From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 734741FF391
	for <inbox@lore.proxmox.com>; Thu, 27 Jun 2024 13:03:43 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 8937213D27;
	Thu, 27 Jun 2024 13:03:54 +0200 (CEST)
From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Thu, 27 Jun 2024 13:03:17 +0200
Message-Id: <20240627110317.23787-4-f.ebner@proxmox.com>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20240627110317.23787-1-f.ebner@proxmox.com>
References: <20240627110317.23787-1-f.ebner@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.063 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH qemu-server 3/3] fix #5563: api: update vm:
 prohibit changing version of TPM state
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

After the TPM state has been created (to be precise, initialized by
swtpm) it is not possible to change the version anymore. Doing so will
lead to failure starting the associated VM. While documented in the
description, it's better to enforce this via API.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
 PVE/API2/Qemu.pm | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 0c3f451a..74143856 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -314,6 +314,24 @@ my $import_from_volid = sub {
     return $cloned->@{qw(file size)};
 };
 
+my sub prohibit_tpm_version_change {
+    my ($old, $new) = @_;
+
+    return if !$old || !$new;
+
+    my $old_drive = PVE::QemuServer::parse_drive('tpmstate0', $old);
+    my $new_drive = PVE::QemuServer::parse_drive('tpmstate0', $new);
+
+    return if $old_drive->{file} ne $new_drive->{file};
+
+    my $old_version = $old_drive->{version} // 'v1.2';
+    my $new_version = $new_drive->{version} // 'v1.2';
+
+    die "cannot change TPM state version after creation\n" if $old_version ne $new_version;
+
+    return;
+}
+
 # Note: $pool is only needed when creating a VM, because pool permissions
 # are automatically inherited if VM already exists inside a pool.
 my sub create_disks : prototype($$$$$$$$$$) {
@@ -1930,6 +1948,7 @@ my $update_vm_api  = sub {
 		    # old drive
 		    if ($conf->{$opt}) {
 			$check_drive_perms->($opt, $conf->{$opt});
+			prohibit_tpm_version_change($conf->{$opt}, $param->{$opt}) if $opt eq 'tpmstate0';
 		    }
 
 		    # new drive
-- 
2.39.2



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel