File 027-cli-Add-tpm-backend.profile.source-removeDisabled-support.patch of Package virt-manager
Subject: cli: Add --tpm backend.profile.{source,removeDisabled} support
From: Lin Ma lma@suse.de Mon Dec 30 19:44:58 2024 +0800
Date: Wed Jan 29 10:48:57 2025 +0100:
Git: f278c89b49bc4d1e46c8149fb0f1674d801b51c5
Swtpm since v0.10 supports to configure a TPM2 with a profile from file.
eg:
root@localhost:~ # cat /etc/swtpm/profiles/mytest.json
{
"Name": "custom:test",
"Algorithms":"rsa,rsa-min-size=1024,......"
}
root@localhost:~ # swtpm_setup --tpm2 --print-profiles | jq
{
"local": [
{
"Name": "mytest",
"Algorithms": "rsa,rsa-min-size=1024,......"
}
],
"builtin": [
{
"Name": "default-v1",
"StateFormatLevel": 7,
"Commands": "......",
"Algorithms": "rsa,rsa-min-size=1024,......",
"Description": "......"
},
{
"Name": "null",
"StateFormatLevel": 1,
"Commands": "......",
"Algorithms": "rsa,rsa-min-size=1024,......",
"Description": "......"
},
{
"Name": "custom",
"StateFormatLevel": 2,
"Commands": "......",
"Algorithms": "rsa,rsa-min-size=1024,......",
"Description": "......"
}
]
}
Libvirt supports it since v10.10.0
Let's add this feature into virt-install, eg:
root@localhost:~ # virt-install \
......\
--tpm model=tpm-tis,backend.version=2.0,\
backend.profile.source=local:mytest,backend.profile.removeDisabled=check
Signed-off-by: Lin Ma <lma@suse.de>
diff --git a/tests/data/cli/compare/virt-install-many-devices.xml b/tests/data/cli/compare/virt-install-many-devices.xml
index a841a380f..e34b487c3 100644
--- a/tests/data/cli/compare/virt-install-many-devices.xml
+++ b/tests/data/cli/compare/virt-install-many-devices.xml
@@ -791,6 +791,7 @@
<tpm model="tpm-tis">
<backend type="emulator" version="2.0" debug="3">
<source type="dir" path="/some/dir"/>
+ <profile source="local:mytest" removeDisabled="check"/>
</backend>
</tpm>
<graphics type="sdl" display=":3.4" xauth="/tmp/.Xauthority">
diff --git a/tests/test_cli.py b/tests/test_cli.py
index 5fc0a1c2f..4e0b2d8c0 100644
--- a/tests/test_cli.py
+++ b/tests/test_cli.py
@@ -800,7 +800,7 @@ source.reservations.managed=no,source.reservations.source.type=unix,source.reser
--tpm passthrough,model=tpm-crb,path=/dev/tpm0,backend.encryption.secret=11111111-2222-3333-4444-5555555555,backend.persistent_state=yes,backend.active_pcr_banks.sha1=on,backend.active_pcr_banks.sha256=yes,backend.active_pcr_banks.sha384=yes,backend.active_pcr_banks.sha512=yes,version=2.0
---tpm model=tpm-tis,backend.type=emulator,backend.version=2.0,backend.debug=3,backend.source.type=dir,backend.source.path=/some/dir
+--tpm model=tpm-tis,backend.type=emulator,backend.version=2.0,backend.debug=3,backend.source.type=dir,backend.source.path=/some/dir,backend.profile.source=local:mytest,backend.profile.removeDisabled=check
--watchdog ib700,action=pause
diff --git a/virtinst/cli.py b/virtinst/cli.py
index fa6145e8c..d8926cdad 100644
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -4370,6 +4370,8 @@ class ParserTPM(VirtCLIParser):
cls.add_arg("backend.debug", "debug")
cls.add_arg("backend.source.type", "source_type")
cls.add_arg("backend.source.path", "source_path")
+ cls.add_arg("backend.profile.source", "profile_source")
+ cls.add_arg("backend.profile.removeDisabled", "profile_removeDisabled")
cls.add_arg("backend.active_pcr_banks.sha1",
"active_pcr_banks.sha1", is_onoff=True)
diff --git a/virtinst/devices/tpm.py b/virtinst/devices/tpm.py
index 8b4023502..79ae224e8 100644
--- a/virtinst/devices/tpm.py
+++ b/virtinst/devices/tpm.py
@@ -44,6 +44,8 @@ class DeviceTpm(Device):
debug = XMLProperty("./backend/@debug")
source_type = XMLProperty("./backend/source/@type")
source_path = XMLProperty("./backend/source/@path")
+ profile_source = XMLProperty("./backend/profile/@source")
+ profile_removeDisabled = XMLProperty("./backend/profile/@removeDisabled")
active_pcr_banks = XMLChildProperty(_ActivePCRBanks, is_single=True,
relative_xpath="./backend")