On Tue, Jun 22, 2021 at 03:10:43PM +0200, Boris Fiuczynski wrote: > This patch series introduces the launch security type s390-pv. > Specifying s390-pv as launch security type in an s390 domain prepares for > running the guest in protected virtualization secure mode, also known as > IBM Secure Execution. > > diff to v2: > - Broke up previous patch one into three patches > > diff to v1: > - Rebased to current master > - Added verification check for confidential-guest-support capability > > Boris Fiuczynski (6): > schemas: Make SEV policy on launch security optional > conf: modernize SEV XML parse and format methods > conf: refactor launch security to allow more types > qemu: add s390-pv-guest capability > conf: add s390-pv as launch security type > docs: add s390-pv documentation Overall looks good. Please add one more patch which would export the availability of s390-pv in domain capabilities the like we do for SEV. Pavel > > docs/formatdomain.rst | 7 + > docs/kbase/s390_protected_virt.rst | 55 ++++++- > docs/schemas/domaincommon.rng | 13 +- > src/conf/domain_conf.c | 155 +++++++++++------- > src/conf/domain_conf.h | 14 +- > src/conf/virconftypes.h | 2 + > src/qemu/qemu_capabilities.c | 2 + > src/qemu/qemu_capabilities.h | 1 + > src/qemu/qemu_cgroup.c | 4 +- > src/qemu/qemu_command.c | 70 +++++++- > src/qemu/qemu_driver.c | 3 +- > src/qemu/qemu_firmware.c | 34 ++-- > src/qemu/qemu_namespace.c | 21 ++- > src/qemu/qemu_process.c | 34 +++- > src/qemu/qemu_validate.c | 31 +++- > src/security/security_dac.c | 6 +- > .../launch-security-s390-pv-ignore-policy.xml | 24 +++ > .../launch-security-s390-pv.xml | 18 ++ > .../launch-security-s390-pv-ignore-policy.xml | 1 + > tests/genericxml2xmltest.c | 2 + > .../qemucapabilitiesdata/caps_6.0.0.s390x.xml | 1 + > ...ty-s390-pv-ignore-policy.s390x-latest.args | 35 ++++ > .../launch-security-s390-pv-ignore-policy.xml | 33 ++++ > .../launch-security-s390-pv.s390x-latest.args | 35 ++++ > .../launch-security-s390-pv.xml | 30 ++++ > ...urity-sev-missing-policy.x86_64-2.12.0.err | 1 + > .../launch-security-sev-missing-policy.xml | 34 ++++ > tests/qemuxml2argvtest.c | 4 + > 28 files changed, 562 insertions(+), 108 deletions(-) > create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml > create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv.xml > create mode 120000 tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml > create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args > create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml > create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args > create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.xml > create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12.0.err > create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml > > -- > 2.30.2 >
Attachment:
signature.asc
Description: PGP signature