NSM_PCI,
.generic_name = "virtio-nsm-pci",
.instance_size = sizeof(VirtIONsmPCI),
.instance_init = virtio_nsm_initfn,
.class_init = virtio_nsm_pci_class_init,
};
static void virtio_nsm_pci_register(void)
{
virtio_pci_types_register(&virtio_nsm_pci_info);
}
type_init(virtio_nsm_pci_register)

1732
hw/virtio/virtio-nsm.c Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,45 @@
/*
* QEMU CBOR helpers
*
* Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com>
*
* This work is licensed under the terms of the GNU GPL, version 2 or
* (at your option) any later version. See the COPYING file in the
* top-level directory.
*/
#ifndef QEMU_VIRTIO_CBOR_HELPERS_H
#define QEMU_VIRTIO_CBOR_HELPERS_H
#include <cbor.h>
bool qemu_cbor_map_add(cbor_item_t *map, cbor_item_t *key, cbor_item_t *value);
bool qemu_cbor_array_push(cbor_item_t *array, cbor_item_t *value);
bool qemu_cbor_add_bool_to_map(cbor_item_t *map, const char *key, bool value);
bool qemu_cbor_add_uint8_to_map(cbor_item_t *map, const char *key,
uint8_t value);
bool qemu_cbor_add_map_to_map(cbor_item_t *map, const char *key,
size_t nested_map_size,
cbor_item_t **nested_map);
bool qemu_cbor_add_bytestring_to_map(cbor_item_t *map, const char *key,
uint8_t *arr, size_t len);
bool qemu_cbor_add_null_to_map(cbor_item_t *map, const char *key);
bool qemu_cbor_add_string_to_map(cbor_item_t *map, const char *key,
const char *value);
bool qemu_cbor_add_uint8_array_to_map(cbor_item_t *map, const char *key,
uint8_t *arr, size_t len);
bool qemu_cbor_add_uint8_key_bytestring_to_map(cbor_item_t *map, uint8_t key,
uint8_t *buf, size_t len);
bool qemu_cbor_add_uint64_to_map(cbor_item_t *map, const char *key,
uint64_t value);
#endif

View File

@ -0,0 +1,49 @@
/*
* AWS Nitro Secure Module (NSM) device
*
* Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com>
*
* This work is licensed under the terms of the GNU GPL, version 2 or
* (at your option) any later version. See the COPYING file in the
* top-level directory.
*/
#ifndef QEMU_VIRTIO_NSM_H
#define QEMU_VIRTIO_NSM_H
#include "crypto/hash.h"
#include "hw/virtio/virtio.h"
#include "qom/object.h"
#define NSM_MAX_PCRS 32
#define TYPE_VIRTIO_NSM "virtio-nsm-device"
OBJECT_DECLARE_SIMPLE_TYPE(VirtIONSM, VIRTIO_NSM)
#define VIRTIO_NSM_GET_PARENT_CLASS(obj) \
OBJECT_GET_PARENT_CLASS(obj, TYPE_VIRTIO_NSM)
struct PCRInfo {
bool locked;
uint8_t data[QCRYPTO_HASH_DIGEST_LEN_SHA384];
};
struct VirtIONSM {
VirtIODevice parent_obj;
/* Only one vq - guest puts request and response buffers on it */
VirtQueue *vq;
/* NSM State */
uint16_t max_pcrs;
struct PCRInfo pcrs[NSM_MAX_PCRS];
char *digest;
char *module_id;
uint8_t version_major;
uint8_t version_minor;
uint8_t version_patch;
bool (*extend_pcr)(VirtIONSM *vnsm, int ind, uint8_t *data, uint16_t len);
void (*lock_pcr)(VirtIONSM *vnsm, int ind);
};
#endif

