Extend the schema for the TPM emulator profile node. Require that the
profile the user provides is describe in a name attribute. An optional
remove_disabled attribute is also supported for swtpm to automatically
remove algorithms from the 'custom' profile if they are disabled by FIPS
mode on the host.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
---
src/conf/schemas/domaincommon.rng | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index efb5f00d77..29e45d47e9 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -5923,6 +5923,7 @@
<interleave>
<ref name="tpm-backend-emulator-encryption"/>
<ref name="tpm-backend-emulator-active-pcr-banks"/>
+ <ref name="tpm-backend-emulator-profile"/>
</interleave>
<optional>
<attribute name="persistent_state">
@@ -6020,6 +6021,30 @@
</optional>
</define>
+ <define name="profileName">
+ <data type="string">
+ <param name="pattern">[A-Za-z0-9\-\.]+</param>
+ </data>
+ </define>
+
+ <define name="tpm-backend-emulator-profile">
+ <optional>
+ <element name="profile">
+ <attribute name="name">
+ <ref name="profileName"/>
+ </attribute>
+ <optional>
+ <attribute name="remove_disabled">
+ <choice>
+ <value>check</value>
+ <value>fips-host</value>
+ </choice>
+ </attribute>
+ </optional>
+ </element>
+ </optional>
+ </define>
+
<define name="vsock">
<element name="vsock">
<optional>
--
2.46.1
