External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-07 20:27:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu_tpm: lock the state explicitly when running swtpm

Browse Source 
Commit bb5e26749fe5b ("qemu: explicit swtpm state locking") attempted to
lock the state, but only for swtpm-setup. The capability
"tpmstate-opt-lock" is actually only exposed by swtpm.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Marc-André Lureau 2024-12-11 14:37:13 +04:00 committed by Michal Privoznik
parent 90014e7bc4
commit 958283a21f
3 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/qemu/qemu_tpm.c
View File

@ -606,17 +606,24 @@ static void
qemuTPMVirCommandSwtpmAddTPMState(virCommand *cmd, qemuTPMVirCommandSwtpmAddTPMState(virCommand *cmd,
const virDomainTPMEmulatorDef *emulator) const virDomainTPMEmulatorDef *emulator)
{ {
const char *lock = ",lock";
if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_TPMSTATE_OPT_LOCK)) {
VIR_WARN("This swtpm version doesn't support explicit locking");
lock = "";
}
virCommandAddArg(cmd, "--tpmstate"); virCommandAddArg(cmd, "--tpmstate");
switch (emulator->source_type) { switch (emulator->source_type) {
case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE: case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE:
virCommandAddArgFormat(cmd, "backend-uri=file://%s", virCommandAddArgFormat(cmd, "backend-uri=file://%s%s",
emulator->source_path); emulator->source_path, lock);
break; break;
case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR: case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR:
case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT: case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT:
case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST: case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST:
virCommandAddArgFormat(cmd, "dir=%s,mode=0600", virCommandAddArgFormat(cmd, "dir=%s,mode=0600%s",
emulator->source_path); emulator->source_path, lock);
break; break;
} }
} }

1
src/util/virtpm.c
View File

@ -43,6 +43,7 @@ VIR_ENUM_IMPL(virTPMSwtpmFeature,
"nvram-backend-dir", "nvram-backend-dir",
"nvram-backend-file", "nvram-backend-file",
"cmdarg-print-info", "cmdarg-print-info",
"tpmstate-opt-lock",
); );
VIR_ENUM_IMPL(virTPMSwtpmSetupFeature, VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,

1
src/util/virtpm.h
View File

@ -34,6 +34,7 @@ typedef enum {
VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_DIR, VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_DIR,
VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_FILE, VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_FILE,
VIR_TPM_SWTPM_FEATURE_CMDARG_PRINT_INFO, VIR_TPM_SWTPM_FEATURE_CMDARG_PRINT_INFO,
VIR_TPM_SWTPM_FEATURE_TPMSTATE_OPT_LOCK,
VIR_TPM_SWTPM_FEATURE_LAST VIR_TPM_SWTPM_FEATURE_LAST
} virTPMSwtpmFeature; } virTPMSwtpmFeature;