Re: [PATCH 3/3] qemu: Only allow TPM 2.0 for RISC-V guests

Daniel P. Berrangé <berrange@xxxxxxxxxx> · Mon, 3 Jun 2024 10:50:40 +0100

On Mon, May 27, 2024 at 07:31:36PM +0200, Andrea Bolognani wrote:
> We've made similar changes for aarch64 a few years back (see
> d8a1c059e0ed and previous commits), and the rationale is the
> same: the architecture is new enough that TPM 2.0 predates it,
> so TPM 1.2 support was never considered and will just not work.
> 
> Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx>
> ---
>  src/qemu/qemu_domain.c                                 |  1 +
>  src/qemu/qemu_validate.c                               | 10 ++++++----
>  .../aarch64-tpm-wrong-model.aarch64-latest.err         |  2 +-
>  ...4-virt-default-models.riscv64-latest.abi-update.xml |  2 +-
>  .../riscv64-virt-default-models.riscv64-latest.xml     |  2 +-
>  5 files changed, 10 insertions(+), 7 deletions(-)
> 
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index bda62f2e5c..6bb18ad5a8 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c
> @@ -6182,6 +6182,7 @@ qemuDomainTPMDefPostParse(virDomainTPMDef *tpm,
>          tpm->data.emulator.version == VIR_DOMAIN_TPM_VERSION_DEFAULT) {
>          if (tpm->model == VIR_DOMAIN_TPM_MODEL_SPAPR ||
>              tpm->model == VIR_DOMAIN_TPM_MODEL_CRB ||
> +            qemuDomainIsRISCVVirt(def) ||
>              qemuDomainIsARMVirt(def))
>              tpm->data.emulator.version = VIR_DOMAIN_TPM_VERSION_2_0;
>          else
> diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
> index ac1940cb31..7b871be05f 100644
> --- a/src/qemu/qemu_validate.c
> +++ b/src/qemu/qemu_validate.c
> @@ -4765,10 +4765,12 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm,
>                                 _("TPM 1.2 is not supported with the SPAPR device model"));
>                  return -1;
>              }
> -            /* TPM 1.2 + ARM does not work */
> -            if (qemuDomainIsARMVirt(def)) {
> -                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> -                               _("TPM 1.2 is not supported on ARM"));
> +            /* TPM 1.2 does not work on certain modern architectures */
> +            if (qemuDomainIsARMVirt(def) ||
> +                qemuDomainIsRISCVVirt(def)) {
> +                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> +                               _("TPM 1.2 is not supported on architecture '%1$s'"),
> +                               virArchToString(def->os.arch));
>                  return -1;
>              }

Hmm, what architectures /do/ allow 1.2 ? x86, s390x, ppc ?  Should
we consider just doing an "allow list" for arches, given that going
forward nothing new should be allowed.

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|