On 11/24/21 10:10, Peter Krempa wrote:
> On Tue, Nov 23, 2021 at 18:04:07 +0000, Daniel P. Berrangé wrote:
>> This reports what TPM features QEMU supports, provided that swtpm is
>> installed in the host.
>>
>> Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
>> ---
>
> [...]
>
>> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
>> index a4c492dde2..374909bef2 100644
>> --- a/src/qemu/qemu_capabilities.c
>> +++ b/src/qemu/qemu_capabilities.c
>
> [...]
>
>> @@ -6206,6 +6207,35 @@ virQEMUCapsFillDomainDeviceFSCaps(virQEMUCaps *qemuCaps,
>> }
>>
>>
>> +void
>> +virQEMUCapsFillDomainDeviceTPMCaps(virQEMUCaps *qemuCaps,
>> + virDomainCapsDeviceTPM *tpm)
>> +{
>> + if (virTPMEmulatorInit() < 0) {
>> + virResetLastError();
>
> Resetting the error here is not acceptable as it pollutes logs with:
>
> 2021-11-24 08:58:21.996+0000: 3685776: error : virTPMEmulatorInit:313 : Unable to find 'swtpm' binary in $PATH: No such file or directory
>
> each time capabilities are queried. You will certainly need a "quiet"
> variant of this function.
>
>
>> + tpm->supported = VIR_TRISTATE_BOOL_NO;
>> + } else {
>> + tpm->supported = VIR_TRISTATE_BOOL_YES;
>> + tpm->model.report = true;
>> + tpm->backendModel.report = true;
>> +
>> + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_TIS))
>> + VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_TIS);
>> + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_CRB))
>> + VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_CRB);
>> + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_SPAPR))
>> + VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_SPAPR);
>> + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY))
>> + VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_SPAPR_PROXY);
>
> In certain versions (visible in the next commit) neither of the above is
> supported which resutls in:
>
> diff --git a/tests/domaincapsdata/qemu_2.11.0.s390x.xml b/tests/domaincapsdata/qemu_2.11.0.s390x.xml
> index 804bf8020e..f76624ffc8 100644
> --- a/tests/domaincapsdata/qemu_2.11.0.s390x.xml
> +++ b/tests/domaincapsdata/qemu_2.11.0.s390x.xml
> @@ -205,7 +205,12 @@
> <value>handle</value>
> </enum>
> </filesystem>
> - <tpm supported='no'/>
> + <tpm supported='yes'>
> + <enum name='model'/>
> + <enum name='backendModel'>
> + <value>emulator</value>
> + </enum>
> + </tpm>
> </devices>
> <features>
> <gic supported='no'/>
>
> Does it even make sense to show that TPM is supported?
I think it does. Because domain capabilities XML is not QEMU specific.
If 'virsh domcapabilities' was ran against say LXC it wouldn't show TPM.
Or am I misunderstanding your question?
Michal
