[v2] libvirt: configure TPM device in the XML

[PATCH v2] libvirt: configure TPM device in the XML

Posted by Srihari Parimi via Devel 1 month ago

Parses vtpm.present from VMX files and converts to libvirt TPM
device with CRB model and emulator backend. VMware vTPM uses
TPM 2.0 with the CRB

Signed-off-by: Srihari Parimi <sparimi@redhat.com>
---
 src/vmx/vmx.c              | 34 ++++++++++++++++++++++++++++++++++
 tests/vmx2xmldata/vtpm.vmx | 22 ++++++++++++++++++++++
 tests/vmx2xmldata/vtpm.xml | 32 ++++++++++++++++++++++++++++++++
 tests/vmx2xmltest.c        |  2 ++
 4 files changed, 90 insertions(+)
 create mode 100644 tests/vmx2xmldata/vtpm.vmx
 create mode 100644 tests/vmx2xmldata/vtpm.xml

diff --git a/src/vmx/vmx.c b/src/vmx/vmx.c
index 57dfd57cfc..9873794568 100644
--- a/src/vmx/vmx.c
+++ b/src/vmx/vmx.c
@@ -599,6 +599,7 @@ static int virVMXParseSerial(virVMXContext *ctx, virConf *conf, int port,
 static int virVMXParseParallel(virVMXContext *ctx, virConf *conf, int port,
                                virDomainChrDef **def);
 static int virVMXParseSVGA(virConf *conf, virDomainVideoDef **def);
+static int virVMXParseTPM(virConf *conf, virDomainTPMDef **def);
 
 static int virVMXFormatVNC(virDomainGraphicsDef *def, virBuffer *buffer);
 static int virVMXFormatDisk(virVMXContext *ctx, virDomainDiskDef *def,
@@ -1938,6 +1939,18 @@ virVMXParseConfig(virVMXContext *ctx,
 
     def->nvideos = 1;
 
+    /* def:tpms */
+    {
+        virDomainTPMDef *tpm = NULL;
+        if (virVMXParseTPM(conf, &tpm) < 0)
+            goto cleanup;
+
+        VIR_DEBUG("Is vtpm present: %s",
+                (tpm != NULL) ? "yes" : "no");
+        if (tpm)
+            VIR_APPEND_ELEMENT(def->tpms, def->ntpms, tpm);
+    }
+
     /* def:sounds */
     /* FIXME */
 
@@ -3367,6 +3380,27 @@ virVMXParseSVGA(virConf *conf, virDomainVideoDef **def)
     return result;
 }
 
+static int
+virVMXParseTPM(virConf *conf, virDomainTPMDef **def)
+{
+    bool vtpm_present = false;
+
+    /* vmx:vtpm.present */
+    if (virVMXGetConfigBoolean(conf, "vtpm.present", &vtpm_present,
+                               false, true) < 0) {
+        return -1;
+    }
+
+    if (!vtpm_present)
+        return 0;
+
+    *def = g_new0(virDomainTPMDef, 1);
+    (*def)->type = VIR_DOMAIN_TPM_TYPE_EMULATOR;
+    (*def)->model = VIR_DOMAIN_TPM_MODEL_CRB;
+    (*def)->data.emulator.version = VIR_DOMAIN_TPM_VERSION_2_0;
+
+    return 0;
+}
 
