This patch series introduces the launch security type s390-pv. Specifying s390-pv as launch security type in an s390 domain prepares for running the guest in protected virtualization secure mode, also known as IBM Secure Execution. diff to v4: - changed rng to do the verification for every launchSecurity type - removed previously added XML fail tests - added domain capability documentation diff to v3: - rebased to current master - moved virDomainSEVDef into a union - improved XML formating for launchSecurity - use a shared id on the qemu cmd line for confidential-guest-support - added check for s390-pv host support into XML validation - changed from ignoring to failing if launchSecuroty child elements are provided for s390-pv - reduced test to a single failing test - add availability of s390-pv in domain capabilities diff to v2: - broke up previous patch one into three patches diff to v1: - rebased to current master - added verification check for confidential-guest-support capability Boris Fiuczynski (11): schemas: Refactor launch security conf: Rework SEV XML parse and format methods qemu: Make KVMSupportsSecureGuest capability available conf: Refactor launch security to allow more types qemu: Add s390-pv-guest capability conf: Add s390-pv as launch security type docs: Add s390-pv documentation conf: Add availability of s390-pv in domain capabilities docs: Add s390-pv in domain capabilities documentation qemu: Use common id lsec0 for launchSecurity qemu: Fix error code for SEV launchSecurity unsupported docs/formatdomain.rst | 7 + docs/formatdomaincaps.html.in | 10 ++ docs/kbase/s390_protected_virt.rst | 55 ++++++-- docs/schemas/domaincaps.rng | 9 ++ docs/schemas/domaincommon.rng | 79 ++++++----- src/conf/domain_capabilities.c | 1 + src/conf/domain_capabilities.h | 1 + src/conf/domain_conf.c | 130 ++++++++++++------ src/conf/domain_conf.h | 17 ++- src/conf/virconftypes.h | 2 + src/qemu/qemu_capabilities.c | 24 ++++ src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_cgroup.c | 4 +- src/qemu/qemu_command.c | 75 ++++++++-- src/qemu/qemu_driver.c | 3 +- src/qemu/qemu_firmware.c | 33 +++-- src/qemu/qemu_namespace.c | 21 ++- src/qemu/qemu_process.c | 35 ++++- src/qemu/qemu_validate.c | 32 ++++- src/security/security_dac.c | 6 +- tests/domaincapsdata/qemu_2.11.0.s390x.xml | 1 + tests/domaincapsdata/qemu_2.12.0.s390x.xml | 1 + tests/domaincapsdata/qemu_3.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.0.0.s390x.xml | 1 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 + tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 + tests/domaincapsmock.c | 17 +++ .../launch-security-s390-pv.xml | 18 +++ tests/genericxml2xmltest.c | 1 + .../qemucapabilitiesdata/caps_6.0.0.s390x.xml | 1 + .../launch-security-s390-pv.s390x-latest.args | 35 +++++ .../launch-security-s390-pv.xml | 30 ++++ ...v-missing-platform-info.x86_64-2.12.0.args | 4 +- .../launch-security-sev.x86_64-2.12.0.args | 4 +- .../launch-security-sev.x86_64-6.0.0.args | 4 +- tests/qemuxml2argvmock.c | 16 +++ tests/qemuxml2argvtest.c | 2 + 38 files changed, 552 insertions(+), 135 deletions(-) create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv.xml create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.xml -- 2.31.1