From nobody Mon Sep 8 17:07:18 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail header.i=@fujitsu.com; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=aa.jp.fujitsu.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1749712589267773.3148510942839; Thu, 12 Jun 2025 00:16:29 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 514B81226; Thu, 12 Jun 2025 03:16:28 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 44E941182; Thu, 12 Jun 2025 03:14:52 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 9255EE75; Thu, 12 Jun 2025 03:14:48 -0400 (EDT) Received: from esa8.hc1455-7.c3s2.iphmx.com (esa8.hc1455-7.c3s2.iphmx.com [139.138.61.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 6E9CEE74 for ; Thu, 12 Jun 2025 03:14:44 -0400 (EDT) Received: from unknown (HELO yto-r3.gw.nic.fujitsu.com) ([218.44.52.219]) by esa8.hc1455-7.c3s2.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jun 2025 16:14:39 +0900 Received: from yto-m2.gw.nic.fujitsu.com (yto-nat-yto-m2.gw.nic.fujitsu.com [192.168.83.65]) by yto-r3.gw.nic.fujitsu.com (Postfix) with ESMTP id 02DA3D5051 for ; Thu, 12 Jun 2025 16:14:37 +0900 (JST) Received: from yto-om3.fujitsu.com (yto-om3.o.css.fujitsu.com [10.128.89.164]) by yto-m2.gw.nic.fujitsu.com (Postfix) with ESMTP id C93ADD50E1 for ; Thu, 12 Jun 2025 16:14:36 +0900 (JST) Received: from sm-x86-amd03.ssoft.mng.com (sm-x86-stp01.soft.fujitsu.com [10.124.178.20]) by yto-om3.fujitsu.com (Postfix) with ESMTP id A40D6400584EA; Thu, 12 Jun 2025 16:14:36 +0900 (JST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=fujitsu.com; i=@fujitsu.com; q=dns/txt; s=fj2; t=1749712484; x=1781248484; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=kY8az6ydd29+nxmB9VF8PGsdMeWIDPf0402cmvJkXBY=; b=nvxZsoYeui7Jbt9+zulInnv6qKxrninHh5Bkvh2nBUEKF7G+09SAp6Uo VRHels+ZrEySuJK8y5A0CSbGs1nDOp30L3d2aVpdHmzCaKxalObg7GC2j by+71zqX8JnDln4H9BqM3fKecfQ164JOt4bF3fQTsE/FsctW9m+8zl91J JauuUK4TKzxijxC1IJ08QK2czg8w6kPF7t6GenVyVMDz8eCn+c/tBtoVz J6uAYpr6NVtcGepNMcGCB6+cMFnS9qtPWqEtu+o/O1vaMqwbdxzxiwXxS oQZpk5+RNkVYMa9Gwy/EzSS1mt00CFo6qu/qaDhjx68Ow2ptacW8KMwhU Q==; X-CSE-ConnectionGUID: kPDvm+1QTpaESdEeIs40NQ== X-CSE-MsgGUID: LSfIAZcHQMO2iqws9Ryi6g== X-IronPort-AV: E=McAfee;i="6800,10657,11461"; a="190476502" X-IronPort-AV: E=Sophos;i="6.16,230,1744038000"; d="scan'208";a="190476502" From: Kazuhiro Abe To: devel@lists.libvirt.org Subject: [RFC PATCH v4 1/4] src: Add ARM CCA support in qemu driver to launch VM Date: Thu, 12 Jun 2025 16:12:04 +0900 Message-ID: <20250612071418.2926384-2-fj1078ii@aa.jp.fujitsu.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20250612071418.2926384-1-fj1078ii@aa.jp.fujitsu.com> References: <20250612071418.2926384-1-fj1078ii@aa.jp.fujitsu.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 7IVSQJKNSRDDPTF7WOI5VZJ7EK5PJ2SH X-Message-ID-Hash: 7IVSQJKNSRDDPTF7WOI5VZJ7EK5PJ2SH X-MailFrom: fj1078ii@aa.jp.fujitsu.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: taketani.ryo@fujitsu.com X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1749712590356116600 Content-Type: text/plain; charset="utf-8" From: Akio Kakuno - Add ARM CCA support to the qemu driver for aarch64 systems. [XML example] ... sha256 ... Signed-off-by: Kazuhiro Abe --- docs/formatdomain.rst | 43 ++++++++++++++++++++++++++++++++++ src/conf/domain_capabilities.h | 6 +++++ src/conf/domain_conf.c | 25 ++++++++++++++++++++ src/conf/domain_conf.h | 9 +++++++ src/conf/domain_validate.c | 1 + src/conf/virconftypes.h | 2 ++ src/qemu/qemu_capabilities.c | 4 ++++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_cgroup.c | 2 ++ src/qemu/qemu_command.c | 29 +++++++++++++++++++++++ src/qemu/qemu_driver.c | 2 ++ src/qemu/qemu_firmware.c | 1 + src/qemu/qemu_namespace.c | 2 ++ src/qemu/qemu_process.c | 4 ++++ src/qemu/qemu_validate.c | 4 ++++ src/security/security_dac.c | 2 ++ 16 files changed, 137 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index c7c75ae219..222967a7a4 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -9487,6 +9487,49 @@ The ```` element then accepts the f= ollowing child elements: the SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI. =20 =20 +The contents of the ```` element is used to c= reate +RealmVM using the Arm CCA feature (Confidential Compute Architecture). +CCA :since:`Since 11.0.0` enhances the virtualization capabilities of the +platform by separating the management of resources from access to those re= sources. +This is achieved by extending the TrustZone of Cortex-A's Normal and Secure +world concepts and adding the Realm world and the underlying Root world. +The Secure Monitor runs in the root world and manages the transition betwe= en +these security states. For more information see the Learn the architecture= - +Arm Confidential Compute Architecture software stack: +``__ + +:: + + + ... + + sha256 + ... + + ... + + +The ```` element accepts the following attributes: + +``measurement-algo`` + The optional ``measurement-algo`` element