[PATCH 3/4] qemu_validate: Validate TPM version

Michal Privoznik mprivozn at redhat.com
Tue Aug 2 10:27:56 UTC 2022


Supported TPM versions are reported in domain capabilities. These
are used already to validate TPM type and model, but not TPM
version. This is suboptimal, because otherwise we leave users to
meet the error when starting a guest and libvirt spawns swtpm
binary which in turn reports an error.

Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
---
 src/qemu/qemu_validate.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 48bd40db9f..3b95b1feec 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -4794,8 +4794,19 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm,
 {
     virDomainCapsDeviceTPM tpmCaps = { 0 };
 
+    virQEMUCapsFillDomainDeviceTPMCaps(qemuCaps, &tpmCaps);
+
     if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) {
-        switch (tpm->data.emulator.version) {
+        const virDomainTPMVersion version = tpm->data.emulator.version;
+
+        if (!VIR_DOMAIN_CAPS_ENUM_IS_SET(tpmCaps.backendVersion, version)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("TPM version '%s' is not supported"),
+                           virDomainTPMVersionTypeToString(version));
+            return -1;
+        }
+
+        switch (version) {
         case VIR_DOMAIN_TPM_VERSION_1_2:
             /* TPM 1.2 + CRB do not work */
             if (tpm->model == VIR_DOMAIN_TPM_MODEL_CRB) {
@@ -4824,8 +4835,6 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm,
         }
     }
 
-    virQEMUCapsFillDomainDeviceTPMCaps(qemuCaps, &tpmCaps);
-
     if (!VIR_DOMAIN_CAPS_ENUM_IS_SET(tpmCaps.backendModel, tpm->type)) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
                        _("The QEMU executable %s does not support TPM "
-- 
2.35.1



More information about the libvir-list mailing list