[PATCH] conf: Set SPAPR TPM default to 2.0 and prevent 1.2 choice

Wed Jul 8 14:19:11 UTC 2020

On 7/8/20 10:10 AM, Peter Krempa wrote:
> On Wed, Jul 08, 2020 at 09:57:56 -0400, Stefan Berger wrote:
>> From: Stefan Berger <stefanb at linux.ibm.com>
>>
>> The firmware (SLOF) on QEMU for ppc64 does not support TPM 1.2, so
>> prevent the choice of TPM 1.2 when the SPAPR device model is chosen
>> and use a default of '2.0' (TPM 2) for the backend.
>>
>> Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
>> ---
>>   src/qemu/qemu_validate.c | 14 ++++++++++++--
>>   1 file changed, 12 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
>> index bd7590a00a..f4d71aebf5 100644
>> --- a/src/qemu/qemu_validate.c
>> +++ b/src/qemu/qemu_validate.c
>> @@ -3645,8 +3645,12 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm,
>>       virQEMUCapsFlags flag;
>>   
>>       /* TPM 1.2 and 2 are not compatible, so we choose a specific version here */
>> -    if (tpm->version == VIR_DOMAIN_TPM_VERSION_DEFAULT)
>> -        tpm->version = VIR_DOMAIN_TPM_VERSION_1_2;
>> +    if (tpm->version == VIR_DOMAIN_TPM_VERSION_DEFAULT) {
>> +        if (tpm->model == VIR_DOMAIN_TPM_MODEL_SPAPR)
>> +            tpm->version = VIR_DOMAIN_TPM_VERSION_2_0;
>> +        else
>> +            tpm->version = VIR_DOMAIN_TPM_VERSION_1_2;
>> +    }
> This is the validation callback, which must not modify the config.
>
> qemuDomainDefTPMsPostParse is the correct place. Beaware that the
> function has a short-circuit condition at the beginning.

So should I remove the existing code that already set the version to 
VIR_DOMAIN_TPM_VERSION_1_2 and move this into that other function?

>
>>       switch (tpm->version) {
>>       case VIR_DOMAIN_TPM_VERSION_1_2:
>> @@ -3658,6 +3662,12 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm,
>>                              virDomainTPMModelTypeToString(tpm->model));
>>               return -1;
>>           }
>> +        /* TPM 1.2 + SPAPR do not work with any 'type' (backend) */
>> +        if (tpm->model == VIR_DOMAIN_TPM_MODEL_SPAPR) {
>> +            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
>> +                           _("TPM 1.2 is not supported with the SPAPR device model"));
>> +            return -1;
>> +        }
> This is okay as it validates the configuration.
>
>>           break;
>>       case VIR_DOMAIN_TPM_VERSION_2_0:
>>       case VIR_DOMAIN_TPM_VERSION_DEFAULT:
>> -- 
>> 2.17.1
>>