[PATCH v2 0/4] qemu: Use TPM 2.0 in most scenarios
Changes from [v1] * use TPM 2.0 more; * reject TPM 1.2 more; * add better comments to loongarch64 and s390x test cases. [v1] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/YZMV3... Andrea Bolognani (4): tests: Add TPM coverage to default-models tests tests: Delete some redundant test cases qemu: Default to TPM 2.0 in most scenarios qemu: Reject TPM 1.2 in most scenarios src/qemu/qemu_domain.c | 13 ++-- src/qemu/qemu_validate.c | 22 +++--- ...aarch64-tpm-wrong-model.aarch64-latest.err | 2 +- .../aarch64-tpm.aarch64-latest.args | 34 --------- .../aarch64-tpm.aarch64-latest.xml | 29 -------- tests/qemuxmlconfdata/aarch64-tpm.xml | 15 ---- ...ault-models.aarch64-latest.abi-update.args | 3 + ...fault-models.aarch64-latest.abi-update.xml | 3 + ...64-virt-default-models.aarch64-latest.args | 3 + ...h64-virt-default-models.aarch64-latest.xml | 3 + .../aarch64-virt-default-models.xml | 3 + .../loongarch64-virt-default-models.xml | 3 + ...efault-models.ppc64-latest.abi-update.args | 3 + ...default-models.ppc64-latest.abi-update.xml | 4 ++ ...4-pseries-default-models.ppc64-latest.args | 3 + ...64-pseries-default-models.ppc64-latest.xml | 4 ++ .../ppc64-pseries-default-models.xml | 3 + ...ault-models.riscv64-latest.abi-update.args | 3 + ...fault-models.riscv64-latest.abi-update.xml | 3 + ...64-virt-default-models.riscv64-latest.args | 3 + ...v64-virt-default-models.riscv64-latest.xml | 3 + .../riscv64-virt-default-models.xml | 3 + .../s390x-ccw-default-models.xml | 2 + .../tpm-emulator-spapr.ppc64-latest.args | 45 ------------ .../tpm-emulator-spapr.ppc64-latest.xml | 1 - tests/qemuxmlconfdata/tpm-emulator-spapr.xml | 70 ------------------- ...fault-models.x86_64-latest.abi-update.args | 3 + ...efault-models.x86_64-latest.abi-update.xml | 3 + ...86_64-pc-default-models.x86_64-latest.args | 3 + ...x86_64-pc-default-models.x86_64-latest.xml | 3 + .../x86_64-pc-default-models.xml | 3 + ...fault-models.x86_64-latest.abi-update.args | 3 + ...efault-models.x86_64-latest.abi-update.xml | 3 + ...6_64-q35-default-models.x86_64-latest.args | 3 + ...86_64-q35-default-models.x86_64-latest.xml | 3 + .../x86_64-q35-default-models.xml | 3 + tests/qemuxmlconftest.c | 2 - 37 files changed, 100 insertions(+), 215 deletions(-) delete mode 100644 tests/qemuxmlconfdata/aarch64-tpm.aarch64-latest.args delete mode 100644 tests/qemuxmlconfdata/aarch64-tpm.aarch64-latest.xml delete mode 100644 tests/qemuxmlconfdata/aarch64-tpm.xml delete mode 100644 tests/qemuxmlconfdata/tpm-emulator-spapr.ppc64-latest.args delete mode 120000 tests/qemuxmlconfdata/tpm-emulator-spapr.ppc64-latest.xml delete mode 100644 tests/qemuxmlconfdata/tpm-emulator-spapr.xml -- 2.45.1
We have a non-trivial amount of architecture-specific logic dealing with TPM, so it's good to have coverage for it. Note that two architectures currently don't have support for TPM devices enabled by default in QEMU: loongarch64 and s390x. The situation might change for the former, but that's unlikely to happen for the latter. Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- ...aarch64-virt-default-models.aarch64-latest.abi-update.args | 3 +++ .../aarch64-virt-default-models.aarch64-latest.abi-update.xml | 3 +++ .../aarch64-virt-default-models.aarch64-latest.args | 3 +++ .../aarch64-virt-default-models.aarch64-latest.xml | 3 +++ tests/qemuxmlconfdata/aarch64-virt-default-models.xml | 3 +++ tests/qemuxmlconfdata/loongarch64-virt-default-models.xml | 3 +++ .../ppc64-pseries-default-models.ppc64-latest.abi-update.args | 3 +++ .../ppc64-pseries-default-models.ppc64-latest.abi-update.xml | 4 ++++ .../ppc64-pseries-default-models.ppc64-latest.args | 3 +++ .../ppc64-pseries-default-models.ppc64-latest.xml | 4 ++++ tests/qemuxmlconfdata/ppc64-pseries-default-models.xml | 3 +++ ...riscv64-virt-default-models.riscv64-latest.abi-update.args | 3 +++ .../riscv64-virt-default-models.riscv64-latest.abi-update.xml | 3 +++ .../riscv64-virt-default-models.riscv64-latest.args | 3 +++ .../riscv64-virt-default-models.riscv64-latest.xml | 3 +++ tests/qemuxmlconfdata/riscv64-virt-default-models.xml | 3 +++ tests/qemuxmlconfdata/s390x-ccw-default-models.xml | 2 ++ .../x86_64-pc-default-models.x86_64-latest.abi-update.args | 3 +++ .../x86_64-pc-default-models.x86_64-latest.abi-update.xml | 3 +++ .../x86_64-pc-default-models.x86_64-latest.args | 3 +++ .../x86_64-pc-default-models.x86_64-latest.xml | 3 +++ tests/qemuxmlconfdata/x86_64-pc-default-models.xml | 3 +++ .../x86_64-q35-default-models.x86_64-latest.abi-update.args | 3 +++ .../x86_64-q35-default-models.x86_64-latest.abi-update.xml | 3 +++ .../x86_64-q35-default-models.x86_64-latest.args | 3 +++ .../x86_64-q35-default-models.x86_64-latest.xml | 3 +++ tests/qemuxmlconfdata/x86_64-q35-default-models.xml | 3 +++ 27 files changed, 82 insertions(+) diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.args b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.args index 0c4acf800f..a503f45d0c 100644 --- a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.args +++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.args @@ -38,6 +38,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ -device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"52:54:00:09:a4:37","bus":"pci.2","addr":"0x0"}' \ -chardev pty,id=charserial0 \ -serial chardev:charserial0 \ +-chardev socket,id=chrtpm,path=/dev/test \ +-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \ +-device '{"driver":"tpm-tis-device","tpmdev":"tpm-tpm0","id":"tpm0"}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -device '{"driver":"virtio-gpu-pci","id":"video0","max_outputs":1,"bus":"pci.5","addr":"0x0"}' \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.xml b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.xml index 87be062c89..bbe1dd931d 100644 --- a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.xml +++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.xml @@ -69,6 +69,9 @@ <console type='pty'> <target type='serial' port='0'/> </console> + <tpm model='tpm-tis'> + <backend type='emulator' version='2.0'/> + </tpm> <audio id='1' type='none'/> <video> <model type='virtio' heads='1' primary='yes'/> diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.args b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.args index 0c4acf800f..a503f45d0c 100644 --- a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.args +++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.args @@ -38,6 +38,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ -device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"52:54:00:09:a4:37","bus":"pci.2","addr":"0x0"}' \ -chardev pty,id=charserial0 \ -serial chardev:charserial0 \ +-chardev socket,id=chrtpm,path=/dev/test \ +-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \ +-device '{"driver":"tpm-tis-device","tpmdev":"tpm-tpm0","id":"tpm0"}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -device '{"driver":"virtio-gpu-pci","id":"video0","max_outputs":1,"bus":"pci.5","addr":"0x0"}' \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.xml b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.xml index 87be062c89..bbe1dd931d 100644 --- a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.xml +++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.xml @@ -69,6 +69,9 @@ <console type='pty'> <target type='serial' port='0'/> </console> + <tpm model='tpm-tis'> + <backend type='emulator' version='2.0'/> + </tpm> <audio id='1' type='none'/> <video> <model type='virtio' heads='1' primary='yes'/> diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.xml b/tests/qemuxmlconfdata/aarch64-virt-default-models.xml index cf7f330c0b..d9ad495e75 100644 --- a/tests/qemuxmlconfdata/aarch64-virt-default-models.xml +++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.xml @@ -14,6 +14,9 @@ <mac address='52:54:00:09:a4:37'/> </interface> <serial type='pty'/> + <tpm> + <backend type='emulator'/> + </tpm> <video/> <memballoon model='none'/> <!-- No default model for <panic/> on aarch64 --> diff --git a/tests/qemuxmlconfdata/loongarch64-virt-default-models.xml b/tests/qemuxmlconfdata/loongarch64-virt-default-models.xml index 109fb3b3ea..07af08b25d 100644 --- a/tests/qemuxmlconfdata/loongarch64-virt-default-models.xml +++ b/tests/qemuxmlconfdata/loongarch64-virt-default-models.xml @@ -14,6 +14,9 @@ <mac address='52:54:00:09:a4:37'/> </interface> <serial type='pty'/> + <!-- loongarch64 could probably use TPM but the necessary devices + are currently disabled in the default QEMU configuration for the + architecture. If that ever changes, add coverage here --> <video/> <memballoon model='none'/> <!-- No default model for <panic/> on loongarch64 --> diff --git a/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.abi-update.args b/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.abi-update.args index 1395f19bfe..f4ae38f1b5 100644 --- a/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.abi-update.args +++ b/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.abi-update.args @@ -32,6 +32,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ -device '{"driver":"rtl8139","netdev":"hostnet0","id":"net0","mac":"52:54:00:09:a4:37","bus":"pci.0","addr":"0x1"}' \ -chardev pty,id=charserial0 \ -device '{"driver":"spapr-vty","chardev":"charserial0","id":"serial0","reg":805306368}' \ +-chardev socket,id=chrtpm,path=/dev/test \ +-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \ +-device '{"driver":"tpm-spapr","tpmdev":"tpm-tpm0","id":"tpm0","reg":16384}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -device '{"driver":"VGA","id":"video0","vgamem_mb":16,"bus":"pci.0","addr":"0x3"}' \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ diff --git a/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.abi-update.xml b/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.abi-update.xml index 2304c6f786..24eed24ab6 100644 --- a/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.abi-update.xml +++ b/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.abi-update.xml @@ -42,6 +42,10 @@ <target type='serial' port='0'/> <address type='spapr-vio' reg='0x30000000'/> </console> + <tpm model='tpm-spapr'> + <backend type='emulator' version='2.0'/> + <address type='spapr-vio' reg='0x00004000'/> + </tpm> <audio id='1' type='none'/> <video> <model