From nobody Mon Feb  9 02:27:16 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=linux.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1624367491278628.4228334703993;
 Tue, 22 Jun 2021 06:11:31 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-69-ibp-JDEWP0CDT2_Np-WRyA-1; Tue, 22 Jun 2021 09:11:28 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 709C89127E;
	Tue, 22 Jun 2021 13:11:20 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 4848E19C46;
	Tue, 22 Jun 2021 13:11:20 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 122104EA3B;
	Tue, 22 Jun 2021 13:11:20 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 15MDB5r0010320 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 22 Jun 2021 09:11:06 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id BD4751009052; Tue, 22 Jun 2021 13:11:05 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B8AD61008B99
	for <libvir-list@redhat.com>; Tue, 22 Jun 2021 13:11:03 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5C088845DFA
	for <libvir-list@redhat.com>; Tue, 22 Jun 2021 13:11:03 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-3-rqhDGYYWNk67_Z7laQKXmA-1; Tue, 22 Jun 2021 09:10:58 -0400
Received: from pps.filterd (m0187473.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id
	15MD4Ewx127274; Tue, 22 Jun 2021 09:10:57 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 39bfvthb9r-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Tue, 22 Jun 2021 09:10:57 -0400
Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 15MD4MgH128409;
	Tue, 22 Jun 2021 09:10:56 -0400
Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com
	[169.51.49.98])
	by mx0a-001b2d01.pphosted.com with ESMTP id 39bfvthb8u-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Tue, 22 Jun 2021 09:10:56 -0400
Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1])
	by ppma03ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 15MD9KLl019427;
	Tue, 22 Jun 2021 13:10:54 GMT
Received: from b06cxnps4074.portsmouth.uk.ibm.com
	(d06relay11.portsmouth.uk.ibm.com [9.149.109.196])
	by ppma03ams.nl.ibm.com with ESMTP id 3998789fp8-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Tue, 22 Jun 2021 13:10:54 +0000
Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com
	[9.149.105.62])
	by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id 15MDApgP31129932
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Tue, 22 Jun 2021 13:10:51 GMT
Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 99309AE053;
	Tue, 22 Jun 2021 13:10:51 +0000 (GMT)
Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 64816AE051;
	Tue, 22 Jun 2021 13:10:51 +0000 (GMT)
Received: from localhost.localdomain (unknown [9.145.86.195])
	by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP;
	Tue, 22 Jun 2021 13:10:51 +0000 (GMT)
X-MC-Unique: ibp-JDEWP0CDT2_Np-WRyA-1
X-MC-Unique: rqhDGYYWNk67_Z7laQKXmA-1
From: Boris Fiuczynski <fiuczy@linux.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v3 1/6] schemas: Make SEV policy on launch security optional
Date: Tue, 22 Jun 2021 15:10:44 +0200
Message-Id: <20210622131049.12396-2-fiuczy@linux.ibm.com>
In-Reply-To: <20210622131049.12396-1-fiuczy@linux.ibm.com>
References: <20210622131049.12396-1-fiuczy@linux.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: yZaUpabump8ZoEeMgn_whNCgJbpXTpp0
X-Proofpoint-GUID: jqmdjpZYppolrERvD7Ze6CAFS-JFJUpB
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790
	definitions=2021-06-22_06:2021-06-21,
	2021-06-22 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	mlxscore=0 adultscore=0
	mlxlogscore=999 bulkscore=0 lowpriorityscore=0 malwarescore=0
	suspectscore=0 spamscore=0 clxscore=1015 impostorscore=0 phishscore=0
	priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2104190000 definitions=main-2106220083
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-loop: libvir-list@redhat.com
Cc: pkrempa@redhat.com, danielhb413@gmail.com, pasic@linux.ibm.com,
	phrdina@redhat.com, mhartmay@linux.ibm.com, bwalk@linux.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Change launch security policy of type SEV from required to
optional and add a test to ensure the required launch security
policy remains required when launch security type is SEV.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
 docs/schemas/domaincommon.rng                 | 12 ++++---
 src/conf/domain_conf.c                        |  3 +-
 ...urity-sev-missing-policy.x86_64-2.12.0.err |  1 +
 .../launch-security-sev-missing-policy.xml    | 34 +++++++++++++++++++
 tests/qemuxml2argvtest.c                      |  1 +
 5 files changed, 46 insertions(+), 5 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-poli=
cy.x86_64-2.12.0.err
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-poli=
cy.xml

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 5ea14b6dbf..8c1b6c3a09 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -483,7 +483,9 @@
   <define name=3D"launchSecurity">
     <element name=3D"launchSecurity">
       <attribute name=3D"type">
-        <value>sev</value>
+        <choice>
+          <value>sev</value>
+        </choice>
       </attribute>
       <interleave>
         <optional>
@@ -496,9 +498,11 @@
             <data type=3D"unsignedInt"/>
           </element>
         </optional>
-        <element name=3D"policy">
-          <ref name=3D"hexuint"/>
-        </element>
+        <optional>
+          <element name=3D"policy">
+            <ref name=3D"hexuint"/>
+          </element>
+        </optional>
         <optional>
           <element name=3D"handle">
             <ref name=3D"unsignedInt"/>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index f65509d8ec..af2fd03d3c 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -14749,7 +14749,8 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
=20
     if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) {
         virReportError(VIR_ERR_XML_ERROR, "%s",
-                       _("failed to get launch security policy"));
+                       _("failed to get launch security policy for "
+                         "launch security type SEV"));
         goto error;
     }
=20
diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_=
64-2.12.0.err b/tests/qemuxml2argvdata/launch-security-sev-missing-policy.x=
86_64-2.12.0.err
new file mode 100644
index 0000000000..2019c8bb13
--- /dev/null
+++ b/tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12=
.0.err
@@ -0,0 +1 @@
+XML error: failed to get launch security policy for launch security type S=
EV
diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml =
b/tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml
new file mode 100644
index 0000000000..5461b06c9d
--- /dev/null
+++ b/tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml
@@ -0,0 +1,34 @@
+<domain type=3D'kvm'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit=3D'KiB'>219100</memory>
+  <currentMemory unit=3D'KiB'>219100</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-1.0'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'block' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source dev=3D'/dev/HostVG/QEMUGuest1'/>
+      <target dev=3D'hda' bus=3D'ide'/>
+      <address type=3D'drive' controller=3D'0' bus=3D'0' target=3D'0' unit=
=3D'0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'/>
+    <controller type=3D'ide' index=3D'0'/>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <memballoon model=3D'none'/>
+  </devices>
+  <launchSecurity type=3D'sev'>
+    <dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCer=
t>
+    <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
+  </launchSecurity>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 9df28658b9..ef6afae586 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -3459,6 +3459,7 @@ mymain(void)
     DO_TEST_CAPS_VER("launch-security-sev", "2.12.0");
     DO_TEST_CAPS_VER("launch-security-sev", "6.0.0");
     DO_TEST_CAPS_VER("launch-security-sev-missing-platform-info", "2.12.0"=
);
+    DO_TEST_CAPS_VER_PARSE_ERROR("launch-security-sev-missing-policy", "2.=
12.0");
=20
     DO_TEST_CAPS_LATEST("vhost-user-fs-fd-memory");
     DO_TEST_CAPS_LATEST("vhost-user-fs-hugepages");
--=20
2.30.2