Pass new --locality and --flags parameters to swtpm

stefanberger · stefanberger · commit 78750b7af4ec · 2017-09-09T02:15:29.000+02:00
Pass new --locality reject-locality-4 parameter to swtpm so that any
attempts to choose locality 4 will fail. Also pass allow-set-locality
to allow the vTPM driver to set the locality.

The --flags not-need-init indicates that we don't need to send an
INIT via the control channel.

Signed-off-by: Stefan Berger &lt;stefanb@linux.vnet.ibm.com&gt;
diff --git a/libcontainer/vtpm/vtpm.go b/libcontainer/vtpm/vtpm.go
@@ -396,6 +396,7 @@ again:
 	if vtpm.Vtpmversion == VTPM_VERSION_2 {
 		cmd.Args = append(cmd.Args, "--tpm2")
 	}
+	cmd.Args = append(cmd.Args, "--locality", "reject-locality-4,allow-set-locality", "--flags", "not-need-init")
 	file := os.NewFile(uintptr(vtpm.fd), "[vtpm]")
 	cmd.ExtraFiles = append(cmd.ExtraFiles, file)
 

Original file line number	Diff line number	Diff line change
`@@ -396,6 +396,7 @@ again:`
`396`	`396`	`if vtpm.Vtpmversion == VTPM_VERSION_2 {`
`397`	`397`	`cmd.Args = append(cmd.Args, "--tpm2")`
`398`	`398`	`}`
	`399`	`+ cmd.Args = append(cmd.Args, "--locality", "reject-locality-4,allow-set-locality", "--flags", "not-need-init")`
`399`	`400`	`file := os.NewFile(uintptr(vtpm.fd), "[vtpm]")`
`400`	`401`	`cmd.ExtraFiles = append(cmd.ExtraFiles, file)`
`401`	`402`