type='vga' vram='16384' heads='1' primary='yes'/> diff --git a/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.args b/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.args index 84c341a24d..c833b6cbf9 100644 --- a/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.args +++ b/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.args @@ -32,6 +32,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ -device '{"driver":"rtl8139","netdev":"hostnet0","id":"net0","mac":"52:54:00:09:a4:37","bus":"pci.0","addr":"0x1"}' \ -chardev pty,id=charserial0 \ -device '{"driver":"spapr-vty","chardev":"charserial0","id":"serial0","reg":805306368}' \ +-chardev socket,id=chrtpm,path=/dev/test \ +-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \ +-device '{"driver":"tpm-spapr","tpmdev":"tpm-tpm0","id":"tpm0","reg":16384}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -device '{"driver":"VGA","id":"video0","vgamem_mb":16,"bus":"pci.0","addr":"0x3"}' \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ diff --git a/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.xml b/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.xml index f342093ec8..4cf7257536 100644 --- a/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.xml +++ b/tests/qemuxmlconfdata/ppc64-pseries-default-models.ppc64-latest.xml @@ -42,6 +42,10 @@ <target type='serial' port='0'/> <address type='spapr-vio' reg='0x30000000'/> </console> + <tpm model='tpm-spapr'> + <backend type='emulator' version='2.0'/> + <address type='spapr-vio' reg='0x00004000'/> + </tpm> <audio id='1' type='none'/> <video> <model type='vga' vram='16384' heads='1' primary='yes'/> diff --git a/tests/qemuxmlconfdata/ppc64-pseries-default-models.xml b/tests/qemuxmlconfdata/ppc64-pseries-default-models.xml index 4c2d16f01a..afb2d5fc43 100644 --- a/tests/qemuxmlconfdata/ppc64-pseries-default-models.xml +++ b/tests/qemuxmlconfdata/ppc64-pseries-default-models.xml @@ -14,6 +14,9 @@ <mac address='52:54:00:09:a4:37'/> </interface> <serial type='pty'/> + <tpm> + <backend type='emulator'/> + </tpm> <video/> <memballoon model='none'/> <panic/> diff --git a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.args b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.args index 28b56d876c..8f878120b0 100644 --- a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.args +++ b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.args @@ -36,6 +36,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ -device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"52:54:00:09:a4:37","bus":"pci.2","addr":"0x0"}' \ -chardev pty,id=charserial0 \ -serial chardev:charserial0 \ +-chardev socket,id=chrtpm,path=/dev/test \ +-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \ +-device '{"driver":"tpm-tis-device","tpmdev":"tpm-tpm0","id":"tpm0"}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -device '{"driver":"virtio-vga","id":"video0","max_outputs":1,"bus":"pci.4","addr":"0x0"}' \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ diff --git a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.xml b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.xml index 942bd21f9e..a3a701b8e4 100644 --- a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.xml +++ b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.xml @@ -58,6 +58,9 @@ <console type='pty'> <target type='serial' port='0'/> </console> + <tpm model='tpm-tis'> + <backend type='emulator' version='1.2'/> + </tpm> <audio id='1' type='none'/> <video> <model type='virtio' heads='1' primary='yes'/> diff --git a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.args b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.args index 28b56d876c..8f878120b0 100644 --- a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.args +++ b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.args @@ -36,6 +36,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ -device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"52:54:00:09:a4:37","bus":"pci.2","addr":"0x0"}' \ -chardev pty,id=charserial0 \ -serial chardev:charserial0 \ +-chardev socket,id=chrtpm,path=/dev/test \ +-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \ +-device '{"driver":"tpm-tis-device","tpmdev":"tpm-tpm0","id":"tpm0"}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -device '{"driver":"virtio-vga","id":"video0","max_outputs":1,"bus":"pci.4","addr":"0x0"}' \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ diff --git a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.xml b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.xml index 942bd21f9e..a3a701b8e4 100644 --- a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.xml +++ b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.xml @@ -58,6 +58,9 @@ <console type='pty'> <target type='serial' port='0'/> </console> + <tpm model='tpm-tis'> + <backend type='emulator' version='1.2'/> + </tpm> <audio id='1' type='none'/> <video> <model type='virtio' heads='1' primary='yes'/> diff --git a/tests/qemuxmlconfdata/riscv64-virt-default-models.xml b/tests/qemuxmlconfdata/riscv64-virt-default-models.xml index d421b080a8..b89295af16 100644 --- a/tests/qemuxmlconfdata/riscv64-virt-default-models.xml +++ b/tests/qemuxmlconfdata/riscv64-virt-default-models.xml @@ -14,6 +14,9 @@ <mac address='52:54:00:09:a4:37'/> </interface> <serial type='pty'/> + <tpm> + <backend type='emulator'/> + </tpm> <video/> <memballoon model='none'/> <!