From 971e7678057bd3698e1b0810e7c4c8a0bfa8ff90 Mon Sep 17 00:00:00 2001
From: Andrea Bolognani <abologna@redhat.com>
Date: Mon, 27 May 2024 18:38:52 +0200
Subject: [PATCH] qemu: Reject TPM 1.2 in most scenarios

Everywhere we use TPM 2.0 as our default, the chances of TPM
1.2 being supported by the guest OS are very slim. Just reject
such configurations outright.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_validate.c                      | 22 ++++++++-----------
 ...aarch64-tpm-wrong-model.aarch64-latest.err |  2 +-
 2 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index c08e1538f9..95af93d606 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -4755,23 +4755,19 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm,
 
         switch (version) {
         case VIR_DOMAIN_TPM_VERSION_1_2:
-            /* TPM 1.2 + CRB do not work */
-            if (tpm->model == VIR_DOMAIN_TPM_MODEL_CRB) {
+            /* Only tpm-tis supports TPM 1.2, and even that is only
+             * on x86: for all other models and architectures, we
+             * want TPM 2.0 */
+            if (tpm->model != VIR_DOMAIN_TPM_MODEL_TIS) {
                 virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                               _("Unsupported interface '%1$s' for TPM 1.2"),
+                               _("TPM 1.2 is not supported for model '%1$s'"),
                                virDomainTPMModelTypeToString(tpm->model));
                 return -1;
             }
-            /* TPM 1.2 + SPAPR do not work with any 'type' (backend) */
-            if (tpm->model == VIR_DOMAIN_TPM_MODEL_SPAPR) {
-                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                               _("TPM 1.2 is not supported with the SPAPR device model"));
-                return -1;
-            }
-            /* TPM 1.2 + ARM does not work */
-            if (qemuDomainIsARMVirt(def)) {
-                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                               _("TPM 1.2 is not supported on ARM"));
+            if (!ARCH_IS_X86(def->os.arch)) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                               _("TPM 1.2 is not supported on architecture '%1$s'"),
+                               virArchToString(def->os.arch));
                 return -1;
             }
             break;
diff --git a/tests/qemuxmlconfdata/aarch64-tpm-wrong-model.aarch64-latest.err b/tests/qemuxmlconfdata/aarch64-tpm-wrong-model.aarch64-latest.err
index a3a82fdcf5..44c6e7372b 100644
--- a/tests/qemuxmlconfdata/aarch64-tpm-wrong-model.aarch64-latest.err
+++ b/tests/qemuxmlconfdata/aarch64-tpm-wrong-model.aarch64-latest.err
@@ -1 +1 @@
-unsupported configuration: TPM 1.2 is not supported on ARM
+unsupported configuration: TPM 1.2 is not supported on architecture 'aarch64'
-- 
2.39.5