qemu_validate: Validate TPM version

Supported TPM versions are reported in domain capabilities. These
are used already to validate TPM type and model, but not TPM
version. This is suboptimal, because otherwise we leave users to
meet the error when starting a guest and libvirt spawns swtpm
binary which in turn reports an error.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>

diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 7fa899e4111e399ae4e9420f864f96f389acae24..e0374b530ae2c60e1bfd38389220eedda921dd18 100644 (file)
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -4843,8 +4843,19 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm,
 {
     virDomainCapsDeviceTPM tpmCaps = { 0 };
 
+    virQEMUCapsFillDomainDeviceTPMCaps(qemuCaps, &tpmCaps);
+
     if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) {
-        switch (tpm->data.emulator.version) {
+        const virDomainTPMVersion version = tpm->data.emulator.version;
+
+        if (!VIR_DOMAIN_CAPS_ENUM_IS_SET(tpmCaps.backendVersion, version)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("TPM version '%s' is not supported"),
+                           virDomainTPMVersionTypeToString(version));
+            return -1;
+        }
+
+        switch (version) {
         case VIR_DOMAIN_TPM_VERSION_1_2:
             /* TPM 1.2 + CRB do not work */
             if (tpm->model == VIR_DOMAIN_TPM_MODEL_CRB) {
@@ -4873,8 +4884,6 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm,
         }
     }
 
-    virQEMUCapsFillDomainDeviceTPMCaps(qemuCaps, &tpmCaps);
-
     if (!VIR_DOMAIN_CAPS_ENUM_IS_SET(tpmCaps.backendModel, tpm->type)) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
                        _("The QEMU executable %s does not support TPM "