-- No default model for <panic/> on riscv64 --> diff --git a/tests/qemuxmlconfdata/s390x-ccw-default-models.xml b/tests/qemuxmlconfdata/s390x-ccw-default-models.xml index a196129628..70e316f77d 100644 --- a/tests/qemuxmlconfdata/s390x-ccw-default-models.xml +++ b/tests/qemuxmlconfdata/s390x-ccw-default-models.xml @@ -14,6 +14,8 @@ <mac address='52:54:00:09:a4:37'/> </interface> <serial type='pty'/> + <!-- QEMU doesn't currently support TPM devices on s390x and there + are no plans for that to change in the future --> <video/> <memballoon model='none'/> <panic/> diff --git a/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.abi-update.args b/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.abi-update.args index 3220a40959..6563b05937 100644 --- a/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.abi-update.args +++ b/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.abi-update.args @@ -32,6 +32,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ -device '{"driver":"rtl8139","netdev":"hostnet0","id":"net0","mac":"52:54:00:09:a4:37","bus":"pci.0","addr":"0x3"}' \ -chardev pty,id=charserial0 \ -device '{"driver":"isa-serial","chardev":"charserial0","id":"serial0","index":0}' \ +-chardev socket,id=chrtpm,path=/dev/test \ +-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \ +-device '{"driver":"tpm-tis","tpmdev":"tpm-tpm0","id":"tpm0"}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -device '{"driver":"cirrus-vga","id":"video0","bus":"pci.0","addr":"0x2"}' \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ diff --git a/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.abi-update.xml b/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.abi-update.xml index dc563fdaf9..512d4bd597 100644 --- a/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.abi-update.xml +++ b/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.abi-update.xml @@ -39,6 +39,9 @@ </console> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> + <tpm model='tpm-tis'> + <backend type='emulator' version='1.2'/> + </tpm> <audio id='1' type='none'/> <video> <model type='cirrus' vram='16384' heads='1' primary='yes'/> diff --git a/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.args b/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.args index 3220a40959..6563b05937 100644 --- a/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.args +++ b/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.args @@ -32,6 +32,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ -device '{"driver":"rtl8139","netdev":"hostnet0","id":"net0","mac":"52:54:00:09:a4:37","bus":"pci.0","addr":"0x3"}' \ -chardev pty,id=charserial0 \ -device '{"driver":"isa-serial","chardev":"charserial0","id":"serial0","index":0}' \ +-chardev socket,id=chrtpm,path=/dev/test \ +-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \ +-device '{"driver":"tpm-tis","tpmdev":"tpm-tpm0","id":"tpm0"}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -device '{"driver":"cirrus-vga","id":"video0","bus":"pci.0","addr":"0x2"}' \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ diff --git a/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.xml b/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.xml index dc563fdaf9..512d4bd597 100644 --- a/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.xml +++ b/tests/qemuxmlconfdata/x86_64-pc-default-models.x86_64-latest.xml @@ -39,6 +39,9 @@ </console> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> + <tpm model='tpm-tis'> + <backend type='emulator' version='1.2'/> + </tpm> <audio id='1' type='none'/> <video> <model type='cirrus' vram='16384' heads='1' primary='yes'/> diff --git a/tests/qemuxmlconfdata/x86_64-pc-default-models.xml b/tests/qemuxmlconfdata/x86_64-pc-default-models.xml index 6727d2f6a0..7f4c9f8662 100644 --- a/tests/qemuxmlconfdata/x86_64-pc-default-models.xml +++ b/tests/qemuxmlconfdata/x86_64-pc-default-models.xml @@ -14,6 +14,9 @@ <mac address='52:54:00:09:a4:37'/> </interface> <serial type='pty'/> + <tpm> + <backend type='emulator'/> + </tpm> <video/> <memballoon model='none'/> <panic/> diff --git a/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.abi-update.args b/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.abi-update.args index b9905c6446..29ea0bedac 100644 --- a/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.abi-update.args +++ b/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.abi-update.args @@ -35,6 +35,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ -device '{"driver":"rtl8139","netdev":"hostnet0","id":"net0","mac":"52:54:00:09:a4:37","bus":"pci.2","addr":"0x1"}' \ -chardev pty,id=charserial0 \ -device '{"driver":"isa-serial","chardev":"charserial0","id":"serial0","index":0}' \ +-chardev socket,id=chrtpm,path=/dev/test \ +-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \ +-device '{"driver":"tpm-tis","tpmdev":"tpm-tpm0","id":"tpm0"}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -device '{"driver":"cirrus-vga","id":"video0","bus":"pcie.0","addr":"0x1"}' \ -global ICH9-LPC.noreboot=off \ diff --git a/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.abi-update.xml b/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.abi-update.xml index 782fe39491..6406229b2f 100644 --- a/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.abi-update.xml +++ b/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.abi-update.xml @@ -56,6 +56,9 @@ </console> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> + <tpm model='tpm-tis'> + <backend type='emulator' version='1.2'/> + </tpm> <audio id='1' type='none'/> <video> <model type='cirrus' vram='16384' heads='1' primary='yes'/> diff --git a/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.args b/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.args index b9905c6446..29ea0bedac 100644 --- a/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.args +++ b/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.args @@ -35,6 +35,9 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ -device '{"driver":"rtl8139","netdev":"hostnet0","id":"net0","mac":"52:54:00:09:a4:37","bus":"pci.2","addr":"0x1"}' \ -chardev pty,id=charserial0 \ -device '{"driver":"isa-serial","chardev":"charserial0","id":"serial0","index":0}' \ +-chardev socket,id=chrtpm,path=/dev/test \ +-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \ +-device '{"driver":"tpm-tis","tpmdev":"tpm-tpm0","id":"tpm0"}' \ -audiodev '{"id":"audio1","driver":"none"}' \ -device '{"driver":"cirrus-vga","id":"video0","bus":"pcie.0","addr":"0x1"}' \ -global ICH9-LPC.noreboot=off \ diff --git a/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.xml b/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.xml index 782fe39491..6406229b2f 100644 --- a/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.xml +++ b/tests/qemuxmlconfdata/x86_64-q35-default-models.x86_64-latest.xml @@ -56,6 +56,9 @@ </console> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> + <tpm model='tpm-tis'> + <backend type='emulator' version='1.2'/> + </tpm> <audio id='1' type='none'/> <video> <model type='cirrus' vram='16384' heads='1' primary='yes'/> diff --git a/tests/qemuxmlconfdata/x86_64-q35-default-models.xml b/tests/qemuxmlconfdata/x86_64-q35-default-models.xml index 5cdf07f9d3..65fb76f2dc 100644 --- a/tests/qemuxmlconfdata/x86_64-q35-default-models.xml +++ b/tests/qemuxmlconfdata/x86_64-q35-default-models.xml @@ -14,6 +14,9 @@ <mac address='52:54:00:09:a4:37'/> </interface> <serial type='pty'/> + <tpm> + <backend type='emulator'/> + </tpm> <video/> <memballoon model='none'/> <panic/> -- 2.45.1
On Tue, Jun 04, 2024 at 19:01:59 +0200, Andrea Bolognani wrote:
We have a non-trivial amount of architecture-specific logic dealing with TPM, so it's good to have coverage for it.
Note that two architectures currently don't have support for TPM devices enabled by default in QEMU: loongarch64 and s390x. The situation might change for the former, but that's unlikely to happen for the latter.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> ---
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Hi Andrea:
We have a non-trivial amount of architecture-specific logic dealing with TPM, so it's good to have coverage for it.
Note that two architectures currently don't have support for TPM devices enabled by default in QEMU: loongarch64 and s390x. The situation might change for the former, but that's unlikely to happen for the latter.
loongarch64 has added support in the source code of qemu using TIS TPM2.0. Before submission, we only carried out a simple test on TPM function, which is still in the experimental stage. Up to now, after adding tpm device, t here will be an exception in the startup stage of guestos. We don't have the energy to solve this problem at the moment, so please skip it for now. Thanks! Xianglai.
On Tue, Jun 18, 2024 at 11:57:49AM GMT, lixianglai wrote:
Hi Andrea:
We have a non-trivial amount of architecture-specific logic dealing with TPM, so it's good to have coverage for it.
Note that two architectures currently don't have support for TPM devices enabled by default in QEMU: loongarch64 and s390x. The situation might change for the former, but that's unlikely to happen for the latter.
loongarch64 has added support in the source code of qemu using TIS TPM2.0. Before submission, we only carried out a simple test on TPM function, which is still in the experimental stage. Up to now, after adding tpm device, t here will be an exception in the startup stage of guestos. We don't have the energy to solve this problem at the moment, so please skip it for now.
Got it, thanks for confirming! -- Andrea Bolognani / Red Hat / Virtualization
