[PATCH] qemu: tpm: Enable creation of certs for TPM 1.2 in non-privileged mode
Michal Prívozník
mprivozn at redhat.com
Mon Nov 1 14:53:00 UTC 2021
On 10/30/21 6:01 AM, Stefan Berger wrote:
> When 'swtpm_setup --print-capabilities' shows the 'tpm12-not-need-root'
> flag, then it is possible to create certificates for the TPM 1.2 also
> in non-privileged mode since swtpm_setup doesn't need tcsd anymore.
> Check for this flag and create the certificates if this flag is found.
>
> Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
> ---
> src/qemu/qemu_tpm.c | 5 ++++-
> src/util/virtpm.c | 1 +
> src/util/virtpm.h | 1 +
> 3 files changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
> index e1b08a66c5..91e21ae646 100644
> --- a/src/qemu/qemu_tpm.c
> +++ b/src/qemu/qemu_tpm.c
> @@ -463,11 +463,14 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
> if (!swtpm_setup)
> return -1;
>
> - if (!privileged && tpmversion == VIR_DOMAIN_TPM_VERSION_1_2)
> + if (!privileged && tpmversion == VIR_DOMAIN_TPM_VERSION_1_2 &&
> + !virTPMSwtpmSetupCapsGet(
> + VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT)) {
It's okay if this is on one line. The 80 character limit is more a
suggestion and I find it more readable if it's all on one line.
Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
and pushed.
Michal
More information about the libvir-list
mailing list