[PATCH v2 2/3] qemu_tpm: lock the state explicitly when running swtpm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

Commit bb5e26749fe5b ("qemu: explicit swtpm state locking") attempted to
lock the state, but only for swtpm-setup. The capability
"tpmstate-opt-lock" is actually only exposed by swtpm.

Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
---
 src/qemu/qemu_tpm.c | 15 +++++++++++----
 src/util/virtpm.c   |  1 +
 src/util/virtpm.h   |  1 +
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 476e3dd224..942ee64263 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -606,17 +606,24 @@ static void
 qemuTPMVirCommandSwtpmAddTPMState(virCommand *cmd,
                                   const virDomainTPMEmulatorDef *emulator)
 {
+    const char *lock = ",lock";
+
+    if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_TPMSTATE_OPT_LOCK)) {
+        VIR_WARN("This swtpm version doesn't support explicit locking");
+        lock = "";
+    }
+
     virCommandAddArg(cmd, "--tpmstate");
     switch (emulator->source_type) {
     case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE:
-        virCommandAddArgFormat(cmd, "backend-uri=file://%s",
-                               emulator->source_path);
+        virCommandAddArgFormat(cmd, "backend-uri=file://%s%s",
+                               emulator->source_path, lock);
         break;
     case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR:
     case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT:
     case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST:
-        virCommandAddArgFormat(cmd, "dir=%s,mode=0600",
-                               emulator->source_path);
+        virCommandAddArgFormat(cmd, "dir=%s,mode=0600%s",
+                               emulator->source_path, lock);
         break;
     }
 }
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index f90839debe..cf0f20e009 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -43,6 +43,7 @@ VIR_ENUM_IMPL(virTPMSwtpmFeature,
               "nvram-backend-dir",
               "nvram-backend-file",
               "cmdarg-print-info",
+              "tpmstate-opt-lock",
 );
 
 VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index 4119a903e5..c741d28465 100644
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -34,6 +34,7 @@ typedef enum {
     VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_DIR,
     VIR_TPM_SWTPM_FEATURE_NVRAM_BACKEND_FILE,
     VIR_TPM_SWTPM_FEATURE_CMDARG_PRINT_INFO,
+    VIR_TPM_SWTPM_FEATURE_TPMSTATE_OPT_LOCK,
 
     VIR_TPM_SWTPM_FEATURE_LAST
 } virTPMSwtpmFeature;
-- 
2.47.0




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux