[PATCH v5 00/11] Support for launchSecurity type s390-pv

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch series introduces the launch security type s390-pv.
Specifying s390-pv as launch security type in an s390 domain prepares for
running the guest in protected virtualization secure mode, also known as
IBM Secure Execution.

diff to v4:
 - changed rng to do the verification for every launchSecurity type
 - removed previously added XML fail tests
 - added domain capability documentation

diff to v3:
 - rebased to current master
 - moved virDomainSEVDef into a union
 - improved XML formating for launchSecurity
 - use a shared id on the qemu cmd line for confidential-guest-support
 - added check for s390-pv host support into XML validation
 - changed from ignoring to failing if launchSecuroty child elements are provided for s390-pv
 - reduced test to  a single failing test
 - add availability of s390-pv in domain capabilities

diff to v2:
 - broke up previous patch one into three patches

diff to v1:
 - rebased to current master
 - added verification check for confidential-guest-support capability

Boris Fiuczynski (11):
  schemas: Refactor launch security
  conf: Rework SEV XML parse and format methods
  qemu: Make KVMSupportsSecureGuest capability available
  conf: Refactor launch security to allow more types
  qemu: Add s390-pv-guest capability
  conf: Add s390-pv as launch security type
  docs: Add s390-pv documentation
  conf: Add availability of s390-pv in domain capabilities
  docs: Add s390-pv in domain capabilities documentation
  qemu: Use common id lsec0 for launchSecurity
  qemu: Fix error code for SEV launchSecurity unsupported

 docs/formatdomain.rst                         |   7 +
 docs/formatdomaincaps.html.in                 |  10 ++
 docs/kbase/s390_protected_virt.rst            |  55 ++++++--
 docs/schemas/domaincaps.rng                   |   9 ++
 docs/schemas/domaincommon.rng                 |  79 ++++++-----
 src/conf/domain_capabilities.c                |   1 +
 src/conf/domain_capabilities.h                |   1 +
 src/conf/domain_conf.c                        | 130 ++++++++++++------
 src/conf/domain_conf.h                        |  17 ++-
 src/conf/virconftypes.h                       |   2 +
 src/qemu/qemu_capabilities.c                  |  24 ++++
 src/qemu/qemu_capabilities.h                  |   4 +
 src/qemu/qemu_cgroup.c                        |   4 +-
 src/qemu/qemu_command.c                       |  75 ++++++++--
 src/qemu/qemu_driver.c                        |   3 +-
 src/qemu/qemu_firmware.c                      |  33 +++--
 src/qemu/qemu_namespace.c                     |  21 ++-
 src/qemu/qemu_process.c                       |  35 ++++-
 src/qemu/qemu_validate.c                      |  32 ++++-
 src/security/security_dac.c                   |   6 +-
 tests/domaincapsdata/qemu_2.11.0.s390x.xml    |   1 +
 tests/domaincapsdata/qemu_2.12.0.s390x.xml    |   1 +
 tests/domaincapsdata/qemu_3.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_4.0.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_4.2.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_5.2.0.s390x.xml     |   1 +
 tests/domaincapsdata/qemu_6.0.0.s390x.xml     |   1 +
 tests/domaincapsmock.c                        |  17 +++
 .../launch-security-s390-pv.xml               |  18 +++
 tests/genericxml2xmltest.c                    |   1 +
 .../qemucapabilitiesdata/caps_6.0.0.s390x.xml |   1 +
 .../launch-security-s390-pv.s390x-latest.args |  35 +++++
 .../launch-security-s390-pv.xml               |  30 ++++
 ...v-missing-platform-info.x86_64-2.12.0.args |   4 +-
 .../launch-security-sev.x86_64-2.12.0.args    |   4 +-
 .../launch-security-sev.x86_64-6.0.0.args     |   4 +-
 tests/qemuxml2argvmock.c                      |  16 +++
 tests/qemuxml2argvtest.c                      |   2 +
 38 files changed, 552 insertions(+), 135 deletions(-)
 create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv.xml
 create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
 create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.xml

-- 
2.31.1




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux