On Tue, Nov 23, 2021 at 18:04:07 +0000, Daniel P. Berrangé wrote:
> This reports what TPM features QEMU supports, provided that swtpm is
> installed in the host.
>
> Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
> ---
[...]
> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
> index a4c492dde2..374909bef2 100644
> --- a/src/qemu/qemu_capabilities.c
> +++ b/src/qemu/qemu_capabilities.c
[...]
> @@ -6206,6 +6207,35 @@ virQEMUCapsFillDomainDeviceFSCaps(virQEMUCaps *qemuCaps,
> }
>
>
> +void
> +virQEMUCapsFillDomainDeviceTPMCaps(virQEMUCaps *qemuCaps,
> + virDomainCapsDeviceTPM *tpm)
> +{
> + if (virTPMEmulatorInit() < 0) {
> + virResetLastError();
Resetting the error here is not acceptable as it pollutes logs with:
2021-11-24 08:58:21.996+0000: 3685776: error : virTPMEmulatorInit:313 : Unable to find 'swtpm' binary in $PATH: No such file or directory
each time capabilities are queried. You will certainly need a "quiet"
variant of this function.
> + tpm->supported = VIR_TRISTATE_BOOL_NO;
> + } else {
> + tpm->supported = VIR_TRISTATE_BOOL_YES;
> + tpm->model.report = true;
> + tpm->backendModel.report = true;
> +
> + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_TIS))
> + VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_TIS);
> + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_CRB))
> + VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_CRB);
> + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_SPAPR))
> + VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_SPAPR);
> + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY))
> + VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_SPAPR_PROXY);
In certain versions (visible in the next commit) neither of the above is
supported which resutls in:
diff --git a/tests/domaincapsdata/qemu_2.11.0.s390x.xml b/tests/domaincapsdata/qemu_2.11.0.s390x.xml
index 804bf8020e..f76624ffc8 100644
--- a/tests/domaincapsdata/qemu_2.11.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_2.11.0.s390x.xml
@@ -205,7 +205,12 @@
<value>handle</value>
</enum>
</filesystem>
- <tpm supported='no'/>
+ <tpm supported='yes'>
+ <enum name='model'/>
+ <enum name='backendModel'>
+ <value>emulator</value>
+ </enum>
+ </tpm>
</devices>
<features>
<gic supported='no'/>
Does it even make sense to show that TPM is supported?
> +
> + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_PASSTHROUGH))
> + VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendModel, VIR_DOMAIN_TPM_TYPE_PASSTHROUGH);
> + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_EMULATOR))
> + VIR_DOMAIN_CAPS_ENUM_SET(tpm->backendModel, VIR_DOMAIN_TPM_TYPE_EMULATOR);
> + }
> +}
> +
> +
> /**
> * virQEMUCapsSupportsGICVersion:
> * @qemuCaps: QEMU capabilities
[...]
