[PATCH v2 2/3] qemu_tpm: lock the state explicitly when running swtpm
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Commit bb5e26749fe5b ("qemu: explicit swtpm state locking") attempted to
lock the state, but only for swtpm-setup. The capability
"tpmstate-opt-lock" is actually only exposed by swtpm.
Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Reviewed-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/qemu/qemu_tpm.c | 15 +++++++++++----
src/util/virtpm.c | 1 +
src/util/virtpm.h | 1 +
3 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 476e3dd224..942ee64263 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -606,17 +606,24 @@ static void
qemuTPMVirCommandSwtpmAddTPMState(virCommand *cmd,
const virDomainTPMEmulatorDef *emulator)
{
+ const char *lock = ",lock";
+
+ if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_TPMSTATE_OPT_LOCK)) {
+ VIR_WARN("This swtpm version doesn't support explicit locking");
+ lock = "";
+ }
+
virCommandAddArg(cmd, "--tpmstate");
switch (emulator->source_type) {
case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE:
- virCommandAddArgFormat(cmd, "backend-uri=file://%s",
- emulator->source_path);
+ virCommandAddArgFormat(cmd, "backend-uri=file://%s%s",
+ emulator->source_path, lock);
break;
case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR:
case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT:
case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST:
- virCommandAddArgFormat(cmd, "dir=%s,mode=0600",
- emulator->source_path);
+ virCommandAddArgFormat(cmd, "dir=%s,mode=0600%s",
+ emulator->source_path, lock);
break;
}
}
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index f90839debe..cf0f20e009 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -43,6 +43,7 @@ VIR_ENUM_IMPL(virTPMSwtpmFeature,
"nvram-backend-dir",
"nvram-backend-file",
"cmdarg-print-info",
+ "tpmstate-opt-lock",
);
VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index 4119a903e5..c741d28465 100644
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -34,6 +34,7 @@ typedef enum {
VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_DIR,
VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_FILE,
VIR_TPM_SWTPM_FEATURE_CMDARG_PRINT_INFO,
+ VIR_TPM_SWTPM_FEATURE_TPMSTATE_OPT_LOCK,
VIR_TPM_SWTPM_FEATURE_LAST
} virTPMSwtpmFeature;
--
2.47.0