qemu: Default to TPM 2.0 in most scenarios

TPM 1.2 is a pretty bad default these days, especially for architectures which were introduced when TPM 2.0 already existed. We're already carving out exceptions for several scenarios, but that's basically backwards: at this point, using TPM 1.2 is the exception. Restructure the code so that it reflects reality and we don't have to remember to update it every time a new architecture is introduced. Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2024-11-09 15:00:07 +00:00 · 2024-06-04 18:40:29 +02:00 · 2024-06-04 18:40:29 +02:00 · 220b2690da
commit 220b2690da
parent ca517f992e
3 changed files with 10 additions and 7 deletions
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@ -6180,12 +6180,15 @@ qemuDomainTPMDefPostParse(virDomainTPMDef *tpm,
    /* TPM 1.2 and 2 are not compatible, so we choose a specific version here */
    if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR &&
        tpm->data.emulator.version == VIR_DOMAIN_TPM_VERSION_DEFAULT) {
-        if (tpm->model == VIR_DOMAIN_TPM_MODEL_SPAPR ||
-            tpm->model == VIR_DOMAIN_TPM_MODEL_CRB ||
-            qemuDomainIsARMVirt(def))
-            tpm->data.emulator.version = VIR_DOMAIN_TPM_VERSION_2_0;
-        else
+        /* tpm-tis on x86 defaults to TPM 1.2 to preserve the
+         * historical behavior, but in all other scenarios we want
+         * TPM 2.0 instead */
+        if (tpm->model == VIR_DOMAIN_TPM_MODEL_TIS &&
+            ARCH_IS_X86(def->os.arch)) {
            tpm->data.emulator.version = VIR_DOMAIN_TPM_VERSION_1_2;
+        } else {
+            tpm->data.emulator.version = VIR_DOMAIN_TPM_VERSION_2_0;
+        }
    }

    return 0;
--- a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.xml
+++ b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.xml
@ -59,7 +59,7 @@
      <target type='serial' port='0'/>
    </console>
    <tpm model='tpm-tis'>
-      <backend type='emulator' version='1.2'/>
+      <backend type='emulator' version='2.0'/>
    </tpm>
    <audio id='1' type='none'/>
    <video>
--- a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.xml
+++ b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.xml
@ -59,7 +59,7 @@
      <target type='serial' port='0'/>
    </console>
    <tpm model='tpm-tis'>
-      <backend type='emulator' version='1.2'/>
+      <backend type='emulator' version='2.0'/>
    </tpm>
    <audio id='1' type='none'/>
    <video>