Hi, This is the implementation of ppc64 secure guest execution, known as PAPR-PEF. This implementation is based on the new confidential-guest-support machine option that is available in QEMU 6.0.0. The patches were done on top of Boris s390-pv patches that were sent by review [1] given that Boris provided a common base for new security launches there. The series is also available in gitlab: https://gitlab.com/danielhb/libvirt/-/tree/papr_pef_v1 Note: If someone wishes to give this series a try, considering that you have a host with proper PowerPC PEF hardware, be aware that there is a QEMU bug in which launching a PAPR-PEF guest will trigger an early assert [2]. The fix is not merged upstream at the moment of this posting, so you'll need to apply the patch yourself or build QEMU using David Gibson's ppc-for-6.1 tree [3]. [1] https://listman.redhat.com/archives/libvir-list/2021-May/msg00570.html [2] https://lists.gnu.org/archive/html/qemu-devel/2021-05/msg08491.html [3] https://gitlab.com/dgibson/qemu/-/tree/ppc-for-6.1 Daniel Henrique Barboza (5): tests: Add QEMU and domain ppc64 capapbilities for qemu 6.1 qemu: add 'pef-guest' capability conf, qemu: add 'papr-pef' launch security type tests: add tests for 'papr-pef' support docs/formatdomain.rst: add 'papr-pef' launchSecurity docs docs/formatdomain.rst | 4 + docs/schemas/domaincommon.rng | 1 + src/conf/domain_conf.c | 3 + src/conf/domain_conf.h | 1 + src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 26 + src/qemu/qemu_namespace.c | 1 + src/qemu/qemu_process.c | 1 + src/qemu/qemu_validate.c | 8 + tests/domaincapsdata/qemu_6.1.0.ppc64.xml | 133 + .../launch-security-papr-pef.xml | 22 + tests/genericxml2xmltest.c | 1 + .../caps_6.1.0.ppc64.replies | 30368 ++++++++++++++++ .../qemucapabilitiesdata/caps_6.1.0.ppc64.xml | 1175 + ...default-video-type-ppc64.ppc64-latest.args | 5 +- ...y-papr-pef-ignore-policy.ppc64-latest.args | 30 + ...launch-security-papr-pef-ignore-policy.xml | 19 + ...launch-security-papr-pef.ppc64-latest.args | 30 + .../launch-security-papr-pef.xml | 16 + ...ault-cpu-kvm-pseries-2.7.ppc64-latest.args | 5 +- ...ault-cpu-kvm-pseries-3.1.ppc64-latest.args | 5 +- ...ault-cpu-kvm-pseries-4.2.ppc64-latest.args | 5 +- ...ault-cpu-tcg-pseries-2.7.ppc64-latest.args | 5 +- ...ault-cpu-tcg-pseries-3.1.ppc64-latest.args | 5 +- ...ault-cpu-tcg-pseries-4.2.ppc64-latest.args | 5 +- .../ppc64-pseries-graphics.ppc64-latest.args | 7 +- .../ppc64-pseries-headless.ppc64-latest.args | 7 +- .../ppc64-tpmproxy-single.ppc64-latest.args | 5 +- .../ppc64-tpmproxy-with-tpm.ppc64-latest.args | 5 +- .../tpm-emulator-spapr.ppc64-latest.args | 5 +- tests/qemuxml2argvtest.c | 3 + 32 files changed, 31871 insertions(+), 38 deletions(-) create mode 100644 tests/domaincapsdata/qemu_6.1.0.ppc64.xml create mode 100644 tests/genericxml2xmlindata/launch-security-papr-pef.xml create mode 100644 tests/qemucapabilitiesdata/caps_6.1.0.ppc64.replies create mode 100644 tests/qemucapabilitiesdata/caps_6.1.0.ppc64.xml create mode 100644 tests/qemuxml2argvdata/launch-security-papr-pef-ignore-policy.ppc64-latest.args create mode 100644 tests/qemuxml2argvdata/launch-security-papr-pef-ignore-policy.xml create mode 100644 tests/qemuxml2argvdata/launch-security-papr-pef.ppc64-latest.args create mode 100644 tests/qemuxml2argvdata/launch-security-papr-pef.xml -- 2.31.1
