qemu: explicit swtpm state locking

With upcoming v0.10 swtpm (commit
https://github.com/stefanberger/swtpm/commit/aa483aeb6df87ed56ccf3d5778d6fd8019089bda),
file locking with "lock" option is now supported and reflected in
"tpmstate-opt-lock" capability.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index bf94b6ac0dd36a0b9b752243ba2132006b4ed6f2..edd10ca2f6b2c19bd4c325252ce77b61212b1513 100644 (file)
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -344,16 +344,23 @@ static char *
 qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSourceType source_type,
                              const char *source_path)
 {
+    const char *lock = ",lock";
+
+    if (!virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK)) {
+        VIR_WARN("This swtpm version doesn't support explicit locking");
+        lock = "";
+    }
+
     switch (source_type) {
     case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE:
         /* the file:// prefix is supported since swtpm_setup 0.7.0 */
         /* assume the capability check for swtpm is redundant. */
-        return g_strdup_printf("file://%s", source_path);
+        return g_strdup_printf("file://%s%s", source_path, lock);
     case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR:
     case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT:
     case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST:
     default:
-        return g_strdup_printf("%s", source_path);
+        return g_strdup_printf("%s%s", source_path, lock);
     }
 }
 

diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index 298caaad80923fbd0edf58463cf6d1ffe50e0229..8dcd3f90d9a02bad2e4fd1698931845e0ea70137 100644 (file)
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -52,6 +52,7 @@ VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
               "cmdarg-reconfigure-pcr-banks",
               "tpm-1.2",
               "tpm-2.0",
+              "tpmstate-opt-lock",
 );
 
 /**

diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index 99dbcc1dc8932c3ed0f8fc3472bc254d6f56fb76..279cb7e976ce0ef5fdf03133bc3ae7333ec67beb 100644 (file)
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -44,6 +44,7 @@ typedef enum {
     VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS,
     VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2,
     VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0,
+    VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK,
 
     VIR_TPM_SWTPM_SETUP_FEATURE_LAST
 } virTPMSwtpmSetupFeature;

diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index 4daee432e5e85e55291e023d86eba6f6beca4c87..f40bfa873c46056904e7d19aef807427a0489771 100644 (file)
--- a/tests/testutilsqemu.c
+++ b/tests/testutilsqemu.c
@@ -71,6 +71,7 @@ virTPMSwtpmSetupCapsGet(virTPMSwtpmSetupFeature cap)
     case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES:
     case VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT:
     case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS:
+    case VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK:
     case VIR_TPM_SWTPM_SETUP_FEATURE_LAST:
         break;
     }