Re: [libvirt PATCH 2/3] qemu: fill in domain capabilities for TPMs

Daniel P. Berrangé <berrange@xxxxxxxxxx> · Wed, 24 Nov 2021 09:17:07 +0000



On Wed, Nov 24, 2021 at 10:10:32AM +0100, Peter Krempa wrote:
> On Tue, Nov 23, 2021 at 18:04:07 +0000, Daniel P. Berrangé wrote:
> > This reports what TPM features QEMU supports, provided that swtpm is
> > installed in the host.
> > 
> > Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
> > ---
> 
> [...]
> 
> > diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
> > index a4c492dde2..374909bef2 100644
> > --- a/src/qemu/qemu_capabilities.c
> > +++ b/src/qemu/qemu_capabilities.c
> 
> [...]
> 
> > @@ -6206,6 +6207,35 @@ virQEMUCapsFillDomainDeviceFSCaps(virQEMUCaps *qemuCaps,
> >  }
> >  
> >  
> > +void
> > +virQEMUCapsFillDomainDeviceTPMCaps(virQEMUCaps *qemuCaps,
> > +                                   virDomainCapsDeviceTPM *tpm)
> > +{
> > +    if (virTPMEmulatorInit() < 0) {
> > +        virResetLastError();
> 
> Resetting the error here is not acceptable as it pollutes logs with:
> 
> 2021-11-24 08:58:21.996+0000: 3685776: error : virTPMEmulatorInit:313 : Unable to find 'swtpm' binary in $PATH: No such file or directory
> 
> each time capabilities are queried. You will certainly need a "quiet"
> variant of this function.
> 
> 
> > +        tpm->supported = VIR_TRISTATE_BOOL_NO;
> > +    } else {
> > +        tpm->supported = VIR_TRISTATE_BOOL_YES;
> > +        tpm->model.report = true;
> > +        tpm->backendModel.report = true;
> > +
> > +        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_TIS))
> > +            VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_TIS);
> > +        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_CRB))
> > +            VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_CRB);
> > +        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_SPAPR))
> > +            VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_SPAPR);
> > +        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY))
> > +            VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_SPAPR_PROXY);
> 
> In certain versions (visible in the next commit) neither of the above is
> supported which resutls in:
> 
> diff --git a/tests/domaincapsdata/qemu_2.11.0.s390x.xml b/tests/domaincapsdata/qemu_2.11.0.s390x.xml
> index 804bf8020e..f76624ffc8 100644
> --- a/tests/domaincapsdata/qemu_2.11.0.s390x.xml
> +++ b/tests/domaincapsdata/qemu_2.11.0.s390x.xml
> @@ -205,7 +205,12 @@
>          <value>handle</value>
>        </enum>
>      </filesystem>
> -    <tpm supported='no'/>
> +    <tpm supported='yes'>
> +      <enum name='model'/>
> +      <enum name='backendModel'>
> +        <value>emulator</value>
> +      </enum>
> +    </tpm>
>    </devices>
>    <features>
>      <gic supported='no'/>
> 
> Does it even make sense to show that TPM is supported?

True, we can filter out if count(model) == 0 or count(backendModel) == 0


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|