[v3] Support for launchSecurity type s390-pv

[PATCH v3 0/6] Support for launchSecurity type s390-pv

Boris Fiuczynski posted 6 patches 2 years, 9 months ago

Diff against v1 v2 v4 v5
Download series mbox

Test syntax-check failed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20210622131049.12396-1-fiuczy@linux.ibm.com

There is a newer version of this series

docs/formatdomain.rst                         |   7 +
docs/kbase/s390_protected_virt.rst            |  55 ++++++-
docs/schemas/domaincommon.rng                 |  13 +-
src/conf/domain_conf.c                        | 155 +++++++++++-------
src/conf/domain_conf.h                        |  14 +-
src/conf/virconftypes.h                       |   2 +
src/qemu/qemu_capabilities.c                  |   2 +
src/qemu/qemu_capabilities.h                  |   1 +
src/qemu/qemu_cgroup.c                        |   4 +-
src/qemu/qemu_command.c                       |  70 +++++++-
src/qemu/qemu_driver.c                        |   3 +-
src/qemu/qemu_firmware.c                      |  34 ++--
src/qemu/qemu_namespace.c                     |  21 ++-
src/qemu/qemu_process.c                       |  34 +++-
src/qemu/qemu_validate.c                      |  31 +++-
src/security/security_dac.c                   |   6 +-
.../launch-security-s390-pv-ignore-policy.xml |  24 +++
.../launch-security-s390-pv.xml               |  18 ++
.../launch-security-s390-pv-ignore-policy.xml |   1 +
tests/genericxml2xmltest.c                    |   2 +
.../qemucapabilitiesdata/caps_6.0.0.s390x.xml |   1 +
...ty-s390-pv-ignore-policy.s390x-latest.args |  35 ++++
.../launch-security-s390-pv-ignore-policy.xml |  33 ++++
.../launch-security-s390-pv.s390x-latest.args |  35 ++++
.../launch-security-s390-pv.xml               |  30 ++++
...urity-sev-missing-policy.x86_64-2.12.0.err |   1 +
.../launch-security-sev-missing-policy.xml    |  34 ++++
tests/qemuxml2argvtest.c                      |   4 +
28 files changed, 562 insertions(+), 108 deletions(-)
create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml
create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv.xml
create mode 120000 tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml
create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args
create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml
create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.xml
create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12.0.err
create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml

Expand all Fold all

[PATCH v3 0/6] Support for launchSecurity type s390-pv

Posted by Boris Fiuczynski 2 years, 9 months ago

This patch series introduces the launch security type s390-pv.
Specifying s390-pv as launch security type in an s390 domain prepares for
running the guest in protected virtualization secure mode, also known as
IBM Secure Execution.

diff to v2:
 - Broke up previous patch one into three patches

diff to v1:
 - Rebased to current master
 - Added verification check for confidential-guest-support capability

Boris Fiuczynski (6):
  schemas: Make SEV policy on launch security optional
  conf: modernize SEV XML parse and format methods
  conf: refactor launch security to allow more types
  qemu: add s390-pv-guest capability
  conf: add s390-pv as launch security type
  docs: add s390-pv documentation

 docs/formatdomain.rst                         |   7 +
 docs/kbase/s390_protected_virt.rst            |  55 ++++++-
 docs/schemas/domaincommon.rng                 |  13 +-
 src/conf/domain_conf.c                        | 155 +++++++++++-------
 src/conf/domain_conf.h                        |  14 +-
 src/conf/virconftypes.h                       |   2 +
 src/qemu/qemu_capabilities.c                  |   2 +
 src/qemu/qemu_capabilities.h                  |   1 +
 src/qemu/qemu_cgroup.c                        |   4 +-
 src/qemu/qemu_command.c                       |  70 +++++++-
 src/qemu/qemu_driver.c                        |   3 +-
 src/qemu/qemu_firmware.c                      |  34 ++--
 src/qemu/qemu_namespace.c                     |  21 ++-
 src/qemu/qemu_process.c                       |  34 +++-
 src/qemu/qemu_validate.c                      |  31 +++-
 src/security/security_dac.c                   |   6 +-
 .../launch-security-s390-pv-ignore-policy.xml |  24 +++
 .../launch-security-s390-pv.xml               |  18 ++
 .../launch-security-s390-pv-ignore-policy.xml |   1 +
 tests/genericxml2xmltest.c                    |   2 +
 .../qemucapabilitiesdata/caps_6.0.0.s390x.xml |   1 +
 ...ty-s390-pv-ignore-policy.s390x-latest.args |  35 ++++
 .../launch-security-s390-pv-ignore-policy.xml |  33 ++++
 .../launch-security-s390-pv.s390x-latest.args |  35 ++++
 .../launch-security-s390-pv.xml               |  30 ++++
 ...urity-sev-missing-policy.x86_64-2.12.0.err |   1 +
 .../launch-security-sev-missing-policy.xml    |  34 ++++
 tests/qemuxml2argvtest.c                      |   4 +
 28 files changed, 562 insertions(+), 108 deletions(-)
 create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml
 create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv.xml
 create mode 120000 tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml
 create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args
 create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml
 create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
 create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.xml
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12.0.err
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml

-- 
2.30.2