On Mon, Jun 03, 2024 at 08:32:39AM -0400, Andrea Bolognani wrote:
> On Mon, Jun 03, 2024 at 10:50:40AM GMT, Daniel P. Berrangé wrote:
> > On Mon, May 27, 2024 at 07:31:36PM +0200, Andrea Bolognani wrote:
> > > + /* TPM 1.2 does not work on certain modern architectures */
> > > + if (qemuDomainIsARMVirt(def) ||
> > > + qemuDomainIsRISCVVirt(def)) {
> > > + virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> > > + _("TPM 1.2 is not supported on architecture '%1$s'"),
> > > + virArchToString(def->os.arch));
> > > return -1;
> > > }
> >
> > Hmm, what architectures /do/ allow 1.2 ? x86, s390x, ppc ? Should
> > we consider just doing an "allow list" for arches, given that going
> > forward nothing new should be allowed.
>
> ppc64 defaults to 2.0 already and s390x doesn't do TPM. Flipping
> things around so that 1.2 becomes the special case and is only
> allowed for x86 would make sense.
>
> The only remaining question mark is loongarch64. I assume that, just
> like riscv64 and aarch64 before it, it wouldn't bother with 1.2 at
> all, but I'm not 100% sure. On the other hand, TPM support is
> currently compiled out by default in the QEMU system binary for that
> architecture, so we could go ahead with the change under that
> assumption and revisit things later if necessary. Does that sound
> good?
Yes, lets limit to x86. Better to unlock more valid cases later, than
to be too loose and let things through by mistake, as we'll easily
forget this when adding new arches later.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
