qemu: Extend swtpm_setup command line to set a profile by its name

Run swtpm_setup with the --profile-name option if the user provided the name of a profile. swtpm_setup will try to load the profile from directories with local profiles and distro profiles and if no profile by this name with appended '.json' suffix could be found there, it will fall back to try to use an internal profile with the given name. Also set the --profile-remove-disabled option if the user provided a value in the remove_disabled attribute in the profile XML node. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2025-02-22 11:22:23 +00:00 · 2024-11-13 12:39:48 -05:00 · 2024-11-13 12:39:48 -05:00 · cd37721d19
commit cd37721d19
parent 526f08da62
1 changed files with 37 additions and 0 deletions
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@ -365,6 +365,41 @@ qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSourceType source_type,
 }


+/*
+ * Add a (optional) profile to the swtpm_setup command line.
+ *
+ * @cmd: virCommand to add options to
+ * @emulator: emulator parameters
+ *
+ * Returns 0 on success, -1 on failure.
+ */
+static int
+qemuTPMVirCommandAddProfile(virCommand *cmd,
+                            const virDomainTPMEmulatorDef *emulator)
+{
+    if (!emulator->profile.source)
+        return 0;
+
+    if (!virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE)) {
+        virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
+                       _("swtpm_setup has no support for profiles"));
+        return -1;
+    }
+
+    virCommandAddArgList(cmd,
+                         "--profile-name", emulator->profile.source,
+                         NULL);
+
+    if (emulator->profile.removeDisabled) {
+        virCommandAddArgList(cmd,
+                             "--profile-remove-disable",
+                             virDomainTPMProfileRemoveDisabledTypeToString(emulator->profile.removeDisabled),
+                             NULL);
+    }
+    return 0;
+}
+
+
 /*
 * qemuTPMEmulatorRunSetup
 *
@ -441,6 +476,8 @@ qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *emulator,
                             "--lock-nvram",
                             "--not-overwrite",
                             NULL);
+        if (qemuTPMVirCommandAddProfile(cmd, emulator) < 0)
+            return -1;
    } else {
        virCommandAddArgList(cmd,
                             "--tpm-state", tpm_state,