This patch adds the 'papr-pef' launch security type for the QEMU
driver.
Signed-off-by: Daniel Henrique Barboza <danielhb413@xxxxxxxxx>
---
docs/schemas/domaincommon.rng | 1 +
src/conf/domain_conf.c | 3 +++
src/conf/domain_conf.h | 1 +
src/qemu/qemu_command.c | 26 ++++++++++++++++++++++++++
src/qemu/qemu_namespace.c | 1 +
src/qemu/qemu_process.c | 1 +
src/qemu/qemu_validate.c | 8 ++++++++
7 files changed, 41 insertions(+)
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 029ae7b1d4..e0fc18889a 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -486,6 +486,7 @@
<choice>
<value>sev</value>
<value>s390-pv</value>
+ <value>papr-pef</value>
</choice>
</attribute>
<interleave>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 9a9aea94d9..838386e6b7 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1402,6 +1402,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
"",
"sev",
"s390-pv",
+ "papr-pef",
);
static virClass *virDomainObjClass;
@@ -14781,6 +14782,7 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode,
return NULL;
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
@@ -26884,6 +26886,7 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
}
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF:
virBufferAsprintf(buf, "<launchSecurity type='%s'/>\n",
virDomainLaunchSecurityTypeToString(sec->sectype));
break;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 37d0085699..e0731f7025 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2644,6 +2644,7 @@ typedef enum {
VIR_DOMAIN_LAUNCH_SECURITY_NONE,
VIR_DOMAIN_LAUNCH_SECURITY_SEV,
VIR_DOMAIN_LAUNCH_SECURITY_PV,
+ VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF,
VIR_DOMAIN_LAUNCH_SECURITY_LAST,
} virDomainLaunchSecurity;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index dcf7c61ef5..46e4bd555f 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6930,6 +6930,9 @@ qemuBuildMachineCommandLine(virCommand *cmd,
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
virBufferAddLit(&buf, ",confidential-guest-support=pv0");
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF:
+ virBufferAddLit(&buf, ",confidential-guest-support=pef0");
+ break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
@@ -9837,6 +9840,26 @@ qemuBuildPVCommandLine(virDomainObj *vm, virCommand *cmd)
}
+static int
+qemuBuildPaprPEFCommandLine(virDomainObj *vm, virCommand *cmd)
+{
+ g_autoptr(virJSONValue) props = NULL;
+ g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
+ qemuDomainObjPrivate *priv = vm->privateData;
+
+ if (qemuMonitorCreateObjectProps(&props, "pef-guest", "pef0",
+ NULL) < 0)
+ return -1;
+
+ if (qemuBuildObjectCommandlineFromJSON(&buf, props, priv->qemuCaps) < 0)
+ return -1;
+
+ virCommandAddArg(cmd, "-object");
+ virCommandAddArgBuffer(cmd, &buf);
+ return 0;
+}
+
+
static int
qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
virDomainSecDef *sec)
@@ -9851,6 +9874,9 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
return qemuBuildPVCommandLine(vm, cmd);
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF:
+ return qemuBuildPaprPEFCommandLine(vm, cmd);
+ break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 156ee84292..9d1b806872 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -608,6 +608,7 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm,
VIR_DEBUG("Set up launch security for SEV");
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF:
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 22f2278fcf..44951fd592 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6705,6 +6705,7 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainObj *vm)
case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
return qemuProcessPrepareSEVGuestInput(vm, sec);
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+ case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF:
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 462bf7b23d..030558ea98 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1232,6 +1232,14 @@ qemuValidateDomainDef(const virDomainDef *def,
return -1;
}
break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF:
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PAPR_PEF_GUEST)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("PAPR PEF launch security is not supported with "
+ "this QEMU binary"));
+ return -1;
+ }
+ break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
break;
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
--
2.31.1
