mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-31 17:05:16 +00:00
qemu_tpm: lock the state explicitly when running swtpm
Commit bb5e26749fe5b ("qemu: explicit swtpm state locking") attempted to lock the state, but only for swtpm-setup. The capability "tpmstate-opt-lock" is actually only exposed by swtpm. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
parent
90014e7bc4
commit
958283a21f
@ -606,17 +606,24 @@ static void
|
||||
qemuTPMVirCommandSwtpmAddTPMState(virCommand *cmd,
|
||||
const virDomainTPMEmulatorDef *emulator)
|
||||
{
|
||||
const char *lock = ",lock";
|
||||
|
||||
if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_TPMSTATE_OPT_LOCK)) {
|
||||
VIR_WARN("This swtpm version doesn't support explicit locking");
|
||||
lock = "";
|
||||
}
|
||||
|
||||
virCommandAddArg(cmd, "--tpmstate");
|
||||
switch (emulator->source_type) {
|
||||
case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE:
|
||||
virCommandAddArgFormat(cmd, "backend-uri=file://%s",
|
||||
emulator->source_path);
|
||||
virCommandAddArgFormat(cmd, "backend-uri=file://%s%s",
|
||||
emulator->source_path, lock);
|
||||
break;
|
||||
case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR:
|
||||
case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT:
|
||||
case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST:
|
||||
virCommandAddArgFormat(cmd, "dir=%s,mode=0600",
|
||||
emulator->source_path);
|
||||
virCommandAddArgFormat(cmd, "dir=%s,mode=0600%s",
|
||||
emulator->source_path, lock);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -43,6 +43,7 @@ VIR_ENUM_IMPL(virTPMSwtpmFeature,
|
||||
"nvram-backend-dir",
|
||||
"nvram-backend-file",
|
||||
"cmdarg-print-info",
|
||||
"tpmstate-opt-lock",
|
||||
);
|
||||
|
||||
VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
|
||||
|
@ -34,6 +34,7 @@ typedef enum {
|
||||
VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_DIR,
|
||||
VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_FILE,
|
||||
VIR_TPM_SWTPM_FEATURE_CMDARG_PRINT_INFO,
|
||||
VIR_TPM_SWTPM_FEATURE_TPMSTATE_OPT_LOCK,
|
||||
|
||||
VIR_TPM_SWTPM_FEATURE_LAST
|
||||
} virTPMSwtpmFeature;
|
||||
|
Loading…
x
Reference in New Issue
Block a user