
On Mon, May 27, 2024 at 07:31:36PM +0200, Andrea Bolognani wrote:
We've made similar changes for aarch64 a few years back (see d8a1c059e0ed and previous commits), and the rationale is the same: the architecture is new enough that TPM 2.0 predates it, so TPM 1.2 support was never considered and will just not work.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- src/qemu/qemu_domain.c | 1 + src/qemu/qemu_validate.c | 10 ++++++---- .../aarch64-tpm-wrong-model.aarch64-latest.err | 2 +- ...4-virt-default-models.riscv64-latest.abi-update.xml | 2 +- .../riscv64-virt-default-models.riscv64-latest.xml | 2 +- 5 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index bda62f2e5c..6bb18ad5a8 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -6182,6 +6182,7 @@ qemuDomainTPMDefPostParse(virDomainTPMDef *tpm, tpm->data.emulator.version == VIR_DOMAIN_TPM_VERSION_DEFAULT) { if (tpm->model == VIR_DOMAIN_TPM_MODEL_SPAPR || tpm->model == VIR_DOMAIN_TPM_MODEL_CRB || + qemuDomainIsRISCVVirt(def) || qemuDomainIsARMVirt(def)) tpm->data.emulator.version = VIR_DOMAIN_TPM_VERSION_2_0; else diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index ac1940cb31..7b871be05f 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -4765,10 +4765,12 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm, _("TPM 1.2 is not supported with the SPAPR device model")); return -1; } - /* TPM 1.2 + ARM does not work */ - if (qemuDomainIsARMVirt(def)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("TPM 1.2 is not supported on ARM")); + /* TPM 1.2 does not work on certain modern architectures */ + if (qemuDomainIsARMVirt(def) || + qemuDomainIsRISCVVirt(def)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("TPM 1.2 is not supported on architecture '%1$s'"), + virArchToString(def->os.arch)); return -1; }
Hmm, what architectures /do/ allow 1.2 ? x86, s390x, ppc ? Should we consider just doing an "allow list" for arches, given that going forward nothing new should be allowed. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|