On 10/30/21 6:01 AM, Stefan Berger wrote:
When 'swtpm_setup --print-capabilities' shows the
'tpm12-not-need-root'
flag, then it is possible to create certificates for the TPM 1.2 also
in non-privileged mode since swtpm_setup doesn't need tcsd anymore.
Check for this flag and create the certificates if this flag is found.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/qemu/qemu_tpm.c | 5 ++++-
src/util/virtpm.c | 1 +
src/util/virtpm.h | 1 +
3 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index e1b08a66c5..91e21ae646 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -463,11 +463,14 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
if (!swtpm_setup)
return -1;
- if (!privileged && tpmversion == VIR_DOMAIN_TPM_VERSION_1_2)
+ if (!privileged && tpmversion == VIR_DOMAIN_TPM_VERSION_1_2 &&
+ !virTPMSwtpmSetupCapsGet(
+ VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT)) {
It's okay if this is on one line. The 80 character limit is more a
suggestion and I find it more readable if it's all on one line.
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
and pushed.
Michal