[PATCH v3 0/6] Support for launchSecurity type s390-pv

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch series introduces the launch security type s390-pv.
Specifying s390-pv as launch security type in an s390 domain prepares for
running the guest in protected virtualization secure mode, also known as
IBM Secure Execution.

diff to v2:
 - Broke up previous patch one into three patches

diff to v1:
 - Rebased to current master
 - Added verification check for confidential-guest-support capability

Boris Fiuczynski (6):
  schemas: Make SEV policy on launch security optional
  conf: modernize SEV XML parse and format methods
  conf: refactor launch security to allow more types
  qemu: add s390-pv-guest capability
  conf: add s390-pv as launch security type
  docs: add s390-pv documentation

 docs/formatdomain.rst                         |   7 +
 docs/kbase/s390_protected_virt.rst            |  55 ++++++-
 docs/schemas/domaincommon.rng                 |  13 +-
 src/conf/domain_conf.c                        | 155 +++++++++++-------
 src/conf/domain_conf.h                        |  14 +-
 src/conf/virconftypes.h                       |   2 +
 src/qemu/qemu_capabilities.c                  |   2 +
 src/qemu/qemu_capabilities.h                  |   1 +
 src/qemu/qemu_cgroup.c                        |   4 +-
 src/qemu/qemu_command.c                       |  70 +++++++-
 src/qemu/qemu_driver.c                        |   3 +-
 src/qemu/qemu_firmware.c                      |  34 ++--
 src/qemu/qemu_namespace.c                     |  21 ++-
 src/qemu/qemu_process.c                       |  34 +++-
 src/qemu/qemu_validate.c                      |  31 +++-
 src/security/security_dac.c                   |   6 +-
 .../launch-security-s390-pv-ignore-policy.xml |  24 +++
 .../launch-security-s390-pv.xml               |  18 ++
 .../launch-security-s390-pv-ignore-policy.xml |   1 +
 tests/genericxml2xmltest.c                    |   2 +
 .../qemucapabilitiesdata/caps_6.0.0.s390x.xml |   1 +
 ...ty-s390-pv-ignore-policy.s390x-latest.args |  35 ++++
 .../launch-security-s390-pv-ignore-policy.xml |  33 ++++
 .../launch-security-s390-pv.s390x-latest.args |  35 ++++
 .../launch-security-s390-pv.xml               |  30 ++++
 ...urity-sev-missing-policy.x86_64-2.12.0.err |   1 +
 .../launch-security-sev-missing-policy.xml    |  34 ++++
 tests/qemuxml2argvtest.c                      |   4 +
 28 files changed, 562 insertions(+), 108 deletions(-)
 create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml
 create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv.xml
 create mode 120000 tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml
 create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args
 create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml
 create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
 create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.xml
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12.0.err
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml

-- 
2.30.2




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux