Re: [RFC PATCH v2 8/8] qemu: Extend swtpm_setup command line to set a profile by its name

Marc-André Lureau <marcandre.lureau@xxxxxxxxxx> · Mon, 30 Sep 2024 13:54:17 +0400



On Thu, Sep 26, 2024 at 11:32 PM Stefan Berger <stefanb@xxxxxxxxxxxxx> wrote:
>
> Runs swtpm_setup with the --profile-name option if the user provided the
> name of a profile. swtpm_setup will try to load the profile from
> directories with local profiles and distro profiles and if no profile
> by this name with appended '.json' suffix could be found there, it will
> fall back to try to use an internal profile with the given name.
>
> Also set the --profile-remove-disabled option if the user provided a value
> in the remove_disabled attribute in the profile XML node.
>
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>

Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

> ---
>  src/qemu/qemu_tpm.c | 36 ++++++++++++++++++++++++++++++++++++
>  1 file changed, 36 insertions(+)
>
> diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
> index e8e7e8b5c1..48446cd631 100644
> --- a/src/qemu/qemu_tpm.c
> +++ b/src/qemu/qemu_tpm.c
> @@ -340,6 +340,40 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd,
>  }
>
>
> +/*
> + * Add a (optional) profile to the swtpm_setup command line.
> + *
> + * @cmd: virCommand to add options to
> + * @emulator: emulator parameters
> + *
> + * Returns 0 on success, -1 on failure.
> + */
> +static int
> +qemuTPMVirCommandAddProfile(virCommand *cmd,
> +                            const virDomainTPMEmulatorDef *emulator)
> +{
> +    if (!emulator->profile_name)
> +        return 0;
> +
> +    if (!virTPMSwtpmSetupCapsGet(
> +            VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE)) {
> +        virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
> +                       _("swtpm_setup has no support for profiles"));
> +        return -1;
> +    }
> +
> +    virCommandAddArgList(cmd,
> +                         "--profile-name", emulator->profile_name,
> +                         NULL);
> +
> +    if (emulator->profile_remove_disabled)
> +        virCommandAddArgList(cmd,
> +                             "--profile-remove-disable",
> +                             emulator->profile_remove_disabled,
> +                             NULL);
> +    return 0;
> +}
> +
>  /*
>   * qemuTPMEmulatorRunSetup
>   *
> @@ -416,6 +450,8 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
>                               "--lock-nvram",
>                               "--not-overwrite",
>                               NULL);
> +        if (qemuTPMVirCommandAddProfile(cmd, emulator) < 0)
> +            return -1;
>      } else {
>          virCommandAddArgList(cmd,
>                               "--tpm-state", storagepath,
> --
> 2.46.1
>