shaba/virt-manager
1
0
Fork 0
mirror of https://github.com/virt-manager/virt-manager.git synced 2025-01-08 21:18:04 +03:00
Code Issues Projects Releases Wiki Activity

devices: tpm: Rework defaults

Browse Source 
The code previously was just encoding the same defaults as libvirt,
which doesn't really add anything.

Instead, let's prefer type='emulator' model='tpm-crb', which
gives the most modern virtualization friendly config. When we don't
know if that will work, we mostly leave things up to libvirt to fill
in.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
This commit is contained in:
Cole Robinson 2022-02-17 14:51:04 -05:00
parent 39731b8bf7
commit d70d4e6e7a
15 changed files with 59 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
man/virt-install.rst
View File

@ -1851,6 +1851,9 @@ Configure a virtual TPM device. Examples:
``--tpm emulator``
Request an emulated TPM device.
``--tpm default``
Request virt-install to fill in a modern recommended default
Use --tpm=? to see a list of all available sub options.
Complete details at https://libvirt.org/formatdomain.html#elementsTpm

2
tests/data/cli/compare/virt-install-boot-uefi.xml
View File

@ -50,7 +50,7 @@
<target type="virtio" name="com.redhat.spice.0"/>
</channel>
<input type="tablet" bus="usb"/>
<tpm model="tpm-tis">
<tpm model="tpm-crb">
<backend type="emulator"/>
</tpm>
<graphics type="spice" port="-1" tlsPort="-1" autoport="yes">

4
tests/data/cli/compare/virt-install-kvm-i686-uefi.xml
View File

@ -47,7 +47,7 @@
<target type="virtio" name="com.redhat.spice.0"/>
</channel>
<input type="tablet" bus="usb"/>
<tpm model="tpm-tis">
<tpm model="tpm-crb">
<backend type="emulator"/>
</tpm>
<graphics type="spice" port="-1" tlsPort="-1" autoport="yes">
@ -108,7 +108,7 @@
<target type="virtio" name="com.redhat.spice.0"/>
</channel>
<input type="tablet" bus="usb"/>
<tpm model="tpm-tis">
<tpm model="tpm-crb">
<backend type="emulator"/>
</tpm>
<graphics type="spice" port="-1" tlsPort="-1" autoport="yes">

2
tests/data/cli/compare/virt-install-many-devices.xml
View File

@ -459,7 +459,7 @@
<source dev="/dev/input/event1234" repeat="on" grab="all" grabToggle="ctrl-ctrl"/>
</input>
<tpm model="tpm-crb">
<backend type="emulator" version="2.0"/>
<backend type="emulator"/>
</tpm>
<graphics type="sdl" display=":3.4" xauth="/tmp/.Xauthority">
<ab>cd</ab>

37
tests/data/cli/compare/virt-install-ppc64-pseries-tpm.xml
View File

@ -1,37 +0,0 @@
<domain type="qemu">
<name>vm-ppc64</name>
<uuid>00000000-1111-2222-3333-444444444444</uuid>
<memory>65536</memory>
<currentMemory>65536</currentMemory>
<vcpu>1</vcpu>
<os>
<type arch="ppc64" machine="pseries">hvm</type>
<boot dev="network"/>
</os>
<clock offset="utc"/>
<devices>
<emulator>/usr/bin/qemu-system-ppc64</emulator>
<disk type="file" device="disk">
<driver name="qemu" type="qcow2"/>
<source file="/dev/default-pool/testvol1.img"/>
<target dev="vda" bus="virtio"/>
</disk>
<controller type="usb" model="qemu-xhci" ports="15"/>
<console type="pty"/>
<channel type="unix">
<source mode="bind"/>
<target type="virtio" name="org.qemu.guest_agent.0"/>
</channel>
<input type="tablet" bus="usb"/>
<input type="keyboard" bus="usb"/>
<tpm model="tpm-spapr">
<backend type="passthrough">
<device path="/dev/tpm0"/>
</backend>
</tpm>
<graphics type="vnc" port="-1"/>
<video>
<model type="vga"/>
</video>
</devices>
</domain>

