1. Patchew
  2. Libvirt
  3. [PATCH v3 00/10] swtpm: Add support for profiles
  4. View patch

[PATCH v3 08/10] qemu: Extend swtpm_setup command line to set a profile by its name

Stefan Berger posted 10 patches 1 year, 3 months ago
There is a newer version of this series
[PATCH v3 08/10] qemu: Extend swtpm_setup command line to set a profile by its name
Posted by Stefan Berger 1 year, 3 months ago 
Run swtpm_setup with the --profile-name option if the user provided the
name of a profile. swtpm_setup will try to load the profile from
directories with local profiles and distro profiles and if no profile
by this name with appended '.json' suffix could be found there, it will
fall back to try to use an internal profile with the given name.

Also set the --profile-remove-disabled option if the user provided a value
in the remove_disabled attribute in the profile XML node.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/qemu/qemu_tpm.c | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 506743c268..f49276d9be 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -340,6 +340,41 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd,
 }
 
 
+/*
+ * Add a (optional) profile to the swtpm_setup command line.
+ *
+ * @cmd: virCommand to add options to
+ * @emulator: emulator parameters
+ *
+ * Returns 0 on success, -1 on failure.
+ */
+static int
+qemuTPMVirCommandAddProfile(virCommand *cmd,
+                            const virDomainTPMEmulatorDef *emulator)
+{
+    if (!emulator->profile_name)
+        return 0;
+
+    if (!virTPMSwtpmSetupCapsGet(
+            VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE)) {
+        virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
+                       _("swtpm_setup has no support for profiles"));
+        return -1;
+    }
+
+    virCommandAddArgList(cmd,
+                         "--profile-name", emulator->profile_name,
+                         NULL);
+
+    if (emulator->profile_remove_disabled)
+        virCommandAddArgList(cmd,
+                             "--profile-remove-disable",
+                             emulator->profile_remove_disabled,
+                             NULL);
+    return 0;
+}
+
+
 /*
  * qemuTPMEmulatorRunSetup
  *
@@ -414,6 +449,8 @@ qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *emulator,
                              "--lock-nvram",
                              "--not-overwrite",
                              NULL);
+        if (qemuTPMVirCommandAddProfile(cmd, emulator) < 0)
+            return -1;
     } else {
         virCommandAddArgList(cmd,
                              "--tpm-state", emulator->storagepath,
-- 
2.47.0
Re: [PATCH v3 08/10] qemu: Extend swtpm_setup command line to set a profile by its name
Posted by Marc-André Lureau 1 year, 3 months ago 
On Sat, Oct 19, 2024 at 12:24 AM Stefan Berger <stefanb@linux.ibm.com> wrote:
>
> Run swtpm_setup with the --profile-name option if the user provided the
> name of a profile. swtpm_setup will try to load the profile from
> directories with local profiles and distro profiles and if no profile
> by this name with appended '.json' suffix could be found there, it will
> fall back to try to use an internal profile with the given name.
>
> Also set the --profile-remove-disabled option if the user provided a value
> in the remove_disabled attribute in the profile XML node.
>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  src/qemu/qemu_tpm.c | 37 +++++++++++++++++++++++++++++++++++++
>  1 file changed, 37 insertions(+)
>
> diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
> index 506743c268..f49276d9be 100644
> --- a/src/qemu/qemu_tpm.c
> +++ b/src/qemu/qemu_tpm.c
> @@ -340,6 +340,41 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd,
>  }
>
>
> +/*
> + * Add a (optional) profile to the swtpm_setup command line.
> + *
> + * @cmd: virCommand to add options to
> + * @emulator: emulator parameters
> + *
> + * Returns 0 on success, -1 on failure.
> + */
> +static int
> +qemuTPMVirCommandAddProfile(virCommand *cmd,
> +                            const virDomainTPMEmulatorDef *emulator)
> +{
> +    if (!emulator->profile_name)
> +        return 0;
> +
> +    if (!virTPMSwtpmSetupCapsGet(
> +            VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE)) {
> +        virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s",
> +                       _("swtpm_setup has no support for profiles"));
> +        return -1;
> +    }
> +
> +    virCommandAddArgList(cmd,
> +                         "--profile-name", emulator->profile_name,
> +                         NULL);
> +
> +    if (emulator->profile_remove_disabled)
> +        virCommandAddArgList(cmd,
> +                             "--profile-remove-disable",
> +                             emulator->profile_remove_disabled,
> +                             NULL);
> +    return 0;
> +}
> +
> +
>  /*
>   * qemuTPMEmulatorRunSetup
>   *
> @@ -414,6 +449,8 @@ qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *emulator,
>                               "--lock-nvram",
>                               "--not-overwrite",
>                               NULL);
> +        if (qemuTPMVirCommandAddProfile(cmd, emulator) < 0)
> +            return -1;
>      } else {
>          virCommandAddArgList(cmd,
>                               "--tpm-state", emulator->storagepath,
> --
> 2.47.0
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.