Hi
On Thu, Sep 19, 2024 at 10:05 PM Stefan Berger <stefanb(a)linux.ibm.com> wrote:
Extend the schema for the TPM emulator profile node. Require that
the profile the user provides looks like a JSON map that at least
starts with '{' and ends with '}'.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
src/conf/schemas/basictypes.rng | 6 ++++++
src/conf/schemas/domaincommon.rng | 17 +++++++++++++++++
2 files changed, 23 insertions(+)
diff --git a/src/conf/schemas/basictypes.rng b/src/conf/schemas/basictypes.rng
index 2931e316b7..06df0fe67e 100644
--- a/src/conf/schemas/basictypes.rng
+++ b/src/conf/schemas/basictypes.rng
@@ -677,4 +677,10 @@
</element>
</define>
+ <define name="JSONMap">
+ <data type="string">
+ <param name="pattern">\{.*\}</param>
+ </data>
+ </define>
It's unfortunate, but I think this should rather be XML and converted
to JSON internally (after all, that's part of what libvirt does with
QEMU configuration, somehow)
if there is a precedent for such mixing of languages, and it's
acceptable I am okay with it too
+
</grammar>
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index efb5f00d77..f80a6afc06 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -5923,6 +5923,7 @@
<interleave>
<ref name="tpm-backend-emulator-encryption"/>
<ref name="tpm-backend-emulator-active-pcr-banks"/>
+ <ref name="tpm-backend-emulator-profile"/>
</interleave>
<optional>
<attribute name="persistent_state">
@@ -6020,6 +6021,22 @@
</optional>
</define>
+ <define name="tpm-backend-emulator-profile">
+ <optional>
+ <element name="profile">
+ <optional>
+ <attribute name="remove_disabled">
+ <choice>
+ <value>check</value>
+ <value>fips-host</value>
+ </choice>
+ </attribute>
+ </optional>
+ <ref name="JSONMap"/>
+ </element>
+ </optional>
+ </define>
+
<define name="vsock">
<element name="vsock">
<optional>
--
2.46.0