diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c index e576bca165fe20e7858bf959df8caea50029766e..af52466421272b457cee03e20852aca89fa91120 100644 --- a/src/qemu/qemu_extdevice.c +++ b/src/qemu/qemu_extdevice.c @@ -128,7 +128,8 @@ qemuExtDevicesCleanupHost(virQEMUDriverPtr driver, int qemuExtDevicesStart(virQEMUDriverPtr driver, virDomainObjPtr vm, - qemuDomainLogContextPtr logCtxt) + qemuDomainLogContextPtr logCtxt, + bool incomingMigration) { int ret = 0; @@ -136,7 +137,7 @@ qemuExtDevicesStart(virQEMUDriverPtr driver, return -1; if (vm->def->tpm) - ret = qemuExtTPMStart(driver, vm, logCtxt); + ret = qemuExtTPMStart(driver, vm, logCtxt, incomingMigration); return ret; } diff --git a/src/qemu/qemu_extdevice.h b/src/qemu/qemu_extdevice.h index bbdb9a1cc29f3a491613d6002ce4a50be8a287c8..5a53c79f384bf24541e97be2fa0ad2d69bfd3409 100644 --- a/src/qemu/qemu_extdevice.h +++ b/src/qemu/qemu_extdevice.h @@ -40,7 +40,8 @@ void qemuExtDevicesCleanupHost(virQEMUDriverPtr driver, int qemuExtDevicesStart(virQEMUDriverPtr driver, virDomainObjPtr vm, - qemuDomainLogContextPtr logCtxt) + qemuDomainLogContextPtr logCtxt, + bool incomingMigration) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) ATTRIBUTE_RETURN_CHECK; diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 53b8ff36f60615a77ca447eafb464c11499a7460..bbd3d9596a2ff5d5d5bf0963eefc5c2f70d1d753 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -6774,7 +6774,7 @@ qemuProcessLaunch(virConnectPtr conn, if (qemuProcessGenID(vm, flags) < 0) goto cleanup; - if (qemuExtDevicesStart(driver, vm, logCtxt) < 0) + if (qemuExtDevicesStart(driver, vm, logCtxt, incoming != NULL) < 0) goto cleanup; VIR_DEBUG("Building emulator command line"); diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 66d3fde160379fa919c798ef227b05a98d56d5e0..98fe8a38b4278f6a5985ea617d08541e2c972ac1 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -453,6 +453,7 @@ qemuTPMSetupEncryption(const unsigned char *secretuuid, * for the user given by userid or 'tss' * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2 * @encryption: pointer to virStorageEncryption holding secret + * @incomingMigration: whether we have an incoming migration * * Setup the external swtpm by creating endorsement key and * certificates for it. @@ -466,7 +467,8 @@ qemuTPMEmulatorRunSetup(const char *storagepath, gid_t swtpm_group, const char *logfile, const virDomainTPMVersion tpmversion, - const unsigned char *secretuuid) + const unsigned char *secretuuid, + bool incomingMigration) { virCommandPtr cmd = NULL; int exitstatus; @@ -525,16 +527,23 @@ qemuTPMEmulatorRunSetup(const char *storagepath, pwdfile_fd = -1; } - virCommandAddArgList(cmd, - "--tpm-state", storagepath, - "--vmid", vmid, - "--logfile", logfile, - "--createek", - "--create-ek-cert", - "--create-platform-cert", - "--lock-nvram", - "--not-overwrite", - NULL); + if (!incomingMigration) { + virCommandAddArgList(cmd, + "--tpm-state", storagepath, + "--vmid", vmid, + "--logfile", logfile, + "--createek", + "--create-ek-cert", + "--create-platform-cert", + "--lock-nvram", + "--not-overwrite", + NULL); + } else { + virCommandAddArgList(cmd, + "--tpm-state", storagepath, + "--overwrite", + NULL); + } virCommandClearCaps(cmd); @@ -568,6 +577,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath, * @swtpmStateDir: the directory where swtpm writes the pid file and creates the * Unix socket * @shortName: the short name of the VM + * @incomingMigration: whether we have an incoming migration * * Create the virCommand use for starting the emulator * Do some initializations on the way, such as creation of storage @@ -581,7 +591,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, uid_t swtpm_user, gid_t swtpm_group, const char *swtpmStateDir, - const char *shortName) + const char *shortName, + bool incomingMigration) { virCommandPtr cmd = NULL; bool created = false; @@ -605,7 +616,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, qemuTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vmuuid, privileged, swtpm_user, swtpm_group, tpm->data.emulator.logfile, tpm->version, - secretuuid) < 0) + secretuuid, incomingMigration) < 0) goto error; unlink(tpm->data.emulator.source.data.nix.path); @@ -814,6 +825,7 @@ qemuExtTPMCleanupHost(virDomainDefPtr def) * @driver: QEMU driver * @vm: the domain object * @logCtxt: log context + * @incomingMigration: whether we have an incoming migration * * Start the external TPM Emulator: * - have the command line built @@ -822,7 +834,8 @@ qemuExtTPMCleanupHost(virDomainDefPtr def) static int qemuExtTPMStartEmulator(virQEMUDriverPtr driver, virDomainObjPtr vm, - qemuDomainLogContextPtr logCtxt) + qemuDomainLogContextPtr logCtxt, + bool incomingMigration) { int ret = -1; virCommandPtr cmd = NULL; @@ -846,7 +859,8 @@ qemuExtTPMStartEmulator(virQEMUDriverPtr driver, driver->privileged, cfg->swtpm_user, cfg->swtpm_group, - cfg->swtpmStateDir, shortName))) + cfg->swtpmStateDir, shortName, + incomingMigration))) goto cleanup; if (qemuExtDeviceLogCommand(logCtxt, cmd, "TPM Emulator") < 0) @@ -903,14 +917,15 @@ qemuExtTPMStartEmulator(virQEMUDriverPtr driver, int qemuExtTPMStart(virQEMUDriverPtr driver, virDomainObjPtr vm, - qemuDomainLogContextPtr logCtxt) + qemuDomainLogContextPtr logCtxt, + bool incomingMigration) { int ret = 0; virDomainTPMDefPtr tpm = vm->def->tpm; switch (tpm->type) { case VIR_DOMAIN_TPM_TYPE_EMULATOR: - ret = qemuExtTPMStartEmulator(driver, vm, logCtxt); + ret = qemuExtTPMStartEmulator(driver, vm, logCtxt, incomingMigration); break; case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: case VIR_DOMAIN_TPM_TYPE_LAST: diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h index 74c9924d682574685a1c4fd07d0f352d6d7325bc..5f454d3580cf86a0855af1e9ef33245d7e02d88d 100644 --- a/src/qemu/qemu_tpm.h +++ b/src/qemu/qemu_tpm.h @@ -37,7 +37,8 @@ void qemuExtTPMCleanupHost(virDomainDefPtr def) int qemuExtTPMStart(virQEMUDriverPtr driver, virDomainObjPtr vm, - qemuDomainLogContextPtr logCtxt) + qemuDomainLogContextPtr logCtxt, + bool incomingMigration) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) ATTRIBUTE_RETURN_CHECK;