The default-models tests provide coverage for these scenarios now. Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> --- .../aarch64-tpm.aarch64-latest.args | 34 --------- .../aarch64-tpm.aarch64-latest.xml | 29 -------- tests/qemuxmlconfdata/aarch64-tpm.xml | 15 ---- .../tpm-emulator-spapr.ppc64-latest.args | 45 ------------ .../tpm-emulator-spapr.ppc64-latest.xml | 1 - tests/qemuxmlconfdata/tpm-emulator-spapr.xml | 70 ------------------- tests/qemuxmlconftest.c | 2 - 7 files changed, 196 deletions(-) delete mode 100644 tests/qemuxmlconfdata/aarch64-tpm.aarch64-latest.args delete mode 100644 tests/qemuxmlconfdata/aarch64-tpm.aarch64-latest.xml delete mode 100644 tests/qemuxmlconfdata/aarch64-tpm.xml delete mode 100644 tests/qemuxmlconfdata/tpm-emulator-spapr.ppc64-latest.args delete mode 120000 tests/qemuxmlconfdata/tpm-emulator-spapr.ppc64-latest.xml delete mode 100644 tests/qemuxmlconfdata/tpm-emulator-spapr.xml diff --git a/tests/qemuxmlconfdata/aarch64-tpm.aarch64-latest.args b/tests/qemuxmlconfdata/aarch64-tpm.aarch64-latest.args deleted file mode 100644 index 729d0cae53..0000000000 --- a/tests/qemuxmlconfdata/aarch64-tpm.aarch64-latest.args +++ /dev/null @@ -1,34 +0,0 @@ -LC_ALL=C \ -PATH=/bin \ -HOME=/var/lib/libvirt/qemu/domain--1-aarch64test \ -USER=test \ -LOGNAME=test \ -XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-aarch64test/.local/share \ -XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-aarch64test/.cache \ -XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-aarch64test/.config \ -/usr/bin/qemu-system-aarch64 \ --name guest=aarch64test,debug-threads=on \ --S \ --object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-aarch64test/master-key.aes"}' \ --machine virt,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=off \ --accel tcg \ --cpu cortex-a15 \ --m size=1048576k \ --object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \ --overcommit mem-lock=off \ --smp 1,sockets=1,cores=1,threads=1 \ --uuid 496d7ea8-9739-544b-4ebd-ef08be936e8b \ --display none \ --no-user-config \ --nodefaults \ --chardev socket,id=charmonitor,fd=1729,server=on,wait=off \ --mon chardev=charmonitor,id=monitor,mode=control \ --rtc base=utc \ --no-shutdown \ --boot strict=on \ --chardev socket,id=chrtpm,path=/dev/test \ --tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \ --device '{"driver":"tpm-tis-device","tpmdev":"tpm-tpm0","id":"tpm0"}' \ --audiodev '{"id":"audio1","driver":"none"}' \ --sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ --msg timestamp=on diff --git a/tests/qemuxmlconfdata/aarch64-tpm.aarch64-latest.xml b/tests/qemuxmlconfdata/aarch64-tpm.aarch64-latest.xml deleted file mode 100644 index e97f39aec3..0000000000 --- a/tests/qemuxmlconfdata/aarch64-tpm.aarch64-latest.xml +++ /dev/null @@ -1,29 +0,0 @@ -<domain type='qemu'> - <name>aarch64test</name> - <uuid>496d7ea8-9739-544b-4ebd-ef08be936e8b</uuid> - <memory unit='KiB'>1048576</memory> - <currentMemory unit='KiB'>1048576</currentMemory> - <vcpu placement='static'>1</vcpu> - <os> - <type arch='aarch64' machine='virt'>hvm</type> - <boot dev='hd'/> - </os> - <features> - <gic version='2'/> - </features> - <cpu mode='custom' match='exact' check='none'> - <model fallback='forbid'>cortex-a15</model> - </cpu> - <clock offset='utc'/> - <on_poweroff>destroy</on_poweroff> - <on_reboot>restart</on_reboot> - <on_crash>destroy</on_crash> - <devices> - <emulator>/usr/bin/qemu-system-aarch64</emulator> - <controller type='pci' index='0' model='pcie-root'/> - <tpm model='tpm-tis'> - <backend type='emulator' version='2.0'/> - </tpm> - <audio id='1' type='none'/> - </devices> -</domain> diff --git a/tests/qemuxmlconfdata/aarch64-tpm.xml b/tests/qemuxmlconfdata/aarch64-tpm.xml deleted file mode 100644 index b22dbee71e..0000000000 --- a/tests/qemuxmlconfdata/aarch64-tpm.xml +++ /dev/null @@ -1,15 +0,0 @@ -<domain type="qemu"> - <name>aarch64test</name> - <uuid>496d7ea8-9739-544b-4ebd-ef08be936e8b</uuid> - <memory>1048576</memory> - <vcpu placement='static'>1</vcpu> - <os> - <type arch="aarch64" machine="virt">hvm</type> - </os> - <devices> - <emulator>/usr/bin/qemu-system-aarch64</emulator> - <tpm> - <backend type='emulator'/> - </tpm> - </devices> -</domain> diff --git a/tests/qemuxmlconfdata/tpm-emulator-spapr.ppc64-latest.args b/tests/qemuxmlconfdata/tpm-emulator-spapr.ppc64-latest.args deleted file mode 100644 index cba1950e2d..0000000000 --- a/tests/qemuxmlconfdata/tpm-emulator-spapr.ppc64-latest.args +++ /dev/null @@ -1,45 +0,0 @@ -LC_ALL=C \ -PATH=/bin \ -HOME=/var/lib/libvirt/qemu/domain--1-TPM-VM \ -USER=test \ -LOGNAME=test \ -XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-TPM-VM/.local/share \ -XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-TPM-VM/.cache \ -XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-TPM-VM/.config \ -/usr/bin/qemu-system-ppc64 \ --name guest=TPM-VM,debug-threads=on \ --S \ --object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-TPM-VM/master-key.aes"}' \ --machine pseries-5.0,usb=off,dump-guest-core=off,memory-backend=ppc_spapr.ram \ --accel tcg \ --cpu POWER9 \ --m size=2097152k \ --object '{"qom-type":"memory-backend-ram","id":"ppc_spapr.ram","size":2147483648}' \ --overcommit mem-lock=off \ --smp 1,sockets=1,cores=1,threads=1 \ --uuid 11d7cd22-da89-3094-6212-079a48a309a1 \ --display none \ --no-user-config \ --nodefaults \ --chardev socket,id=charmonitor,fd=1729,server=on,wait=off \ --mon chardev=charmonitor,id=monitor,mode=control \ --rtc base=utc \ --no-shutdown \ --boot menu=on,strict=on \ --device '{"driver":"pci-ohci","id":"usb","bus":"pci.0","addr":"0x1"}' \ --device '{"driver":"spapr-vscsi","id":"scsi0","reg":8192}' \ --device '{"driver":"spapr-vscsi","id":"scsi1","reg":12288}' \ --blockdev '{"driver":"file","filename":"/tmp/scsidisk.img","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \ --blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \ --device '{"driver":"scsi-hd","bus":"scsi1.0","channel":0,"scsi-id":0,"lun":0,"device_id":"drive-scsi1-0-0-0","drive":"libvirt-1-format","id":"scsi1-0-0-0","bootindex":1}' \ --chardev pty,id=charserial0 \ --device '{"driver":"spapr-vty","chardev":"charserial0","id":"serial0","reg":805306368}' \ --chardev pty,id=charserial1 \ --device '{"driver":"spapr-vty","chardev":"charserial1","id":"serial1","reg":805310464}' \ --chardev socket,id=chrtpm,path=/dev/test \ --tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \ --device '{"driver":"tpm-spapr","tpmdev":"tpm-tpm0","id":"tpm0","reg":20480}' \ --audiodev '{"id":"audio1","driver":"none"}' \ --global spapr-nvram.reg=0x4000 \ --sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ --msg timestamp=on diff --git a/tests/qemuxmlconfdata/tpm-emulator-spapr.ppc64-latest.xml b/tests/qemuxmlconfdata/tpm-emulator-spapr.ppc64-latest.xml deleted file mode 120000 index e3c4cd8051..0000000000 --- a/tests/qemuxmlconfdata/tpm-emulator-spapr.ppc64-latest.xml +++ /dev/null @@ -1 +0,0 @@ -tpm-emulator-spapr.xml \ No newline at end of file diff --git a/tests/qemuxmlconfdata/tpm-emulator-spapr.xml b/tests/qemuxmlconfdata/tpm-emulator-spapr.xml deleted file mode 100644 index 1b4b825e2c..0000000000 --- a/tests/qemuxmlconfdata/tpm-emulator-spapr.xml +++ /dev/null @@ -1,70 +0,0 @@ -<domain type='qemu'> - <name>TPM-VM</name> - <uuid>11d7cd22-da89-3094-6212-079a48a309a1</uuid> - <memory unit='KiB'>2097152</memory> - <currentMemory unit='KiB'>512288</currentMemory> - <vcpu placement='static'>1</vcpu> - <os> - <type arch='ppc64' machine='pseries-5.0'>hvm</type> - <boot dev='hd'/> - <bootmenu enable='yes'/> - </os> - <features> - <acpi/> - </features> - <cpu mode='custom' match='exact' check='none'> - <model fallback='forbid'>POWER9</model> - </cpu> - <clock offset='utc'/> - <on_poweroff>destroy</on_poweroff> - <on_reboot>restart</on_reboot> - <on_crash>destroy</on_crash> - <devices> - <emulator>/usr/bin/qemu-system-ppc64</emulator> - <disk type='file' device='disk'> - <driver name='qemu' type='raw'/> - <source file='/tmp/scsidisk.img'/> - <target dev='sda' bus='scsi'/> - <address type='drive' controller='1' bus='0' target='0' unit='0'/> - </disk> - <controller type='scsi' index='0' model='ibmvscsi'> - <address type='spapr-vio' reg='0x00002000'/> - </controller> - <controller type='scsi' index='1' model='ibmvscsi'> - <address type='spapr-vio' reg='0x00003000'/> - </controller> - <controller type='usb' index='0' model='pci-ohci'> - <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/> - </controller> - <controller type='pci' index='0' model='pci-root'> - <model name='spapr-pci-host-bridge'/> - <target index='0'/> - </controller> - <serial type='pty'> - <target type='spapr-vio-serial' port='0'> - <model name='spapr-vty'/> - </target> - <address type='spapr-vio' reg='0x30000000'/> - </serial> - <serial type='pty'> - <target type='spapr-vio-serial' port='1'> - <model name='spapr-vty'/> - </target> - <address type='spapr-vio' reg='0x30001000'/> - </serial> - <console type='pty'> - <target type='serial' port='0'/> - <address type='spapr-vio' reg='0x30000000'/> - </console> - <tpm model='tpm-spapr'> - <backend type='emulator' version='2.0'/> - <address type='spapr-vio' reg='0x00005000'/> - </tpm> - <audio id='1' type='none'/> - <memballoon model='none'/> - <nvram> - <address type='spapr-vio' reg='0x00004000'/> - </nvram> - <panic model='pseries'/> - </devices> -</domain> diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c index 2842b44b3e..d2f62081b7 100644 --- a/tests/qemuxmlconftest.c +++ b/tests/qemuxmlconftest.c @@ -2482,8 +2482,6 @@ mymain(void) DO_TEST_CAPS_LATEST("tpm-emulator-tpm2"); DO_TEST_CAPS_LATEST("tpm-emulator-tpm2-enc"); DO_TEST_CAPS_LATEST("tpm-emulator-tpm2-pstate"); - DO_TEST_CAPS_LATEST_PPC64("tpm-emulator-spapr"); - DO_TEST_CAPS_ARCH_LATEST("aarch64-tpm", "aarch64"); DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR("aarch64-tpm-wrong-model", "aarch64"); DO_TEST_CAPS_LATEST("tpm-external"); -- 2.45.1
TPM 1.2 is a pretty bad default these days, especially for architectures which were introduced when TPM 2.0 already existed. We're already carving out exceptions for several scenarios, but that's basically backwards: at this point, using TPM 1.2 is the exception. Restructure the code so that it reflects reality and we don't have to remember to update it every time a new architecture is introduced. Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- src/qemu/qemu_domain.c | 13 ++++++++----- ...irt-default-models.riscv64-latest.abi-update.xml | 2 +- .../riscv64-virt-default-models.riscv64-latest.xml | 2 +- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index bda62f2e5c..7ba2ea4a5e 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -6180,12 +6180,15 @@ qemuDomainTPMDefPostParse(virDomainTPMDef *tpm, /* TPM 1.2 and 2 are not compatible, so we choose a specific version here */ if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR && tpm->data.emulator.version == VIR_DOMAIN_TPM_VERSION_DEFAULT) { - if (tpm->model == VIR_DOMAIN_TPM_MODEL_SPAPR || - tpm->model == VIR_DOMAIN_TPM_MODEL_CRB || - qemuDomainIsARMVirt(def)) - tpm->data.emulator.version = VIR_DOMAIN_TPM_VERSION_2_0; - else + /* tpm-tis on x86 defaults to TPM 1.2 to preserve the + * historical behavior, but in all other scenarios we want + * TPM 2.0 instead */ + if (tpm->model == VIR_DOMAIN_TPM_MODEL_TIS && + ARCH_IS_X86(def->os.arch)) { tpm->data.emulator.version = VIR_DOMAIN_TPM_VERSION_1_2; + } else { + tpm->data.emulator.version = VIR_DOMAIN_TPM_VERSION_2_0; + } } return 0; diff --git a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.xml b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.xml index a3a701b8e4..6712c2d831 100644 --- a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.xml +++ b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.xml @@ -59,7 +59,7 @@ <target type='serial' port='0'/> </console> <tpm model='tpm-tis'> - <backend type='emulator' version='1.2'/> + <backend type='emulator' version='2.0'/> </tpm> <audio id='1' type='none'/> <video> diff --git a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.xml b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.xml index a3a701b8e4..6712c2d831 100644 --- a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.xml +++ b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.xml @@ -59,7 +59,7 @@ <target type='serial' port='0'/> </console> <tpm model='tpm-tis'> - <backend type='emulator' version='1.2'/> + <backend type='emulator' version='2.0'/> </tpm> <audio id='1' type='none'/> <video> -- 2.45.1
On Tue, Jun 04, 2024 at 19:02:01 +0200, Andrea Bolognani wrote:
TPM 1.2 is a pretty bad default these days, especially for architectures which were introduced when TPM 2.0 already existed.
We're already carving out exceptions for several scenarios, but that's basically backwards: at this point, using TPM 1.2 is the exception.
Restructure the code so that it reflects reality and we don't have to remember to update it every time a new architecture is introduced.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- src/qemu/qemu_domain.c | 13 ++++++++----- ...irt-default-models.riscv64-latest.abi-update.xml | 2 +- .../riscv64-virt-default-models.riscv64-latest.xml | 2 +- 3 files changed, 10 insertions(+), 7 deletions(-)
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Everywhere we use TPM 2.0 as our default, the chances of TPM 1.2 being supported by the guest OS are very slim. Just reject such configurations outright. Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- src/qemu/qemu_validate.c | 22 ++++++++----------- ...aarch64-tpm-wrong-model.aarch64-latest.err | 2 +- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index c08e1538f9..95af93d606 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -4755,23 +4755,19 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm, switch (version) { case VIR_DOMAIN_TPM_VERSION_1_2: - /* TPM 1.2 + CRB do not work */ - if (tpm->model == VIR_DOMAIN_TPM_MODEL_CRB) { + /* Only tpm-tis supports TPM 1.2, and even that is only + * on x86: for all other models and architectures, we + * want TPM 2.0 */ + if (tpm->model != VIR_DOMAIN_TPM_MODEL_TIS) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Unsupported interface '%1$s' for TPM 1.2"), + _("TPM 1.2 is not supported for model '%1$s'"), virDomainTPMModelTypeToString(tpm->model)); return -1; } - /* TPM 1.2 + SPAPR do not work with any 'type' (backend) */ - if (tpm->model == VIR_DOMAIN_TPM_MODEL_SPAPR) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("TPM 1.2 is not supported with the SPAPR device model")); - return -1; - } - /* TPM 1.2 + ARM does not work */ - if (qemuDomainIsARMVirt(def)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("TPM 1.2 is not supported on ARM")); + if (!ARCH_IS_X86(def->os.arch)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("TPM 1.2 is not supported on architecture '%1$s'"), + virArchToString(def->os.arch)); return -1; } break; diff --git a/tests/qemuxmlconfdata/aarch64-tpm-wrong-model.aarch64-latest.err b/tests/qemuxmlconfdata/aarch64-tpm-wrong-model.aarch64-latest.err index a3a82fdcf5..44c6e7372b 100644 --- a/tests/qemuxmlconfdata/aarch64-tpm-wrong-model.aarch64-latest.err +++ b/tests/qemuxmlconfdata/aarch64-tpm-wrong-model.aarch64-latest.err @@ -1 +1 @@ -unsupported configuration: TPM 1.2 is not supported on ARM +unsupported configuration: TPM 1.2 is not supported on architecture 'aarch64' -- 2.45.1
On Tue, Jun 04, 2024 at 19:02:02 +0200, Andrea Bolognani wrote:
Everywhere we use TPM 2.0 as our default, the chances of TPM 1.2 being supported by the guest OS are very slim. Just reject such configurations outright.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- src/qemu/qemu_validate.c | 22 ++++++++----------- ...aarch64-tpm-wrong-model.aarch64-latest.err | 2 +- 2 files changed, 10 insertions(+), 14 deletions(-)
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
participants (3)
-
Andrea Bolognani -
lixianglai -
Peter Krempa