[PATCH v5 6/6] qemu: explicit swtpm state locking

marcandre.lureau@redhat.com posted 6 patches 1 month, 1 week ago
[PATCH v5 6/6] qemu: explicit swtpm state locking
Posted by marcandre.lureau@redhat.com 1 month, 1 week ago
From: Marc-André Lureau <marcandre.lureau@redhat.com>

With upcoming v0.10 swtpm (commit
https://github.com/stefanberger/swtpm/commit/aa483aeb6df87ed56ccf3d5778d6fd8019089bda),
file locking with "lock" option is now supported and reflected in
"tpmstate-opt-lock" capability.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/qemu/qemu_tpm.c   | 11 +++++++++--
 src/util/virtpm.c     |  1 +
 src/util/virtpm.h     |  1 +
 tests/testutilsqemu.c |  1 +
 4 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index bf94b6ac0d..edd10ca2f6 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -344,16 +344,23 @@ static char *
 qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSourceType source_type,
                              const char *source_path)
 {
+    const char *lock = ",lock";
+
+    if (!virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK)) {
+        VIR_WARN("This swtpm version doesn't support explicit locking");
+        lock = "";
+    }
+
     switch (source_type) {
     case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE:
         /* the file:// prefix is supported since swtpm_setup 0.7.0 */
         /* assume the capability check for swtpm is redundant. */
-        return g_strdup_printf("file://%s", source_path);
+        return g_strdup_printf("file://%s%s", source_path, lock);
     case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR:
     case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT:
     case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST:
     default:
-        return g_strdup_printf("%s", source_path);
+        return g_strdup_printf("%s%s", source_path, lock);
     }
 }
 
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index 298caaad80..8dcd3f90d9 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -52,6 +52,7 @@ VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
               "cmdarg-reconfigure-pcr-banks",
               "tpm-1.2",
               "tpm-2.0",
+              "tpmstate-opt-lock",
 );
 
 /**
diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index 99dbcc1dc8..279cb7e976 100644
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -44,6 +44,7 @@ typedef enum {
     VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS,
     VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2,
     VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0,
+    VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK,
 
     VIR_TPM_SWTPM_SETUP_FEATURE_LAST
 } virTPMSwtpmSetupFeature;
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index 4daee432e5..f40bfa873c 100644
--- a/tests/testutilsqemu.c
+++ b/tests/testutilsqemu.c
@@ -71,6 +71,7 @@ virTPMSwtpmSetupCapsGet(virTPMSwtpmSetupFeature cap)
     case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES:
     case VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT:
     case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS:
+    case VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK:
     case VIR_TPM_SWTPM_SETUP_FEATURE_LAST:
         break;
     }
-- 
2.47.0