From: Andrea Bolognani <abologna@redhat.com>
Date: Tue, 4 Jun 2024 16:40:29 +0000 (+0200)
Subject: qemu: Default to TPM 2.0 in most scenarios
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=220b2690da53643d36b6883014d5b0490882f52b;p=libvirt.git

qemu: Default to TPM 2.0 in most scenarios

TPM 1.2 is a pretty bad default these days, especially for
architectures which were introduced when TPM 2.0 already existed.

We're already carving out exceptions for several scenarios, but
that's basically backwards: at this point, using TPM 1.2 is the
exception.

Restructure the code so that it reflects reality and we don't
have to remember to update it every time a new architecture is
introduced.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index bda62f2e5c..7ba2ea4a5e 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -6180,12 +6180,15 @@ qemuDomainTPMDefPostParse(virDomainTPMDef *tpm,
     /* TPM 1.2 and 2 are not compatible, so we choose a specific version here */
     if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR &&
         tpm->data.emulator.version == VIR_DOMAIN_TPM_VERSION_DEFAULT) {
-        if (tpm->model == VIR_DOMAIN_TPM_MODEL_SPAPR ||
-            tpm->model == VIR_DOMAIN_TPM_MODEL_CRB ||
-            qemuDomainIsARMVirt(def))
-            tpm->data.emulator.version = VIR_DOMAIN_TPM_VERSION_2_0;
-        else
+        /* tpm-tis on x86 defaults to TPM 1.2 to preserve the
+         * historical behavior, but in all other scenarios we want
+         * TPM 2.0 instead */
+        if (tpm->model == VIR_DOMAIN_TPM_MODEL_TIS &&
+            ARCH_IS_X86(def->os.arch)) {
             tpm->data.emulator.version = VIR_DOMAIN_TPM_VERSION_1_2;
+        } else {
+            tpm->data.emulator.version = VIR_DOMAIN_TPM_VERSION_2_0;
+        }
     }
 
     return 0;
diff --git a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.xml b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.xml
index a3a701b8e4..6712c2d831 100644
--- a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.xml
+++ b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.abi-update.xml
@@ -59,7 +59,7 @@
       <target type='serial' port='0'/>
     </console>
     <tpm model='tpm-tis'>
-      <backend type='emulator' version='1.2'/>
+      <backend type='emulator' version='2.0'/>
     </tpm>
     <audio id='1' type='none'/>
     <video>
diff --git a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.xml b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.xml
index a3a701b8e4..6712c2d831 100644
--- a/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.xml
+++ b/tests/qemuxmlconfdata/riscv64-virt-default-models.riscv64-latest.xml
@@ -59,7 +59,7 @@
       <target type='serial' port='0'/>
     </console>
     <tpm model='tpm-tis'>
-      <backend type='emulator' version='1.2'/>
+      <backend type='emulator' version='2.0'/>
     </tpm>
     <audio id='1' type='none'/>
     <video>