View File

@ -1716,6 +1716,12 @@ if (have_system or have_tools) and (virgl.found() or opengl.found())
endif endif
have_vhost_user_gpu = have_vhost_user_gpu and virgl.found() and opengl.found() and gbm.found() have_vhost_user_gpu = have_vhost_user_gpu and virgl.found() and opengl.found() and gbm.found()
libcbor = not_found
if not get_option('libcbor').auto() or have_system
libcbor = dependency('libcbor', version: '>=0.7.0',
required: get_option('libcbor'))
endif
gnutls = not_found gnutls = not_found
gnutls_crypto = not_found gnutls_crypto = not_found
if get_option('gnutls').enabled() or (get_option('gnutls').auto() and have_system) if get_option('gnutls').enabled() or (get_option('gnutls').auto() and have_system)
@ -3130,6 +3136,7 @@ host_kconfig = \
(spice.found() ? ['CONFIG_SPICE=y'] : []) + \ (spice.found() ? ['CONFIG_SPICE=y'] : []) + \
(have_ivshmem ? ['CONFIG_IVSHMEM=y'] : []) + \ (have_ivshmem ? ['CONFIG_IVSHMEM=y'] : []) + \
(opengl.found() ? ['CONFIG_OPENGL=y'] : []) + \ (opengl.found() ? ['CONFIG_OPENGL=y'] : []) + \
(libcbor.found() ? ['CONFIG_LIBCBOR=y'] : []) + \
(x11.found() ? ['CONFIG_X11=y'] : []) + \ (x11.found() ? ['CONFIG_X11=y'] : []) + \
(fdt.found() ? ['CONFIG_FDT=y'] : []) + \ (fdt.found() ? ['CONFIG_FDT=y'] : []) + \
(have_vhost_user ? ['CONFIG_VHOST_USER=y'] : []) + \ (have_vhost_user ? ['CONFIG_VHOST_USER=y'] : []) + \
@ -4696,6 +4703,7 @@ summary_info += {'NUMA host support': numa}
summary_info += {'capstone': capstone} summary_info += {'capstone': capstone}
summary_info += {'libpmem support': libpmem} summary_info += {'libpmem support': libpmem}
summary_info += {'libdaxctl support': libdaxctl} summary_info += {'libdaxctl support': libdaxctl}
summary_info += {'libcbor support': libcbor}
summary_info += {'libudev': libudev} summary_info += {'libudev': libudev}
# Dummy dependency, keep .found() # Dummy dependency, keep .found()
summary_info += {'FUSE lseek': fuse_lseek.found()} summary_info += {'FUSE lseek': fuse_lseek.found()}

View File

@ -168,6 +168,8 @@ option('iconv', type : 'feature', value : 'auto',
description: 'Font glyph conversion support') description: 'Font glyph conversion support')
option('curses', type : 'feature', value : 'auto', option('curses', type : 'feature', value : 'auto',
description: 'curses UI') description: 'curses UI')
option('libcbor', type : 'feature', value : 'auto',
description: 'libcbor support')
option('gnutls', type : 'feature', value : 'auto', option('gnutls', type : 'feature', value : 'auto',
description: 'GNUTLS cryptography support') description: 'GNUTLS cryptography support')
option('nettle', type : 'feature', value : 'auto', option('nettle', type : 'feature', value : 'auto',

View File

@ -133,6 +133,7 @@ meson_options_help() {
printf "%s\n" ' keyring Linux keyring support' printf "%s\n" ' keyring Linux keyring support'
printf "%s\n" ' kvm KVM acceleration support' printf "%s\n" ' kvm KVM acceleration support'
printf "%s\n" ' l2tpv3 l2tpv3 network backend support' printf "%s\n" ' l2tpv3 l2tpv3 network backend support'
printf "%s\n" ' libcbor libcbor support'
printf "%s\n" ' libdaxctl libdaxctl support' printf "%s\n" ' libdaxctl libdaxctl support'
printf "%s\n" ' libdw debuginfo support' printf "%s\n" ' libdw debuginfo support'
printf "%s\n" ' libiscsi libiscsi userspace initiator' printf "%s\n" ' libiscsi libiscsi userspace initiator'
@ -358,6 +359,8 @@ _meson_option_parse() {
--disable-kvm) printf "%s" -Dkvm=disabled ;; --disable-kvm) printf "%s" -Dkvm=disabled ;;
--enable-l2tpv3) printf "%s" -Dl2tpv3=enabled ;; --enable-l2tpv3) printf "%s" -Dl2tpv3=enabled ;;
--disable-l2tpv3) printf "%s" -Dl2tpv3=disabled ;; --disable-l2tpv3) printf "%s" -Dl2tpv3=disabled ;;
--enable-libcbor) printf "%s" -Dlibcbor=enabled ;;
--disable-libcbor) printf "%s" -Dlibcbor=disabled ;;
--enable-libdaxctl) printf "%s" -Dlibdaxctl=enabled ;; --enable-libdaxctl) printf "%s" -Dlibdaxctl=enabled ;;
--disable-libdaxctl) printf "%s" -Dlibdaxctl=disabled ;; --disable-libdaxctl) printf "%s" -Dlibdaxctl=disabled ;;
--libdir=*) quote_sh "-Dlibdir=$2" ;; --libdir=*) quote_sh "-Dlibdir=$2" ;;