From: Andrea Bolognani <abologna@redhat.com>
Date: Mon, 27 May 2024 16:38:52 +0000 (+0200)
Subject: qemu: Reject TPM 1.2 in most scenarios
X-Git-Tag: v10.5.0-rc1~106
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=971e7678057bd3698e1b0810e7c4c8a0bfa8ff90;p=thirdparty%2Flibvirt.git

qemu: Reject TPM 1.2 in most scenarios

Everywhere we use TPM 2.0 as our default, the chances of TPM
1.2 being supported by the guest OS are very slim. Just reject
such configurations outright.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---

diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index c08e1538f9..95af93d606 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -4755,23 +4755,19 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm,
 
         switch (version) {
         case VIR_DOMAIN_TPM_VERSION_1_2:
-            /* TPM 1.2 + CRB do not work */
-            if (tpm->model == VIR_DOMAIN_TPM_MODEL_CRB) {
+            /* Only tpm-tis supports TPM 1.2, and even that is only
+             * on x86: for all other models and architectures, we
+             * want TPM 2.0 */
+            if (tpm->model != VIR_DOMAIN_TPM_MODEL_TIS) {
                 virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                               _("Unsupported interface '%1$s' for TPM 1.2"),
+                               _("TPM 1.2 is not supported for model '%1$s'"),
                                virDomainTPMModelTypeToString(tpm->model));
                 return -1;
             }
-            /* TPM 1.2 + SPAPR do not work with any 'type' (backend) */
-            if (tpm->model == VIR_DOMAIN_TPM_MODEL_SPAPR) {
-                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                               _("TPM 1.2 is not supported with the SPAPR device model"));
-                return -1;
-            }
-            /* TPM 1.2 + ARM does not work */
-            if (qemuDomainIsARMVirt(def)) {
-                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                               _("TPM 1.2 is not supported on ARM"));
+            if (!ARCH_IS_X86(def->os.arch)) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                               _("TPM 1.2 is not supported on architecture '%1$s'"),
+                               virArchToString(def->os.arch));
                 return -1;
             }
             break;
diff --git a/tests/qemuxmlconfdata/aarch64-tpm-wrong-model.aarch64-latest.err b/tests/qemuxmlconfdata/aarch64-tpm-wrong-model.aarch64-latest.err
index a3a82fdcf5..44c6e7372b 100644
--- a/tests/qemuxmlconfdata/aarch64-tpm-wrong-model.aarch64-latest.err
+++ b/tests/qemuxmlconfdata/aarch64-tpm-wrong-model.aarch64-latest.err
@@ -1 +1 @@
-unsupported configuration: TPM 1.2 is not supported on ARM
+unsupported configuration: TPM 1.2 is not supported on architecture 'aarch64'