11:48 a.m.
In order to learn what types of <launchSecurity/> are supported
users can turn to domain capabilities and find <sev/> and
<s390-pv/> elements. While these may expose some additional info
on individual launchSecurity types, we are lacking clean
enumeration (like we do for say device models). And given that
SEV and SEV SNP share the same basis (info found under <sev/> is
applicable to SEV SNP too) we have no other way to report SEV SNP
support.
Therefore, report supported launchSecurity types in domain
capabilities.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
docs/formatdomaincaps.rst | 10 ++++++++++
src/conf/domain_capabilities.c | 14 ++++++++++++++
src/conf/domain_capabilities.h | 9 +++++++++
src/conf/schemas/domaincaps.rng | 10 ++++++++++
4 files changed, 43 insertions(+)
diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst
index 609a767189..a2ad0acc3d 100644
--- a/docs/formatdomaincaps.rst
+++ b/docs/formatdomaincaps.rst
@@ -798,3 +798,13 @@ are supported. The ``features`` enum corresponds to the
``<hyperv/>`` element
Please note that depending on the QEMU version some capabilities might be
missing even though QEMU does support them. This is because prior to QEMU-6.1.0
not all features were reported by QEMU.
+
+Launch security
+^^^^^^^^^^^^^^^
+
+The ``launchSecurity`` element exposes supported aspects of encrypted guests.
+The ``sectype`` enum corresponds to ``type`` attribute of ``<launchSecurity/>``
+element as documented in `Launch Security
+<formatdomain.html#launch-security>`__. :since:`(Since 10.5.0)` For additional
+information on individual types, see sections above: `s390-pv capability`_ for
+S390 PV, `SEV capabilities`_ for AMD SEV and/or AMD SEV-SNP.
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 68eb3c9797..3f2d231d1c 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -707,6 +707,19 @@ virDomainCapsFeatureHypervFormat(virBuffer *buf,
FORMAT_EPILOGUE(hyperv);
}
+
+static void
+virDomainCapsLaunchSecurityFormat(virBuffer *buf,
+ const virDomainCapsLaunchSecurity *launchSecurity)
+{
+ FORMAT_PROLOGUE(launchSecurity);
+
+ ENUM_PROCESS(launchSecurity, sectype, virDomainLaunchSecurityTypeToString);
+
+ FORMAT_EPILOGUE(launchSecurity);
+}
+
+
static void
virDomainCapsFormatFeatures(const virDomainCaps *caps,
virBuffer *buf)
@@ -728,6 +741,7 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps,
virDomainCapsFeatureSEVFormat(&childBuf, caps->sev);
virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx);
virDomainCapsFeatureHypervFormat(&childBuf, caps->hyperv);
+ virDomainCapsLaunchSecurityFormat(&childBuf, &caps->launchSecurity);
virXMLFormatElement(buf, "features", NULL, &childBuf);
}
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index fadc30cdd7..986f3cb394 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -165,6 +165,14 @@ struct _virDomainCapsFeatureHyperv {
virDomainCapsEnum features; /* Info about supported virDomainHyperv features */
};
+STATIC_ASSERT_ENUM(VIR_DOMAIN_LAUNCH_SECURITY_LAST);
+typedef struct _virDomainCapsLaunchSecurity virDomainCapsLaunchSecurity;
+struct _virDomainCapsLaunchSecurity {
+ virTristateBool supported;
+ virDomainCapsEnum sectype; /* Info about supported virDomainLaunchSecurity */
+};
+
+
typedef enum {
VIR_DOMCAPS_CPU_USABLE_UNKNOWN,
VIR_DOMCAPS_CPU_USABLE_YES,
@@ -284,6 +292,7 @@ struct _virDomainCaps {
virSEVCapability *sev;
virSGXCapability *sgx;
virDomainCapsFeatureHyperv *hyperv;
+ virDomainCapsLaunchSecurity launchSecurity;
/* add new domain features here */
virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST];
diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.rng
index e7aa4a1066..b8115fe028 100644
--- a/src/conf/schemas/domaincaps.rng
+++ b/src/conf/schemas/domaincaps.rng
@@ -285,6 +285,13 @@
</element>
</define>
+ <define name="launchSecurity">
+ <element name="launchSecurity">
+ <ref name="supported"/>
+ <ref name="enum"/>
+ </element>
+ </define>
+
<define name="features">
<element name="features">
<optional>
@@ -317,6 +324,9 @@
<optional>
<ref name="hyperv"/>
</optional>
+ <optional>
+ <ref name='launchSecurity'/>
+ </optional>
</element>
</define>
--
2.44.2