From cd37721d199c8081d968112ee9aa2fbca3252fea Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Wed, 13 Nov 2024 12:39:48 -0500
Subject: [PATCH] qemu: Extend swtpm_setup command line to set a profile by its
 name
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Run swtpm_setup with the --profile-name option if the user provided the
name of a profile. swtpm_setup will try to load the profile from
directories with local profiles and distro profiles and if no profile
by this name with appended '.json' suffix could be found there, it will
fall back to try to use an internal profile with the given name.

Also set the --profile-remove-disabled option if the user provided a value
in the remove_disabled attribute in the profile XML node.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_tpm.c | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 757bb16d7b..cc8646159e 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -365,6 +365,41 @@ qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSourceType source_type,
 }
 
 
+/*
+ * Add a (optional) profile to the swtpm_setup command line.
+ *
+ * @cmd: virCommand to add options to
+ * @emulator: emulator parameters
+ *
+ * Returns 0 on success, -1 on failure.
+ */
+static int
+qemuTPMVirCommandAddProfile(virCommand *cmd,
+                            const virDomainTPMEmulatorDef *emulator)
+{
+    if (!emulator->profile.source)
+        return 0;
+
+    if (!virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE)) {
+        virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
+                       _("swtpm_setup has no support for profiles"));
+        return -1;
+    }
+
+    virCommandAddArgList(cmd,
+                         "--profile-name", emulator->profile.source,
+                         NULL);
+
+    if (emulator->profile.removeDisabled) {
+        virCommandAddArgList(cmd,
+                             "--profile-remove-disable",
+                             virDomainTPMProfileRemoveDisabledTypeToString(emulator->profile.removeDisabled),
+                             NULL);
+    }
+    return 0;
+}
+
+
 /*
  * qemuTPMEmulatorRunSetup
  *
@@ -441,6 +476,8 @@ qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *emulator,
                              "--lock-nvram",
                              "--not-overwrite",
                              NULL);
+        if (qemuTPMVirCommandAddProfile(cmd, emulator) < 0)
+            return -1;
     } else {
         virCommandAddArgList(cmd,
                              "--tpm-state", tpm_state,