Extend the schema for the TPM emulator profile node. Require that the
profile the user provides is described in a 'source' attribute. An optional
remove_disabled attribute is also supported for swtpm to automatically
remove algorithms from the 'custom' profile if they are disabled by FIPS
mode on the host.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/conf/schemas/domaincommon.rng | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 8360eeae3f..d94ff9b4c3 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -5924,6 +5924,7 @@
<ref name="tpm-backend-emulator-encryption"/>
<ref name="tpm-backend-emulator-active-pcr-banks"/>
<ref name="tpm-backend-emulator-source"/>
+ <ref name="tpm-backend-emulator-profile"/>
</interleave>
<optional>
<attribute name="persistent_state">
@@ -6046,6 +6047,30 @@
</optional>
</define>
+ <define name="profileName">
+ <data type="string">
+ <param name="pattern">[A-Za-z0-9.\-:]+</param>
+ </data>
+ </define>
+
+ <define name="tpm-backend-emulator-profile">
+ <optional>
+ <element name="profile">
+ <attribute name="source">
+ <ref name="profileName"/>
+ </attribute>
+ <optional>
+ <attribute name="remove_disabled">
+ <choice>
+ <value>check</value>
+ <value>fips-host</value>
+ </choice>
+ </attribute>
+ </optional>
+ </element>
+ </optional>
+ </define>
+
<define name="vsock">
<element name="vsock">
<optional>
--
2.47.0