Bug 2103119
Summary: | [RFE] Expose supported TPM version in domCapabilities (via 'swtpm') | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | Kashyap Chamarthy <kchamart> |
Component: | libvirt | Assignee: | Michal Privoznik <mprivozn> |
libvirt sub component: | CLI & API | QA Contact: | Yanqiu Zhang <yanqzhan> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | unspecified | ||
Priority: | unspecified | CC: | chhu, jdenemar, lmen, mprivozn, virt-maint, xuzhang, yanqzhan |
Version: | 9.0 | Keywords: | AutomationTriaged, FutureFeature, Triaged, Upstream |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | libvirt-8.5.0-2.el9 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-11-15 10:04:39 UTC | Type: | Feature Request |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1782128 |
Description
Kashyap Chamarthy
2022-07-01 13:41:00 UTC
Patches posted on the list: https://listman.redhat.com/archives/libvir-list/2022-July/232763.html Merged upstream as: 430ab88ab1 qemu: Report supported TPM version in domcaps 1277a9c884 domcaps: Introduce TPM backendVersion 7b37763278 virtpm: Introduce TPM-1.2 and TPM-2.0 capabilieis 6a00c565c4 docs: Document TPM portion of domcaps v8.5.0-85-g430ab88ab1 All patches pushed after 8.5.0 upstream release need to be backported to make it into RHEL 9.1.0. To POST: https://gitlab.com/redhat/rhel/src/libvirt/-/merge_requests/34 https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=1293353 Tested on: libvirt-8.5.0-2.el9.x86_64 qemu-kvm-7.0.0-8.el9.x86_64 swtpm-0.7.0-3.20211109gitb79fd91.el9.x86_64 libtpms-0.9.1-2.20211126git1ff6fe1f43.el9.x86_64 # /usr/libexec/qemu-kvm -device help|grep tpm name "tpm-crb" name "tpm-tis", bus ISA # /usr/libexec/qemu-kvm -tpmdev help Supported TPM types (choose only one): emulator TPM emulator backend driver <== supported backend type # swtpm_setup --print-capabilities |jq { "type": "swtpm_setup", "features": [ "tpm-2.0", <== supported backend version "cmdarg-keyfile-fd", "cmdarg-pwdfile-fd", "tpm12-not-need-root", "cmdarg-write-ek-cert-files", "cmdarg-create-config-files", "cmdarg-reconfigure-pcr-banks", "tpm2-rsa-keysize-2048", "tpm2-rsa-keysize-3072" ], "version": "0.7.0" } # virsh domcapabilities ... <tpm supported='yes'> <enum name='model'> <value>tpm-tis</value> <value>tpm-crb</value> </enum> <enum name='backendModel'> <value>emulator</value> </enum> <enum name='backendVersion'> <value>2.0</value> </enum> </tpm> </devices> ... Work as expected. Test with a lower libtpms: libvirt-8.5.0-2.el9.x86_64 qemu-kvm-7.0.0-8.el9.x86_64 swtpm-0.7.0-3.20211109gitb79fd91.el9.x86_64 libtpms-0.8.2-0.20210301git729fc6a4ca.el9.7.x86_64 <== a lower version supports tpm1.2 (before bz1990152) # swtpm_setup --print-capabilities |jq { "type": "swtpm_setup", "features": [ "tpm-1.2", <== supported backend version "tpm-2.0", <== supported backend version "cmdarg-keyfile-fd", "cmdarg-pwdfile-fd", "tpm12-not-need-root", "cmdarg-write-ek-cert-files", "cmdarg-create-config-files", "cmdarg-reconfigure-pcr-banks", "tpm2-rsa-keysize-2048", "tpm2-rsa-keysize-3072" ], "version": "0.7.0" } # virsh domcapabilities|grep /tpm -B12 <tpm supported='yes'> <enum name='model'> <value>tpm-tis</value> <value>tpm-crb</value> </enum> <enum name='backendModel'> <value>emulator</value> </enum> <enum name='backendVersion'> <value>1.2</value> <value>2.0</value> </enum> </tpm> Work as expected. Hi Kashyap, The fix is available on brewweb: https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=2087909. Verification is pass in comment6 and comment7. Could you check whether it also works for you? Thanks. Verified with libvirt-8.5.0-3.el9.x86_64 qemu-kvm-7.0.0-9.el9.x86_64 swtpm-0.7.0-3.20211109gitb79fd91.el9.x86_64 libtpms-0.9.1-2.20211126git1ff6fe1f43.el9.x86_64 and libtpms-0.8.2-0.20210301git729fc6a4ca.el9.7.x86_64 Results are same with comment6 and comment7. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Low: libvirt security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:8003 (In reply to yanqzhan from comment #8) > Hi Kashyap, > > The fix is available on brewweb: > https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=2087909. > Verification is pass in comment6 and comment7. Could you check whether it > also works for you? > Thanks. Hi! I'm asking our fine Compute QE, James Parker, to test it. He's on it. |