 
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
diff --git a/tests/vmx2xmldata/vtpm.vmx b/tests/vmx2xmldata/vtpm.vmx
new file mode 100644
index 0000000000..6e2fd725b7
--- /dev/null
+++ b/tests/vmx2xmldata/vtpm.vmx
@@ -0,0 +1,22 @@
+config.version = "8"
+virtualHW.version = "19"
+displayName = "test-vtpm"
+memsize = "4096"
+numvcpus = "2"
+guestOS = "windows9-64"
+
+# Disk Configuration
+scsi0.present = "TRUE"
+scsi0.virtualDev = "lsisas1068"
+scsi0:0.present = "TRUE"
+scsi0:0.deviceType = "scsi-hardDisk"
+scsi0:0.fileName = "test_disk.vmdk"
+
+# vTPM configuration
+vtpm.present = "TRUE"
+
+# Network Configuration
+ethernet0.present = "TRUE"
+ethernet0.connectionType = "nat"
+ethernet0.virtualDev = "e1000e"
+ethernet0.addressType = "generated"
diff --git a/tests/vmx2xmldata/vtpm.xml b/tests/vmx2xmldata/vtpm.xml
new file mode 100644
index 0000000000..cbb23ce673
--- /dev/null
+++ b/tests/vmx2xmldata/vtpm.xml
@@ -0,0 +1,32 @@
+<domain type='vmware'>
+  <name>test-vtpm</name>
+  <uuid>00000000-0000-0000-0000-000000000000</uuid>
+  <memory unit='KiB'>4194304</memory>
+  <currentMemory unit='KiB'>4194304</currentMemory>
+  <vcpu placement='static'>2</vcpu>
+  <os>
+    <type arch='x86_64'>hvm</type>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <disk type='file' device='disk'>
+      <source file='[datastore] directory/test_disk.vmdk'/>
+      <target dev='sda' bus='scsi'/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <controller type='scsi' index='0' model='lsisas1068'/>
+    <interface type='user'>
+      <mac address='00:00:00:00:00:00' type='generated'/>
+      <model type='e1000e'/>
+    </interface>
+    <tpm model='tpm-crb'>
+      <backend type='emulator' version='2.0'/>
+    </tpm>
+    <video>
+      <model type='vmvga' vram='4096' primary='yes'/>
+    </video>
+  </devices>
+</domain>
diff --git a/tests/vmx2xmltest.c b/tests/vmx2xmltest.c
index fcca765bed..3ffc04fda4 100644
--- a/tests/vmx2xmltest.c
+++ b/tests/vmx2xmltest.c
@@ -243,6 +243,8 @@ mymain(void)
 
     DO_TEST("firmware-efi");
 
+    DO_TEST("vtpm");
+
     ctx.datacenterPath = "folder1/folder2/datacenter1";
 
     DO_TEST("datacenterpath");
-- 
2.53.0

Re: [PATCH v2] libvirt: configure TPM device in the XML

Posted by Peter Krempa via Devel 1 month ago

In last review I've asked to fix the summary to mention 'vmx' instead of
the redundant 'libvirt:'.

On Mon, Apr 20, 2026 at 12:10:38 +0530, Srihari Parimi via Devel wrote:
> Parses vtpm.present from VMX files and converts to libvirt TPM
> device with CRB model and emulator backend. VMware vTPM uses
> TPM 2.0 with the CRB

In last review I've asked for a link to the document stating where the
assumption to use TPM 2.0 comes from Cole provided it. Please include it
as requested.

> 
> Signed-off-by: Srihari Parimi <sparimi@redhat.com>
> ---
>  src/vmx/vmx.c              | 34 ++++++++++++++++++++++++++++++++++
>  tests/vmx2xmldata/vtpm.vmx | 22 ++++++++++++++++++++++
>  tests/vmx2xmldata/vtpm.xml | 32 ++++++++++++++++++++++++++++++++
>  tests/vmx2xmltest.c        |  2 ++
>  4 files changed, 90 insertions(+)
>  create mode 100644 tests/vmx2xmldata/vtpm.vmx
>  create mode 100644 tests/vmx2xmldata/vtpm.xml
> 
> diff --git a/src/vmx/vmx.c b/src/vmx/vmx.c
> index 57dfd57cfc..9873794568 100644
> --- a/src/vmx/vmx.c
> +++ b/src/vmx/vmx.c
> @@ -599,6 +599,7 @@ static int virVMXParseSerial(virVMXContext *ctx, virConf *conf, int port,
>  static int virVMXParseParallel(virVMXContext *ctx, virConf *conf, int port,
>                                 virDomainChrDef **def);
>  static int virVMXParseSVGA(virConf *conf, virDomainVideoDef **def);
> +static int virVMXParseTPM(virConf *conf, virDomainTPMDef **def);
>  
>  static int virVMXFormatVNC(virDomainGraphicsDef *def, virBuffer *buffer);
>  static int virVMXFormatDisk(virVMXContext *ctx, virDomainDiskDef *def,
> @@ -1938,6 +1939,18 @@ virVMXParseConfig(virVMXContext *ctx,
>  
>      def->nvideos = 1;
>  
> +    /* def:tpms */
> +    {
> +        virDomainTPMDef *tpm = NULL;
> +        if (virVMXParseTPM(conf, &tpm) < 0)
> +            goto cleanup;
> +
> +        VIR_DEBUG("Is vtpm present: %s",
> +                (tpm != NULL) ? "yes" : "no");

This is mis-aligned. And differently than in v1 and doesn't even exceed
maximul line size.

