Re: [libvirt PATCH 2/3] qemu: fill in domain capabilities for TPMs
On Tue, Nov 23, 2021 at 18:04:07 +0000, Daniel P. Berrangé wrote:
This reports what TPM features QEMU supports, provided that swtpm is
installed in the host.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
[...]
diff --git a/src/qemu/qemu_capabilities.c
b/src/qemu/qemu_capabilities.c
index a4c492dde2..374909bef2 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
[...]
@@ -6206,6 +6207,35 @@ virQEMUCapsFillDomainDeviceFSCaps(virQEMUCaps
*qemuCaps,
}
+void
+virQEMUCapsFillDomainDeviceTPMCaps(virQEMUCaps *qemuCaps,
+ virDomainCapsDeviceTPM *tpm)
+{
+ if (virTPMEmulatorInit() < 0) {
+ virResetLastError();
Resetting the error here is not acceptable as it pollutes logs with:
2021-11-24 08:58:21.996+0000: 3685776: error : virTPMEmulatorInit:313 : Unable to find
'swtpm' binary in $PATH: No such file or directory
each time capabilities are queried. You will certainly need a "quiet"
variant of this function.
+ tpm->supported = VIR_TRISTATE_BOOL_NO;
+ } else {
+ tpm->supported = VIR_TRISTATE_BOOL_YES;
+ tpm->model.report = true;
+ tpm->backendModel.report = true;
+
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_TIS))
+ VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_TIS);
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_CRB))
+ VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_CRB);
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_SPAPR))
+ VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_SPAPR);
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY))
+ VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_SPAPR_PROXY);
In certain versions (visible in the next commit) neither of the above is
supported which resutls in:
diff --git a/tests/domaincapsdata/qemu_2.11.0.s390x.xml
b/tests/domaincapsdata/qemu_2.11.0.s390x.xml
index 804bf8020e..f76624ffc8 100644
--- a/tests/domaincapsdata/qemu_2.11.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_2.11.0.s390x.xml
@@ -205,7 +205,12 @@
<value>handle</value>
</enum>
</filesystem>
- <tpm supported='no'/>
+ <tpm supported='yes'>
+ <enum name='model'/>
+ <enum name='backendModel'>
+ <value>emulator</value>
+ </enum>
+ </tpm>
</devices>
<features>
<gic supported='no'/>
Does it even make sense to show that TPM is supported?
+
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_PASSTHROUGH))
+ VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendModel,
VIR_DOMAIN_TPM_TYPE_PASSTHROUGH);
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_EMULATOR))
+ VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendModel,
VIR_DOMAIN_TPM_TYPE_EMULATOR);
+ }
+}
+
+
/**
* virQEMUCapsSupportsGICVersion:
* @qemuCaps: QEMU capabilities
[...]