When 'swtpm_setup --print-capabilities' shows the 'tpm12-not-need-root'
flag, then it is possible to create certificates for the TPM 1.2 also
in non-privileged mode since swtpm_setup doesn't need tcsd anymore.
Check for this flag and create the certificates if this flag is found.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
if (!swtpm_setup)
return -1;
- if (!privileged && tpmversion == VIR_DOMAIN_TPM_VERSION_1_2)
+ if (!privileged && tpmversion == VIR_DOMAIN_TPM_VERSION_1_2 &&
+ !virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT)) {
return virFileWriteStr(logfile,
_("Did not create EK and certificates since "
"this requires privileged mode for a "
"TPM 1.2\n"), 0600);
+ }
if (!privileged && qemuTPMCreateConfigFiles(swtpm_setup) < 0)
return -1;
VIR_TPM_SWTPM_SETUP_FEATURE_LAST,
"cmdarg-pwdfile-fd",
"cmdarg-create-config-files",
+ "tpm12-not-need-root",
);
/**
typedef enum {
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PWDFILE_FD,
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES,
+ VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT,
VIR_TPM_SWTPM_SETUP_FEATURE_LAST
} virTPMSwtpmSetupFeature;
projects / thirdparty / libvirt.git / commitdiff
