Signed-off-by: Jonathon Jongsma <[email protected]>
---
src/hyperv/hyperv_driver.c | 32 +++++++++++++++++++++++++++
src/hyperv/hyperv_wmi.c | 26 ++++++++++++++++++++++
src/hyperv/hyperv_wmi.h | 4 ++++
src/hyperv/hyperv_wmi_generator.input | 9 ++++++++
4 files changed, 71 insertions(+)
diff --git a/src/hyperv/hyperv_driver.c b/src/hyperv/hyperv_driver.c
index b01b4919fe..7cc67129cd 100644
--- a/src/hyperv/hyperv_driver.c
+++ b/src/hyperv/hyperv_driver.c
@@ -200,6 +200,22 @@ hypervGetOperatingSystem(hypervPrivate *priv,
Win32_OperatingSystem **operatingS
}
+static int
+hypervDomainGetTPMEnabled(hypervPrivate *priv,
+ const char *id,
+ bool *enabled)
+{
+ g_autoptr(Msvm_SecuritySettingData) securitySD = NULL;
+
+ if (hypervGetSecuritySD(priv, id, &securitySD) < 0)
+ return -1;
+
+ VIR_DEBUG("Getting TPM state for '%s': %u", id,
securitySD->data->TpmEnabled);
+ *enabled = securitySD->data->TpmEnabled;
+ return 0;
+}
+
+
static int
hypervRequestStateChange(virDomainPtr domain, int state)
{
@@ -2651,6 +2667,7 @@ hypervDomainGetXMLDesc(virDomainPtr domain, unsigned int
flags)
g_autoptr(Msvm_SerialPortSettingData) spsd = NULL;
Msvm_ResourceAllocationSettingData *serialDevices = NULL;
g_autoptr(Msvm_EthernetPortAllocationSettingData) nets = NULL;
+ bool tpmEnabled = false;
virCheckFlags(VIR_DOMAIN_XML_COMMON_FLAGS, NULL);
@@ -2791,6 +2808,21 @@ hypervDomainGetXMLDesc(virDomainPtr domain, unsigned int
flags)
if (hypervDomainDefParseEthernet(domain, def, nets) < 0)
return NULL;
+ if (hypervDomainGetTPMEnabled(priv,
virtualSystemSettingData->data->InstanceID, &tpmEnabled) == 0
+ && tpmEnabled) {
+ virDomainTPMDef* tpm = NULL;
+
+ if (!def->tpms) {
+ def->tpms = g_new0(virDomainTPMDef *, 1);
+ }
+
+ tpm = g_new0(virDomainTPMDef, 1);
+ tpm->model = VIR_DOMAIN_TPM_MODEL_DEFAULT;
+ tpm->type = VIR_DOMAIN_TPM_TYPE_EMULATOR;
+
+ def->tpms[def->ntpms++] = tpm;
+ }
+
/* XXX xmlopts must be non-NULL */
return virDomainDefFormat(def, NULL,
virDomainDefFormatConvertXMLFlags(flags));
}
diff --git a/src/hyperv/hyperv_wmi.c b/src/hyperv/hyperv_wmi.c
index 7ae3afc40a..1cf442dad3 100644
--- a/src/hyperv/hyperv_wmi.c
+++ b/src/hyperv/hyperv_wmi.c
@@ -1625,3 +1625,29 @@ hypervMsvmVSMSModifyResourceSettings(hypervPrivate *priv,
return 0;
}
+
+
+int
+hypervGetSecuritySD(hypervPrivate *priv,
+ const char *vssd_instanceid,
+ Msvm_SecuritySettingData **data)
+{
+ g_auto(virBuffer) query = VIR_BUFFER_INITIALIZER;
+
+ virBufferEscapeSQL(&query,
+ "ASSOCIATORS OF
{Msvm_VirtualSystemSettingData.InstanceID='%s'} "
+ "WHERE ResultClass = Msvm_SecuritySettingData",
+ vssd_instanceid);
+
+ if (hypervGetWmiClass(Msvm_SecuritySettingData, data) < 0)
+ return -1;
+
+ if (!*data) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Could not look up security setting data with virtual
system instance ID '%1$s'"),
+ vssd_instanceid);
+ return -1;
+ }
+
+ return 0;
+}
diff --git a/src/hyperv/hyperv_wmi.h b/src/hyperv/hyperv_wmi.h
index 65b1211b89..0f8cfb30bc 100644
--- a/src/hyperv/hyperv_wmi.h
+++ b/src/hyperv/hyperv_wmi.h
@@ -269,6 +269,10 @@ int hypervImageManagementServiceGetVHDSD(hypervPrivate
*priv,
const char *vhdPath,
WsXmlDocH *settingDataDoc);
+int hypervGetSecuritySD(hypervPrivate *priv,
+ const char *vssd_instanceid,
+ Msvm_SecuritySettingData **data);
+
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* Msvm_VirtualSystemManagementService
*/
diff --git a/src/hyperv/hyperv_wmi_generator.input
b/src/hyperv/hyperv_wmi_generator.input
index 017b7a0fa5..b3cd9d19fb 100644
--- a/src/hyperv/hyperv_wmi_generator.input
+++ b/src/hyperv/hyperv_wmi_generator.input
@@ -1252,3 +1252,12 @@ class Win32_DiskDrive
uint64 TotalTracks
uint32 TracksPerCylinder
end
+
+class Msvm_SecuritySettingData
+ boolean TpmEnabled
+ boolean KsdEnabled
+ boolean ShieldingRequested
+ boolean DataProtectionRequested
+ boolean EncryptStateAndVmMigrationTraffic
+ boolean VirtualizationBasedSecurityOptOut
+end
--
2.53.0
