This patch series introduces the launch security type s390-pv. Specifying s390-pv as launch security type in an s390 domain prepares for running the guest in protected virtualization secure mode, also known as IBM Secure Execution. diff to v2: - Broke up previous patch one into three patches diff to v1: - Rebased to current master - Added verification check for confidential-guest-support capability Boris Fiuczynski (6): schemas: Make SEV policy on launch security optional conf: modernize SEV XML parse and format methods conf: refactor launch security to allow more types qemu: add s390-pv-guest capability conf: add s390-pv as launch security type docs: add s390-pv documentation docs/formatdomain.rst | 7 + docs/kbase/s390_protected_virt.rst | 55 ++++++- docs/schemas/domaincommon.rng | 13 +- src/conf/domain_conf.c | 155 +++++++++++------- src/conf/domain_conf.h | 14 +- src/conf/virconftypes.h | 2 + src/qemu/qemu_capabilities.c | 2 + src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_cgroup.c | 4 +- src/qemu/qemu_command.c | 70 +++++++- src/qemu/qemu_driver.c | 3 +- src/qemu/qemu_firmware.c | 34 ++-- src/qemu/qemu_namespace.c | 21 ++- src/qemu/qemu_process.c | 34 +++- src/qemu/qemu_validate.c | 31 +++- src/security/security_dac.c | 6 +- .../launch-security-s390-pv-ignore-policy.xml | 24 +++ .../launch-security-s390-pv.xml | 18 ++ .../launch-security-s390-pv-ignore-policy.xml | 1 + tests/genericxml2xmltest.c | 2 + .../qemucapabilitiesdata/caps_6.0.0.s390x.xml | 1 + ...ty-s390-pv-ignore-policy.s390x-latest.args | 35 ++++ .../launch-security-s390-pv-ignore-policy.xml | 33 ++++ .../launch-security-s390-pv.s390x-latest.args | 35 ++++ .../launch-security-s390-pv.xml | 30 ++++ ...urity-sev-missing-policy.x86_64-2.12.0.err | 1 + .../launch-security-sev-missing-policy.xml | 34 ++++ tests/qemuxml2argvtest.c | 4 + 28 files changed, 562 insertions(+), 108 deletions(-) create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv.xml create mode 120000 tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.xml create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12.0.err create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml -- 2.30.2
