qemu: tpm: Run swtpm_setup --create-config-files in session mode

Using swtpm v0.7.0 we can run swtpm_setup to create default config files for swtpm_setup and swtpm-localca in session mode. Now a user can start a VM with an attached TPM without having to run this program on the command line before. This program needs to run once. This patch addresses the issue raised in https://bugzilla.redhat.com/show_bug.cgi?id=2010649 Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2025-01-22 04:25:18 +00:00 · 2021-10-19 09:43:20 -04:00 · 2021-10-19 09:43:20 -04:00 · c66115b6e8
commit c66115b6e8
parent e8b5c09a03
3 changed files with 42 additions and 0 deletions
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@ -385,6 +385,43 @@ qemuTPMSetupEncryption(const unsigned char *secretuuid,
    return virCommandSetSendBuffer(cmd, g_steal_pointer(&secret), secret_len);
 }

+
+/*
+ * qemuTPMCreateConfigFiles: run swtpm_setup --create-config-files skip-if-exist
+ */
+static int
+qemuTPMCreateConfigFiles(const char *swtpm_setup)
+{
+    g_autoptr(virCommand) cmd = NULL;
+    g_autofree char *errbuf = NULL;
+    int exitstatus;
+
+    if (!virTPMSwtpmSetupCapsGet(
+            VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES))
+        return 0;
+
+    cmd = virCommandNew(swtpm_setup);
+    if (!cmd)
+        return -1;
+
+    virCommandAddArgList(cmd, "--create-config-files", "skip-if-exist", NULL);
+    virCommandClearCaps(cmd);
+    virCommandSetErrorBuffer(cmd, &errbuf);
+
+    if (virCommandRun(cmd, &exitstatus) < 0)
+        return -1;
+    if (exitstatus != 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Could not run '%s' to create config files. "
+                         "exitstatus: %d;\nError: %s"),
+                          swtpm_setup, exitstatus, errbuf);
+        return -1;
+    }
+
+    return 0;
+}
+
+
 /*
 * qemuTPMEmulatorRunSetup
 *
@ -432,6 +469,9 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
                                 "this requires privileged mode for a "
                                 "TPM 1.2\n"), 0600);

+    if (!privileged && qemuTPMCreateConfigFiles(swtpm_setup) < 0)
+        return -1;
+
    cmd = virCommandNew(swtpm_setup);
    if (!cmd)
        return -1;
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@ -45,6 +45,7 @@ VIR_ENUM_IMPL(virTPMSwtpmFeature,
 VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
              VIR_TPM_SWTPM_SETUP_FEATURE_LAST,
              "cmdarg-pwdfile-fd",
+              "cmdarg-create-config-files",
 );

 /**
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@ -38,6 +38,7 @@ typedef enum {

 typedef enum {
    VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD,
+    VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES,

    VIR_TPM_SWTPM_SETUP_FEATURE_LAST
 } virTPMSwtpmSetupFeature;