Also none of the other parsers in this file have a VIR_DEBUG statement.
Either drop it completely or just format it as:

           VIR_DEBUG("vTPM present: '%d'", !!tpm);


> +        if (tpm)
> +            VIR_APPEND_ELEMENT(def->tpms, def->ntpms, tpm);
> +    }

Re: [PATCH v2] libvirt: configure TPM device in the XML

Posted by Srihari Parimi via Devel 1 month ago

On Mon, Apr 20, 2026 at 3:16 PM Peter Krempa <pkrempa@redhat.com> wrote:

> In last review I've asked to fix the summary to mention 'vmx' instead of
> the redundant 'libvirt:'.
>

Yes changed - apologies to have missed last time


>
> On Mon, Apr 20, 2026 at 12:10:38 +0530, Srihari Parimi via Devel wrote:
> > Parses vtpm.present from VMX files and converts to libvirt TPM
> > device with CRB model and emulator backend. VMware vTPM uses
> > TPM 2.0 with the CRB
>
> In last review I've asked for a link to the document stating where the
> assumption to use TPM 2.0 comes from Cole provided it. Please include it
> as requested.
>
>
Included the document link which Cole provided. The CRB vs TIS - my google
search only shows recommendations to use CRB


> >
> > Signed-off-by: Srihari Parimi <sparimi@redhat.com>
> > ---
> >  src/vmx/vmx.c              | 34 ++++++++++++++++++++++++++++++++++
> >  tests/vmx2xmldata/vtpm.vmx | 22 ++++++++++++++++++++++
> >  tests/vmx2xmldata/vtpm.xml | 32 ++++++++++++++++++++++++++++++++
> >  tests/vmx2xmltest.c        |  2 ++
> >  4 files changed, 90 insertions(+)
> >  create mode 100644 tests/vmx2xmldata/vtpm.vmx
> >  create mode 100644 tests/vmx2xmldata/vtpm.xml
> >
> > diff --git a/src/vmx/vmx.c b/src/vmx/vmx.c
> > index 57dfd57cfc..9873794568 100644
> > --- a/src/vmx/vmx.c
> > +++ b/src/vmx/vmx.c
> > @@ -599,6 +599,7 @@ static int virVMXParseSerial(virVMXContext *ctx,
> virConf *conf, int port,
> >  static int virVMXParseParallel(virVMXContext *ctx, virConf *conf, int
> port,
> >                                 virDomainChrDef **def);
> >  static int virVMXParseSVGA(virConf *conf, virDomainVideoDef **def);
> > +static int virVMXParseTPM(virConf *conf, virDomainTPMDef **def);
> >
> >  static int virVMXFormatVNC(virDomainGraphicsDef *def, virBuffer
> *buffer);
> >  static int virVMXFormatDisk(virVMXContext *ctx, virDomainDiskDef *def,
> > @@ -1938,6 +1939,18 @@ virVMXParseConfig(virVMXContext *ctx,
> >
> >      def->nvideos = 1;
> >
> > +    /* def:tpms */
> > +    {
> > +        virDomainTPMDef *tpm = NULL;
> > +        if (virVMXParseTPM(conf, &tpm) < 0)
> > +            goto cleanup;
> > +
> > +        VIR_DEBUG("Is vtpm present: %s",
> > +                (tpm != NULL) ? "yes" : "no");
>
> This is mis-aligned. And differently than in v1 and doesn't even exceed
> maximul line size.
>
> Also none of the other parsers in this file have a VIR_DEBUG statement.
> Either drop it completely or just format it as:
>
>            VIR_DEBUG("vTPM present: '%d'", !!tpm);
>

I have removed this


>
>
> > +        if (tpm)
> > +            VIR_APPEND_ELEMENT(def->tpms, def->ntpms, tpm);
> > +    }
>
>