swtpm_setup can be run for a TPM 2 in unprivileged mode assuming XDG_CONFIG_HOME has been set and the necessary configuration files have been put into that directory. For current reference also see this link: https://github.com/stefanberger/swtpm/pull/63 Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> --- src/qemu/qemu_tpm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 201da359d7..b1a46d8bb0 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -474,11 +474,11 @@ qemuTPMEmulatorRunSetup(const char *storagepath, char uuid[VIR_UUID_STRING_BUFLEN]; char *vmid = NULL; - if (!privileged) + if (!privileged && tpmversion == VIR_DOMAIN_TPM_VERSION_1_2) return virFileWriteStr(logfile, _("Did not create EK and certificates since " - "this requires privileged mode\n"), - 0600); + "this requires privileged mode for a " + "TPM 1.2\n"), 0600); cmd = virCommandNew(swtpm_setup); if (!cmd) -- 2.14.3 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
