[PATCH v5 6/6] qemu: explicit swtpm state locking
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
With upcoming v0.10 swtpm (commit
https://github.com/stefanberger/swtpm/commit/aa483aeb6df87ed56ccf3d5778d6...),
file locking with "lock" option is now supported and reflected in
"tpmstate-opt-lock" capability.
Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Reviewed-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/qemu/qemu_tpm.c | 11 +++++++++--
src/util/virtpm.c | 1 +
src/util/virtpm.h | 1 +
tests/testutilsqemu.c | 1 +
4 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index bf94b6ac0d..edd10ca2f6 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -344,16 +344,23 @@ static char *
qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSourceType source_type,
const char *source_path)
{
+ const char *lock = ",lock";
+
+ if (!virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK)) {
+ VIR_WARN("This swtpm version doesn't support explicit locking");
+ lock = "";
+ }
+
switch (source_type) {
case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE:
/* the file:// prefix is supported since swtpm_setup 0.7.0 */
/* assume the capability check for swtpm is redundant. */
- return g_strdup_printf("file://%s", source_path);
+ return g_strdup_printf("file://%s%s", source_path, lock);
case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR:
case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT:
case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST:
default:
- return g_strdup_printf("%s", source_path);
+ return g_strdup_printf("%s%s", source_path, lock);
}
}
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index 298caaad80..8dcd3f90d9 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -52,6 +52,7 @@ VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
"cmdarg-reconfigure-pcr-banks",
"tpm-1.2",
"tpm-2.0",
+ "tpmstate-opt-lock",
);
/**
diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index 99dbcc1dc8..279cb7e976 100644
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -44,6 +44,7 @@ typedef enum {
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS,
VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2,
VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0,
+ VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK,
VIR_TPM_SWTPM_SETUP_FEATURE_LAST
} virTPMSwtpmSetupFeature;
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index 4daee432e5..f40bfa873c 100644
--- a/tests/testutilsqemu.c
+++ b/tests/testutilsqemu.c
@@ -71,6 +71,7 @@ virTPMSwtpmSetupCapsGet(virTPMSwtpmSetupFeature cap)
case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES:
case VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT:
case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS:
+ case VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK:
case VIR_TPM_SWTPM_SETUP_FEATURE_LAST:
break;
}
--
2.47.0