[libvirt PATCH 2/3] qemu: fill in domain capabilities for TPMs

Wed Nov 24 10:51:29 UTC 2021

On 11/24/21 10:10, Peter Krempa wrote:
> On Tue, Nov 23, 2021 at 18:04:07 +0000, Daniel P. Berrangé wrote:
>> This reports what TPM features QEMU supports, provided that swtpm is
>> installed in the host.
>>
>> Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
>> ---
> 
> [...]
> 
>> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
>> index a4c492dde2..374909bef2 100644
>> --- a/src/qemu/qemu_capabilities.c
>> +++ b/src/qemu/qemu_capabilities.c
> 
> [...]
> 
>> @@ -6206,6 +6207,35 @@ virQEMUCapsFillDomainDeviceFSCaps(virQEMUCaps *qemuCaps,
>>  }
>>  
>>  
>> +void
>> +virQEMUCapsFillDomainDeviceTPMCaps(virQEMUCaps *qemuCaps,
>> +                                   virDomainCapsDeviceTPM *tpm)
>> +{
>> +    if (virTPMEmulatorInit() < 0) {
>> +        virResetLastError();
> 
> Resetting the error here is not acceptable as it pollutes logs with:
> 
> 2021-11-24 08:58:21.996+0000: 3685776: error : virTPMEmulatorInit:313 : Unable to find 'swtpm' binary in $PATH: No such file or directory
> 
> each time capabilities are queried. You will certainly need a "quiet"
> variant of this function.
> 
> 
>> +        tpm->supported = VIR_TRISTATE_BOOL_NO;
>> +    } else {
>> +        tpm->supported = VIR_TRISTATE_BOOL_YES;
>> +        tpm->model.report = true;
>> +        tpm->backendModel.report = true;
>> +
>> +        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_TIS))
>> +            VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_TIS);
>> +        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_CRB))
>> +            VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_CRB);
>> +        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_SPAPR))
>> +            VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_SPAPR);
>> +        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_SPAPR_TPM_PROXY))
>> +            VIR_DOMAIN_CAPS_ENUM_SET(tpm->model, VIR_DOMAIN_TPM_MODEL_SPAPR_PROXY);
> 
> In certain versions (visible in the next commit) neither of the above is
> supported which resutls in:
> 
> diff --git a/tests/domaincapsdata/qemu_2.11.0.s390x.xml b/tests/domaincapsdata/qemu_2.11.0.s390x.xml
> index 804bf8020e..f76624ffc8 100644
> --- a/tests/domaincapsdata/qemu_2.11.0.s390x.xml
> +++ b/tests/domaincapsdata/qemu_2.11.0.s390x.xml
> @@ -205,7 +205,12 @@
>          <value>handle</value>
>        </enum>
>      </filesystem>
> -    <tpm supported='no'/>
> +    <tpm supported='yes'>
> +      <enum name='model'/>
> +      <enum name='backendModel'>
> +        <value>emulator</value>
> +      </enum>
> +    </tpm>
>    </devices>
>    <features>
>      <gic supported='no'/>
> 
> Does it even make sense to show that TPM is supported?

I think it does. Because domain capabilities XML is not QEMU specific.
If 'virsh domcapabilities' was ran against say LXC it wouldn't show TPM.
Or am I misunderstanding your question?

Michal