3
tests/data/cli/compare/virt-install-ppc64le-kvm-import.xml
View File

@ -34,6 +34,9 @@
</channel>
<input type="tablet" bus="usb"/>
<input type="keyboard" bus="usb"/>
<tpm>
<backend type="emulator"/>
</tpm>
<graphics type="vnc" port="-1"/>
<video>
<model type="vga"/>

2
tests/data/cli/compare/virt-install-qemu-plain.xml
View File

@ -52,7 +52,7 @@
</interface>
<console type="pty"/>
<input type="tablet" bus="usb"/>
<tpm model="tpm-tis">
<tpm model="tpm-crb">
<backend type="emulator"/>
</tpm>
<graphics type="vnc" port="-1"/>

2
tests/data/cli/compare/virt-install-singleton-config-1.xml
View File

@ -81,7 +81,7 @@
<controller type="pci" model="pcie-root-port"/>
<controller type="pci" model="pcie-root-port"/>
<input type="tablet" bus="usb"/>
<tpm model="tpm-tis">
<tpm>
<backend type="passthrough">
<device path="/dev/tpm0"/>
</backend>

4
tests/data/cli/compare/virt-install-singleton-config-2.xml
View File

@ -228,7 +228,7 @@
</channel>
<input type="tablet" bus="usb"/>
<tpm model="tpm-crb">
<backend type="passthrough" persistent_state="yes">
<backend type="passthrough" version="2.0" persistent_state="yes">
<device path="/dev/tpm0"/>
<encryption secret="11111111-2222-3333-4444-5555555555"/>
</backend>
@ -540,7 +540,7 @@
</channel>
<input type="tablet" bus="usb"/>
<tpm model="tpm-crb">
<backend type="passthrough" persistent_state="yes">
<backend type="passthrough" version="2.0" persistent_state="yes">
<device path="/dev/tpm0"/>
<encryption secret="11111111-2222-3333-4444-5555555555"/>
</backend>

4
tests/data/cli/compare/virt-install-win7-uefi.xml
View File

@ -88,7 +88,7 @@
<target type="virtio" name="com.redhat.spice.0"/>
</channel>
<input type="tablet" bus="usb"/>
<tpm model="tpm-tis">
<tpm model="tpm-crb">
<backend type="emulator"/>
</tpm>
<graphics type="spice" port="-1" tlsPort="-1" autoport="yes">
@ -190,7 +190,7 @@
<target type="virtio" name="com.redhat.spice.0"/>
</channel>
<input type="tablet" bus="usb"/>
<tpm model="tpm-tis">
<tpm model="tpm-crb">
<backend type="emulator"/>
</tpm>
<graphics type="spice" port="-1" tlsPort="-1" autoport="yes">

2
tests/data/cli/compare/virt-xml-build-tpm.xml
View File

@ -1,4 +1,4 @@
<tpm model="tpm-tis">
<tpm>
<backend type="passthrough">
<device path="/dev/tpm"/>
</backend>

