qemu: explicit swtpm state locking

With upcoming v0.10 swtpm (commit aa483aeb6d), file locking with "lock" option is now supported and reflected in "tpmstate-opt-lock" capability. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
2024-12-22 05:35:25 +00:00 · 2024-10-22 18:15:21 +04:00 · 2024-10-22 18:15:21 +04:00 · bb5e26749f
commit bb5e26749f
parent f1304cc566
4 changed files with 12 additions and 2 deletions
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@ -344,16 +344,23 @@ static char *
 qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSourceType source_type,
                             const char *source_path)
 {
+    const char *lock = ",lock";
+
+    if (!virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK)) {
+        VIR_WARN("This swtpm version doesn't support explicit locking");
+        lock = "";
+    }
+
    switch (source_type) {
    case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE:
        /* the file:// prefix is supported since swtpm_setup 0.7.0 */
        /* assume the capability check for swtpm is redundant. */
-        return g_strdup_printf("file://%s", source_path);
+        return g_strdup_printf("file://%s%s", source_path, lock);
    case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR:
    case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT:
    case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST:
    default:
-        return g_strdup_printf("%s", source_path);
+        return g_strdup_printf("%s%s", source_path, lock);
    }
 }

--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@ -52,6 +52,7 @@ VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
              "cmdarg-reconfigure-pcr-banks",
              "tpm-1.2",
              "tpm-2.0",
+              "tpmstate-opt-lock",
 );

 /**
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@ -44,6 +44,7 @@ typedef enum {
    VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS,
    VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2,
    VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0,
+    VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK,

    VIR_TPM_SWTPM_SETUP_FEATURE_LAST
 } virTPMSwtpmSetupFeature;
--- a/tests/testutilsqemu.c
+++ b/tests/testutilsqemu.c
@ -71,6 +71,7 @@ virTPMSwtpmSetupCapsGet(virTPMSwtpmSetupFeature cap)
    case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES:
    case VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT:
    case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS:
+    case VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK:
    case VIR_TPM_SWTPM_SETUP_FEATURE_LAST:
        break;
    }