Surprisingly, we don't document TPM part of domain capabilities. Fortunately, the information exposed is pretty much self explanatory, but we should document it regardless. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt; --- docs/formatdomaincaps.rst | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst index 933469b2a2..384b5eb7ea 100644 --- a/docs/formatdomaincaps.rst +++ b/docs/formatdomaincaps.rst @@ -494,6 +494,36 @@ instance: ``driverType`` Options for the ``type`` attribute of the <filesystem><driver> element. +TPM device +^^^^^^^^^^ + +TPM device capabilities are exposed under the ``tpm`` element. For instance: + +:: + + <domainCapabilities> + ... + <devices> + <tpm supported='yes'> + <enum name='model'> + <value>tpm-tis</value> + <value>tpm-crb</value> + </enum> + <enum name='backendModel'> + <value>passthrough</value> + <value>emulator</value> + </enum> + </tpm> + ... + </devices> + <domainCapabilities> + +``model`` + Options for the ``model`` attribute of the <tpm/> element. +``backendModel`` + Options for the ``type`` attribute of the <tpm><backend/> element. + + Features ~~~~~~~~ -- 2.35.1

These new capabilities will be used only to track whether swtpm_setup is capable of TPM-1.2 and/or TPM-2.0. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt; --- src/util/virtpm.c | 2 ++ src/util/virtpm.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/util/virtpm.c b/src/util/virtpm.c index b898f3a6db..3c961c11cb 100644 --- a/src/util/virtpm.c +++ b/src/util/virtpm.c @@ -47,6 +47,8 @@ VIR_ENUM_IMPL(virTPMSwtpmSetupFeature, "cmdarg-create-config-files", "tpm12-not-need-root", "cmdarg-reconfigure-pcr-banks", + "tpm-1.2", + "tpm-2.0", ); /** diff --git a/src/util/virtpm.h b/src/util/virtpm.h index 0a82a03b69..bbf379a54a 100644 --- a/src/util/virtpm.h +++ b/src/util/virtpm.h @@ -42,6 +42,8 @@ typedef enum { VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES, VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT, VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS, + VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2, + VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0, VIR_TPM_SWTPM_SETUP_FEATURE_LAST } virTPMSwtpmSetupFeature; -- 2.35.1

We accept TPM version in the domain XML. However, supported version depends on the host configuration (swtpm_setup binary) and thus it may be tricky for users (or mgmt applications) chose a version. Introduce machinery for reporting supported version in domain capabilities. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt; --- docs/formatdomaincaps.rst | 6 ++++++ src/conf/domain_capabilities.c | 1 + src/conf/domain_capabilities.h | 1 + 3 files changed, 8 insertions(+) diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst index 384b5eb7ea..a60e610c4c 100644 --- a/docs/formatdomaincaps.rst +++ b/docs/formatdomaincaps.rst @@ -513,6 +513,10 @@ TPM device capabilities are exposed under the ``tpm`` element. For instance: <value>passthrough</value> <value>emulator</value> </enum> + <enum name='backendVersion'> + <value>1.2</value> + <value>2.0</value> + </enum> </tpm> ... </devices> @@ -522,6 +526,8 @@ TPM device capabilities are exposed under the ``tpm`` element. For instance: Options for the ``model`` attribute of the <tpm/> element. ``backendModel`` Options for the ``type`` attribute of the <tpm><backend/> element. +``backendVersion`` + Options for the ``version`` attribute of the <tpm><backend/> element. Features diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index 895e8d00e8..33570a51db 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -539,6 +539,7 @@ virDomainCapsDeviceTPMFormat(virBuffer *buf, ENUM_PROCESS(tpm, model, virDomainTPMModelTypeToString); ENUM_PROCESS(tpm, backendModel, virDomainTPMBackendTypeToString); + ENUM_PROCESS(tpm, backendVersion, virDomainTPMVersionTypeToString); FORMAT_EPILOGUE(tpm); } diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index f2eed80b15..a526969cda 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -127,6 +127,7 @@ struct _virDomainCapsDeviceTPM { virTristateBool supported; virDomainCapsEnum model; /* virDomainTPMModel */ virDomainCapsEnum backendModel; /* virDomainTPMBackendType */ + virDomainCapsEnum backendVersion; /* virDomainTPMVersion */ }; STATIC_ASSERT_ENUM(VIR_DOMAIN_FS_DRIVER_TYPE_LAST); -- 2.35.1

Now that we have everything prepared, we can start detecting supported TPM versions and setting corresponding values in backendModel struct. Resolves: https://gitlab.com/libvirt/libvirt/-/issues/340 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2103119 Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt; --- src/qemu/qemu_capabilities.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 2c3be3ecec..8586930266 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -6368,9 +6368,18 @@ virQEMUCapsFillDomainDeviceTPMCaps(virQEMUCaps *qemuCaps, if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_PASSTHROUGH)) VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendModel, VIR_DOMAIN_TPM_TYPE_PASSTHROUGH); - if (virTPMHasSwtpm() && - virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_EMULATOR)) - VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendModel, VIR_DOMAIN_TPM_TYPE_EMULATOR); + if (virTPMHasSwtpm()) { + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_EMULATOR)) + VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendModel, VIR_DOMAIN_TPM_TYPE_EMULATOR); + if (virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2)) { + VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendVersion, VIR_DOMAIN_TPM_VERSION_1_2); + tpm->backendVersion.report = true; + } + if (virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0)) { + VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendVersion, VIR_DOMAIN_TPM_VERSION_2_0); + tpm->backendVersion.report = true; + } + } /* * Need at least one frontend if it is to be usable by applications -- 2.35.1