Changing <active_pcr_banks/> means changing the guest ABI and as
such must be prevented on both restoring from a file or
migration.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2035888
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/conf/domain_conf.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 716c6d2240..bba662bf4c 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -21994,6 +21994,20 @@ virDomainTPMDefCheckABIStability(virDomainTPMDef *src,
         return false;
     }
 
+    switch (src->type) {
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        if (src->data.emulator.activePcrBanks != dst->data.emulator.activePcrBanks) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("Target active PCR banks doesn't match source"));
+            return false;
+        }
+        break;
+
+    case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+    case VIR_DOMAIN_TPM_TYPE_LAST:
+        break;
+    }
+
     return virDomainDeviceInfoCheckABIStability(&src->info, &dst->info);
 }
 
-- 
2.34.1

On Tue, Jan 04, 2022 at 09:29:15 +0100, Michal Privoznik wrote:
> Changing <active_pcr_banks/> means changing the guest ABI and as
> such must be prevented on both restoring from a file or
> migration.
> 
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2035888
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
>  src/conf/domain_conf.c | 14 ++++++++++++++
>  1 file changed, 14 insertions(+)

Reviewed-by: Peter Krempa <pkrempa@redhat.com>