Hi
On Thu, Sep 19, 2024 at 10:05 PM Stefan Berger <stefanb@xxxxxxxxxxxxx> wrote:
>
> Extend the schema for the TPM emulator profile node. Require that
> the profile the user provides looks like a JSON map that at least
> starts with '{' and ends with '}'.
>
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
> ---
> src/conf/schemas/basictypes.rng | 6 ++++++
> src/conf/schemas/domaincommon.rng | 17 +++++++++++++++++
> 2 files changed, 23 insertions(+)
>
> diff --git a/src/conf/schemas/basictypes.rng b/src/conf/schemas/basictypes.rng
> index 2931e316b7..06df0fe67e 100644
> --- a/src/conf/schemas/basictypes.rng
> +++ b/src/conf/schemas/basictypes.rng
> @@ -677,4 +677,10 @@
> </element>
> </define>
>
> + <define name="JSONMap">
> + <data type="string">
> + <param name="pattern">\{.*\}</param>
> + </data>
> + </define>
It's unfortunate, but I think this should rather be XML and converted
to JSON internally (after all, that's part of what libvirt does with
QEMU configuration, somehow)
if there is a precedent for such mixing of languages, and it's
acceptable I am okay with it too
> +
> </grammar>
> diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
> index efb5f00d77..f80a6afc06 100644
> --- a/src/conf/schemas/domaincommon.rng
> +++ b/src/conf/schemas/domaincommon.rng
> @@ -5923,6 +5923,7 @@
> <interleave>
> <ref name="tpm-backend-emulator-encryption"/>
> <ref name="tpm-backend-emulator-active-pcr-banks"/>
> + <ref name="tpm-backend-emulator-profile"/>
> </interleave>
> <optional>
> <attribute name="persistent_state">
> @@ -6020,6 +6021,22 @@
> </optional>
> </define>
>
> + <define name="tpm-backend-emulator-profile">
> + <optional>
> + <element name="profile">
> + <optional>
> + <attribute name="remove_disabled">
> + <choice>
> + <value>check</value>
> + <value>fips-host</value>
> + </choice>
> + </attribute>
> + </optional>
> + <ref name="JSONMap"/>
> + </element>
> + </optional>
> + </define>
> +
> <define name="vsock">
> <element name="vsock">
> <optional>
> --
> 2.46.0
>
