tpm-tis device for ARM virt

Jim Fehlig jfehlig at suse.com
Wed Feb 10 00:16:19 UTC 2021 

On 2/9/21 2:20 AM, Andrea Bolognani wrote:
> On Mon, 2021-02-08 at 17:30 -0700, Jim Fehlig wrote:
>> Hi All,
>>
>> I received a private bug report that starting a VM with swtpm device fails with
>> qemu-system-aarch64. The VM config has
>>
>>       <tpm model='tpm-tis'>
>>         <backend type='emulator' version='2.0'/>
>>        </tpm>
>>
>> QEMU reports the following error
>>
>> error: internal error: process exited while connecting to monitor:
>> 2021-02-07T05:15:35.378927Z qemu-system-aarch64: -device
>> tpm-tis,tpmdev=tpm-tpm0,id=tpm0: 'tpm-tis' is not a valid device model name
>>
>> Indeed it appears the device name is 'tpm-tis-device' [1][2] for ARM virt. The
>> similar yet different device naming between x86 and ARM is unfortunate. IIUC,
>> the devices are the same between the architectures, i.e. they both emulate a TPM
>> device conforming to the TIS spec. If so, adding a 'tpm-tis-device' to
>> virDomainTPMModel seems redundant. I assume the naming difference should be
>> handled internally, e.g. something like the below patch to qemuBuildTPMDevStr? I
>> can send a proper patch if this is an acceptable approach.
>>
>> Regards,
>> Jim
>>
>> [1] https://qemu.readthedocs.io/en/latest/specs/tpm.html
>> [2] https://github.com/qemu/qemu/commit/c294ac327ca99342b90bd3a83d2cef9b447afaa7
>>
>> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
>> index 92036d26c0..5154611ccd 100644
>> --- a/src/qemu/qemu_command.c
>> +++ b/src/qemu/qemu_command.c
>> @@ -9198,6 +9198,9 @@ qemuBuildTPMDevStr(const virDomainDef *def,
>>        g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
>>        const char *model = virDomainTPMModelTypeToString(tpm->model);
>>
>> +    if (tpm->model == VIR_DOMAIN_TPM_MODEL_TIS && def->os.arch == VIR_ARCH_AARCH64)
>> +        model = "tpm-tis-device";
>> +
>>        virBufferAsprintf(&buf, "%s,tpmdev=tpm-%s,id=%s",
>>                          model, tpm->info.alias, tpm->info.alias);
>>
> 
> This looks fairly reasonable. Please make sure you also include a
> test case for this usage.

Thanks for taking a look! I've included a test case.

> If you're feeling fancy, you might consider augmenting
> qemuValidateDomainDeviceDefTPM() to ensure VIR_DOMAIN_TPM_MODEL_TIS
> is only used on x86 or with the aarch64 virt machine type.

I've done this as well and provided packages to the reporter to test in his 
environment. I'll send the patches to the list after hearing the test results.

Regards,
Jim

More information about the libvir-list mailing list