Re: [PATCH 3/3] qemu: Only allow TPM 2.0 for RISC-V guests
On Mon, Jun 03, 2024 at 10:50:40AM GMT, Daniel P. Berrangé wrote:
On Mon, May 27, 2024 at 07:31:36PM +0200, Andrea Bolognani wrote:
> + /* TPM 1.2 does not work on certain modern architectures */
> + if (qemuDomainIsARMVirt(def) ||
> + qemuDomainIsRISCVVirt(def)) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> + _("TPM 1.2 is not supported on architecture
'%1$s'"),
> + virArchToString(def->os.arch));
> return -1;
> }
Hmm, what architectures /do/ allow 1.2 ? x86, s390x, ppc ? Should
we consider just doing an "allow list" for arches, given that going
forward nothing new should be allowed.
ppc64 defaults to 2.0 already and s390x doesn't do TPM. Flipping
things around so that 1.2 becomes the special case and is only
allowed for x86 would make sense.
The only remaining question mark is loongarch64. I assume that, just
like riscv64 and aarch64 before it, it wouldn't bother with 1.2 at
all, but I'm not 100% sure. On the other hand, TPM support is
currently compiled out by default in the QEMU system binary for that
architecture, so we could go ahead with the change under that
assumption and revisit things later if necessary. Does that sound
good?
--
Andrea Bolognani / Red Hat / Virtualization