Re: [PATCH v2] qemu: tpm: Run swtpm_setup --create-config-files in session mode

Using swtpm v0.7.0 we can run swtpm_setup to create default config files for swtpm_setup and swtpm-localca in session mode. Now a user can start a VM with an attached TPM without having to run this program on the command line before. This program needs to run once.

This patch addresses the issue raised in https://bugzilla.redhat.com/show_bug.cgi?id=2010649 Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com&gt; v2: - fixed return code if swtpm_setup doesn't support the option --- src/qemu/qemu_tpm.c | 43 +++++++++++++++++++++++++++++++++++++++++++ src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + 3 files changed, 45 insertions(+) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 100481503c..bf6c8e5ad5 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -385,6 +385,46 @@ qemuTPMSetupEncryption(const unsigned char *secretuuid, return virCommandSetSendBuffer(cmd, g_steal_pointer(&secret), secret_len); } + +/* + * qemuTPMCreateConfigFiles: run swtpm_setup --create-config-files skip-if-exist + * + * @logfile: The file to write the log into; it must be writable + * for the user given by userid or 'tss' + */ +static int +qemuTPMCreateConfigFiles(const char *logfile) +{ + g_autofree char *swtpm_setup = virTPMGetSwtpmSetup(); + g_autoptr(virCommand) cmd = NULL; + int exitstatus; + + if (!swtpm_setup) + return -1; + + if (!virTPMSwtpmSetupCapsGet( + VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES)) + return 0; + + cmd = virCommandNew(swtpm_setup); + if (!cmd) + return -1; + + virCommandAddArgList(cmd, "--create-config-files", "skip-if-exist", NULL); + virCommandClearCaps(cmd); + + if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus != 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Could not run '%s' to create config files. exitstatus: %d; " + "Check error log '%s' for details."), + swtpm_setup, exitstatus, logfile);