7
tests/test_cli.py
View File

@ -565,7 +565,7 @@ memnode0.cellid=1,memnode0.mode=strict,memnode0.nodeset=2
--filesystem /foo/source,/bar/target,fmode=0123,dmode=0345
--memballoon virtio,autodeflate=on,stats.period=10,freePageReporting=on
--watchdog ib700,action=pause
--tpm passthrough,model=tpm-crb,path=/dev/tpm0,backend.encryption.secret=11111111-2222-3333-4444-5555555555,backend.persistent_state=yes,active_pcr_banks.sha1=on,active_pcr_banks.sha256=yes,active_pcr_banks.sha384=yes,active_pcr_banks.sha512=yes
--tpm passthrough,model=tpm-crb,path=/dev/tpm0,backend.encryption.secret=11111111-2222-3333-4444-5555555555,backend.persistent_state=yes,active_pcr_banks.sha1=on,active_pcr_banks.sha256=yes,active_pcr_banks.sha384=yes,active_pcr_banks.sha512=yes,version=2.0
--rng egd,backend_host=127.0.0.1,backend_service=8000,backend_type=udp,backend_mode=bind,backend_connect_host=foo,backend_connect_service=708,rate.bytes=1234,rate.period=1000,model=virtio
--panic iobase=0x506
--shmem shmem0,role=master,model.type=ivshmem-plain,size=8,size.unit=M
@ -746,7 +746,7 @@ source.reservations.managed=no,source.reservations.source.type=unix,source.reser
--vsock cid=17
--tpm emulator,model=tpm-crb,version=2.0
--tpm default
--qemu-commandline env=DISPLAY=:0.1
--qemu-commandline="-display gtk,gl=on"
@ -1050,8 +1050,7 @@ c.add_valid("--connect " + utils.URIs.kvm_x86_session + " --install fedora21", p
c.add_compare("--machine pseries --boot arch=ppc64,network --disk %(EXISTIMG1)s --disk device=cdrom --os-variant fedora20 --network none", "ppc64-pseries-f20")
c.add_compare("--arch ppc64 --boot network --disk %(EXISTIMG1)s --os-variant fedora20 --network none", "ppc64-machdefault-f20")
c.add_compare("--connect %(URI-KVM-PPC64LE)s --import --disk %(EXISTIMG1)s --os-variant fedora20 --panic default", "ppc64le-kvm-import")
c.add_compare("--arch ppc64 --machine pseries --boot network --disk %(EXISTIMG1)s --graphics vnc --network none --tpm /dev/tpm0", "ppc64-pseries-tpm") # default TPM for ppc64
c.add_compare("--connect %(URI-KVM-PPC64LE)s --import --disk %(EXISTIMG1)s --os-variant fedora20 --panic default --tpm default", "ppc64le-kvm-import")
###############

6
virtinst/cli.py
View File

@ -4107,8 +4107,14 @@ class ParserTPM(VirtCLIParser):
self.guest.skip_default_tpm = True
return
# Handle --tpm /dev/tpm0
if (self.optdict.get("type", "").startswith("/")):
self.optdict["path"] = self.optdict.pop("type")
# Let --tpm default,... hit our DeviceTpm defaults code
if self.optdict.get("type") == "default":
self.optdict.pop("type")
return super()._parse(inst)
@classmethod

35
virtinst/devices/tpm.py
View File

@ -49,11 +49,32 @@ class DeviceTpm(Device):
# Default config #
##################
def set_defaults(self, guest):
if not self.type:
self.type = self.TYPE_PASSTHROUGH
if not self.model:
self.model = self.MODEL_TIS
@staticmethod
def default_model(guest):
domcaps = guest.lookup_domcaps()
if guest.os.is_ppc64():
self.model = self.MODEL_SPAPR
if not domcaps.devices.tpm.present and not guest.os.is_pseries():
# Preserve the old default when domcaps is old
return DeviceTpm.MODEL_CRB
if domcaps.devices.tpm.get_enum("model").has_value(DeviceTpm.MODEL_CRB):
# CRB is the modern version, and it implies version 2.0
return DeviceTpm.MODEL_CRB
# Let libvirt decide so we don't need to duplicate its arch logic
return None
def set_defaults(self, guest):
if self.device_path and not self.type:
self.type = self.TYPE_PASSTHROUGH
if not self.type:
# Libvirt requires a backend type to be specified. 'emulator'
# may not be available if swtpm is not installed, but trying to
# fallback to 'passthrough' in that case isn't really workable.
# Instead we specify it unconditionally and let libvirt error.
self.type = self.TYPE_EMULATOR
# passthrough and model and version are all interconnected, so
# don't try to set a default model if other bits are set
if (self.type == self.TYPE_EMULATOR and
not self.model and not self.version):
self.model = self.default_model(guest)

5
virtinst/domcapabilities.py
View File

@ -42,8 +42,13 @@ class _Enum(_HasValues):
class _CapsBlock(_HasValues):
supported = XMLProperty("./@supported", is_yesno=True)
_supported_present = XMLProperty("./@supported")
enums = XMLChildProperty(_Enum)
@property
def present(self):
return self._supported_present is not None
def enum_names(self):
return [e.name for e in self.enums]