diff options
| author | Daniel P. Berrangé <berrange@redhat.com> | 2021-11-24 16:05:16 +0000 |
|---|---|---|
| committer | Cole Robinson <crobinso@redhat.com> | 2022-01-21 17:49:15 -0500 |
| commit | eb58c09f488b0633ed1eea012cd311e48864401e (patch) | |
| tree | 5cd8cda9b16d3c0c1198feedd234a7676954a952 /virtinst/guest.py | |
| parent | 7e1f886aa990ee462962b264cb412b749a23a9cb (diff) | |
| download | virt-manager-master.tar.gz | |
virtinst/guest: enable a TPM by default if UEFI is presentmaster
The bare metal world is moving to a situation where UEFI is going to be
the only supported firmware and there will be a strong expectation for
TPM and SecureBoot support.
With this in mind, if we're enabling UEFI on a VM, it makes sense to
also provide a TPM alongside it.
Since this requires swtpm to be installed we can't do this
unconditionally. The forthcoming libvirt release expands the domain
capabilities to report whether TPMs are supported, so we check that.
The user can disable the default TPM by requesting --tpm none
https://github.com/virt-manager/virt-manager/issues/310
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'virtinst/guest.py')
| -rw-r--r-- | virtinst/guest.py | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/virtinst/guest.py b/virtinst/guest.py index f11a105e..4e767dd0 100644 --- a/virtinst/guest.py +++ b/virtinst/guest.py @@ -199,6 +199,7 @@ class Guest(XMLBuilder): self.skip_default_usbredir = False self.skip_default_graphics = False self.skip_default_rng = False + self.skip_default_tpm = False self.x86_cpu_default = self.cpu.SPECIAL_MODE_APP_DEFAULT self.skip_default_osinfo = False @@ -724,6 +725,11 @@ class Guest(XMLBuilder): self._add_default_channels() self._add_default_rng() self._add_default_memballoon() + if self.is_uefi(): + # If the guest is using UEFI, we take that as a + # flag that the VM is targeting a modern platform + # and thus we should also provide an emulated TPM. + self._add_default_tpm() self.clock.set_defaults(self) self.cpu.set_defaults(self) @@ -947,6 +953,21 @@ class Guest(XMLBuilder): dev.device = "/dev/urandom" self.add_device(dev) + def _add_default_tpm(self): + if self.skip_default_tpm: + return + if self.devices.tpm: + return + + if not self.lookup_domcaps().supports_tpm_emulator(): + log.debug("Domain caps doesn't report TPM support") + return + + log.debug("Adding default TPM") + dev = DeviceTpm(self.conn) + dev.type = DeviceTpm.TYPE_EMULATOR + self.add_device(dev) + def _add_default_memballoon(self): if self.devices.memballoon: return |