[PATCH 3/5] conf, qemu: add 'papr-pef' launch security type

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch adds the 'papr-pef' launch security type for the QEMU
driver.

Signed-off-by: Daniel Henrique Barboza <danielhb413@xxxxxxxxx>
---
 docs/schemas/domaincommon.rng |  1 +
 src/conf/domain_conf.c        |  3 +++
 src/conf/domain_conf.h        |  1 +
 src/qemu/qemu_command.c       | 26 ++++++++++++++++++++++++++
 src/qemu/qemu_namespace.c     |  1 +
 src/qemu/qemu_process.c       |  1 +
 src/qemu/qemu_validate.c      |  8 ++++++++
 7 files changed, 41 insertions(+)

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 029ae7b1d4..e0fc18889a 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -486,6 +486,7 @@
         <choice>
           <value>sev</value>
           <value>s390-pv</value>
+          <value>papr-pef</value>
         </choice>
       </attribute>
       <interleave>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 9a9aea94d9..838386e6b7 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1402,6 +1402,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity,
               "",
               "sev",
               "s390-pv",
+              "papr-pef",
 );
 
 static virClass *virDomainObjClass;
@@ -14781,6 +14782,7 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode,
             return NULL;
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+    case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF:
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
     case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
@@ -26884,6 +26886,7 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
     }
 
     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+    case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF:
         virBufferAsprintf(buf, "<launchSecurity type='%s'/>\n",
                           virDomainLaunchSecurityTypeToString(sec->sectype));
         break;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 37d0085699..e0731f7025 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2644,6 +2644,7 @@ typedef enum {
     VIR_DOMAIN_LAUNCH_SECURITY_NONE,
     VIR_DOMAIN_LAUNCH_SECURITY_SEV,
     VIR_DOMAIN_LAUNCH_SECURITY_PV,
+    VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF,
 
     VIR_DOMAIN_LAUNCH_SECURITY_LAST,
 } virDomainLaunchSecurity;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index dcf7c61ef5..46e4bd555f 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6930,6 +6930,9 @@ qemuBuildMachineCommandLine(virCommand *cmd,
         case VIR_DOMAIN_LAUNCH_SECURITY_PV:
             virBufferAddLit(&buf, ",confidential-guest-support=pv0");
             break;
+        case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF:
+            virBufferAddLit(&buf, ",confidential-guest-support=pef0");
+            break;
         case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
             break;
         case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
@@ -9837,6 +9840,26 @@ qemuBuildPVCommandLine(virDomainObj *vm, virCommand *cmd)
 }
 
 
+static int
+qemuBuildPaprPEFCommandLine(virDomainObj *vm, virCommand *cmd)
+{
+    g_autoptr(virJSONValue) props = NULL;
+    g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
+    qemuDomainObjPrivate *priv = vm->privateData;
+
+    if (qemuMonitorCreateObjectProps(&props, "pef-guest", "pef0",
+                                     NULL) < 0)
+        return -1;
+
+    if (qemuBuildObjectCommandlineFromJSON(&buf, props, priv->qemuCaps) < 0)
+        return -1;
+
+    virCommandAddArg(cmd, "-object");
+    virCommandAddArgBuffer(cmd, &buf);
+    return 0;
+}
+
+
 static int
 qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
                         virDomainSecDef *sec)
@@ -9851,6 +9874,9 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd,
     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
         return qemuBuildPVCommandLine(vm, cmd);
         break;
+    case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF:
+        return qemuBuildPaprPEFCommandLine(vm, cmd);
+        break;
     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 156ee84292..9d1b806872 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -608,6 +608,7 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm,
         VIR_DEBUG("Set up launch security for SEV");
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+    case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF:
     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 22f2278fcf..44951fd592 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6705,6 +6705,7 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainObj *vm)
     case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
         return qemuProcessPrepareSEVGuestInput(vm, sec);
     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
+    case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF:
     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 462bf7b23d..030558ea98 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1232,6 +1232,14 @@ qemuValidateDomainDef(const virDomainDef *def,
                 return -1;
             }
             break;
+        case VIR_DOMAIN_LAUNCH_SECURITY_PAPR_PEF:
+            if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PAPR_PEF_GUEST)) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("PAPR PEF launch security is not supported with "
+                                 "this QEMU binary"));
+                return -1;
+            }
+            break;
         case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
             break;
         case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
-- 
2.31.1




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux