On 10/30/21 6:01 AM, Stefan Berger wrote:
When 'swtpm_setup --print-capabilities' shows the 'tpm12-not-need-root' flag, then it is possible to create certificates for the TPM 1.2 also in non-privileged mode since swtpm_setup doesn't need tcsd anymore. Check for this flag and create the certificates if this flag is found.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- src/qemu/qemu_tpm.c | 5 ++++- src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + 3 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index e1b08a66c5..91e21ae646 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -463,11 +463,14 @@ qemuTPMEmulatorRunSetup(const char *storagepath, if (!swtpm_setup) return -1;
- if (!privileged && tpmversion == VIR_DOMAIN_TPM_VERSION_1_2) + if (!privileged && tpmversion == VIR_DOMAIN_TPM_VERSION_1_2 && + !virTPMSwtpmSetupCapsGet( + VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT)) {
It's okay if this is on one line. The 80 character limit is more a suggestion and I find it more readable if it's all on one line. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> and pushed. Michal