On 11/13/24 18:39, Stefan Berger wrote: > Extend the schema for the TPM emulator profile node. Require that the > profile the user provides is described in a 'source' attribute. An optional > remove_disabled attribute is also supported for swtpm to automatically > remove algorithms from the 'custom' profile if they are disabled by FIPS > mode on the host. > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> > --- > src/conf/schemas/domaincommon.rng | 25 +++++++++++++++++++++++++ > 1 file changed, 25 insertions(+) > > diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng > index 8360eeae3f..d94ff9b4c3 100644 > --- a/src/conf/schemas/domaincommon.rng > +++ b/src/conf/schemas/domaincommon.rng > @@ -5924,6 +5924,7 @@ > <ref name="tpm-backend-emulator-encryption"/> > <ref name="tpm-backend-emulator-active-pcr-banks"/> > <ref name="tpm-backend-emulator-source"/> > + <ref name="tpm-backend-emulator-profile"/> > </interleave> > <optional> > <attribute name="persistent_state"> > @@ -6046,6 +6047,30 @@ > </optional> > </define> > > + <define name="profileName"> > + <data type="string"> > + <param name="pattern">[A-Za-z0-9.\-:]+</param> > + </data> > + </define> > + > + <define name="tpm-backend-emulator-profile"> > + <optional> > + <element name="profile"> > + <attribute name="source"> > + <ref name="profileName"/> > + </attribute> > + <optional> > + <attribute name="remove_disabled"> How about "removeDisabled" instead? I think camelCase is preferred when it comes to multiple worded attributes. > + <choice> > + <value>check</value> > + <value>fips-host</value> > + </choice> > + </attribute> > + </optional> > + </element> > + </optional> > + </define> > + > <define name="vsock"> > <element name="vsock"> > <optional> Michal