cli: Add --tpm active_pcr_banks support

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2025-02-25 18:55:27 -06:00 · 2022-02-03 16:33:08 -05:00
parent 216dc6e4e1
commit 6baa327d67
4 changed files with 34 additions and 2 deletions
--- a/tests/data/cli/compare/virt-install-singleton-config-2.xml
+++ b/tests/data/cli/compare/virt-install-singleton-config-2.xml
@@ -214,6 +214,12 @@
        <device path="/dev/tpm0"/>
        <encryption secret="11111111-2222-3333-4444-5555555555"/>
      </backend>
+      <active_pcr_banks>
+        <sha1/>
+        <sha256/>
+        <sha384/>
+        <sha512/>
+      </active_pcr_banks>
    </tpm>
    <graphics type="vnc" port="-1"/>
    <video>
@@ -502,6 +508,12 @@
        <device path="/dev/tpm0"/>
        <encryption secret="11111111-2222-3333-4444-5555555555"/>
      </backend>
+      <active_pcr_banks>
+        <sha1/>
+        <sha256/>
+        <sha384/>
+        <sha512/>
+      </active_pcr_banks>
    </tpm>
    <graphics type="vnc" port="-1"/>
    <video>
--- a/tests/test_cli.py
+++ b/tests/test_cli.py
@@ -563,7 +563,7 @@ memnode0.cellid=1,memnode0.mode=strict,memnode0.nodeset=2
 --filesystem /foo/source,/bar/target,fmode=0123,dmode=0345
 --memballoon virtio,autodeflate=on,stats.period=10,freePageReporting=on
 --watchdog ib700,action=pause
--tpm passthrough,model=tpm-crb,path=/dev/tpm0,backend.encryption.secret=11111111-2222-3333-4444-5555555555,backend.persistent_state=yes
+--tpm passthrough,model=tpm-crb,path=/dev/tpm0,backend.encryption.secret=11111111-2222-3333-4444-5555555555,backend.persistent_state=yes,active_pcr_banks.sha1=on,active_pcr_banks.sha256=yes,active_pcr_banks.sha384=yes,active_pcr_banks.sha512=yes
 --rng egd,backend_host=127.0.0.1,backend_service=8000,backend_type=udp,backend_mode=bind,backend_connect_host=foo,backend_connect_service=708,rate.bytes=1234,rate.period=1000,model=virtio
 --panic iobase=0x506
 --shmem shmem0,role=master,model.type=ivshmem-plain,size=8,size.unit=M
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -4116,6 +4116,15 @@ class ParserTPM(VirtCLIParser):
        cls.add_arg("backend.persistent_state",
                    "persistent_state", is_onoff=True)

+        cls.add_arg("active_pcr_banks.sha1",
+                    "active_pcr_banks.sha1", is_onoff=True)
+        cls.add_arg("active_pcr_banks.sha256",
+                    "active_pcr_banks.sha256", is_onoff=True)
+        cls.add_arg("active_pcr_banks.sha384",
+                    "active_pcr_banks.sha384", is_onoff=True)
+        cls.add_arg("active_pcr_banks.sha512",
+                    "active_pcr_banks.sha512", is_onoff=True)
+

 #################
 # --rng parsing #
--- a/virtinst/devices/tpm.py
+++ b/virtinst/devices/tpm.py
@@ -6,7 +6,16 @@
 # See the COPYING file in the top-level directory.

 from .device import Device
-from ..xmlbuilder import XMLProperty
+from ..xmlbuilder import XMLBuilder, XMLChildProperty, XMLProperty
+
+
+class _ActivePCRBanks(XMLBuilder):
+    XML_NAME = "active_pcr_banks"
+
+    sha1 = XMLProperty("./sha1", is_bool=True)
+    sha256 = XMLProperty("./sha256", is_bool=True)
+    sha384 = XMLProperty("./sha384", is_bool=True)
+    sha512 = XMLProperty("./sha512", is_bool=True)


 class DeviceTpm(Device):
@@ -33,6 +42,8 @@ class DeviceTpm(Device):
    persistent_state = XMLProperty(
            "./backend/@persistent_state", is_yesno=True)

+    active_pcr_banks = XMLChildProperty(_ActivePCRBanks, is_single=True)
+

    ##################
    # Default config #