determines algorithm used to + describe blob hashes. + +``personalization-value`` + The optional ``personalization-value`` element is used to configure + the Realm Personalization Value (RPV). The Realm Personalization + Value (RPV) is provided by the user to distinguish Realms that have + the same initial measurement. The personalization-value for libvirt + must be an 88-character string representing the Base64 encoding of + the 64-byte hexadecimal value defined in the RMM specification. + Ensure that you encode the 64-byte hex value from the RMM specification + using Base64 before providing it to libvirt. + +``measurement-log`` + The optional ``measurement-log`` element provides a way to create + an event log in the format defined by the Trusted Computing Group + for TPM2. + Example configs =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 69dd1a15c1..93e2cc2931 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -240,6 +240,12 @@ struct _virSGXCapability { virSGXSection *sgxSections; }; =20 +typedef struct _virCCACapability virCCACapability; +struct _virCCACapability { + size_t nCcaMeasurementAlgo; + char **ccaMeasurementAlgo; +}; + STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_MODEL_LAST); STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_TYPE_LAST); STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_BACKEND_LAST); diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 542d6ade91..c919596bf0 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1538,6 +1538,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity, "sev", "sev-snp", "s390-pv", + "cca", ); =20 VIR_ENUM_IMPL(virDomainPstoreBackend, @@ -3949,6 +3950,10 @@ virDomainSecDefFree(virDomainSecDef *def) g_free(def->data.sev_snp.id_auth); g_free(def->data.sev_snp.host_data); break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + g_free(def->data.cca.measurement_algo); + g_free(def->data.cca.personalization_value); + break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: @@ -14174,6 +14179,21 @@ virDomainSEVSNPDefParseXML(virDomainSEVSNPDef *def, } =20 =20 +static int +virDomainCCADefParseXML(virDomainCCADef *def, + xmlXPathContextPtr ctxt) +{ + def->measurement_algo =3D virXPathString("string(./measurement-algo)",= ctxt); + def->personalization_value =3D virXPathString("string(./personalizatio= n-value)", ctxt); + + if (virXMLPropTristateBool(ctxt->node, "measurement-log", VIR_XML_PROP= _NONE, + &def->measurement_log) < 0) + return -1; + + return 0; +} + + static virDomainSecDef * virDomainSecDefParseXML(xmlNodePtr lsecNode, xmlXPathContextPtr ctxt) @@ -14199,6 +14219,10 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode, break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + if (virDomainCCADefParseXML(&sec->data.cca, ctxt) < 0) + return NULL; + break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: default: @@ -27619,6 +27643,7 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecD= ef *sec) break; =20 case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: break; =20 case VIR_DOMAIN_LAUNCH_SECURITY_NONE: diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 58b97a2b54..2a4ab6e2eb 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2956,6 +2956,7 @@ typedef enum { VIR_DOMAIN_LAUNCH_SECURITY_SEV, VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP, VIR_DOMAIN_LAUNCH_SECURITY_PV, + VIR_DOMAIN_LAUNCH_SECURITY_CCA, =20 VIR_DOMAIN_LAUNCH_SECURITY_LAST, } virDomainLaunchSecurity; @@ -2990,11 +2991,19 @@ struct _virDomainSEVSNPDef { }; =20 =20 +struct _virDomainCCADef { + char *measurement_algo; + char *personalization_value; + virTristateBool measurement_log; +}; + + struct _virDomainSecDef { virDomainLaunchSecurity sectype; union { virDomainSEVDef sev; virDomainSEVSNPDef sev_snp; + virDomainCCADef cca; } data; }; =20 diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index d0d4bc0bf4..452236b9db 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -1934,6 +1934,7 @@ virDomainDefLaunchSecurityValidate(const virDomainDef= *def) case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_SEV: case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: break; } diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index c70437bc05..fd6f54a654 100644 --- a/src/conf/virconftypes.h +++ b/src/conf/virconftypes.h @@ -220,6 +220,8 @@ typedef struct _virDomainSEVDef virDomainSEVDef; =20 typedef struct _virDomainSEVSNPDef virDomainSEVSNPDef; =20 +typedef struct _virDomainCCADef virDomainCCADef; + typedef struct _virDomainSecDef virDomainSecDef; =20 typedef struct _virDomainShmemDef virDomainShmemDef; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index a804335c85..bd8de6d854 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -732,6 +732,7 @@ VIR_ENUM_IMPL(virQEMUCaps, =20 /* 475 */ "virtio-scsi.iothread-mapping", /* QEMU_CAPS_VIRTIO_SCSI_IOT= HREAD_MAPPING */ + "rme-guest", /* QEMU_CAPS_CCA_GUEST */ ); =20 =20 @@ -817,6 +818,8 @@ struct _virQEMUCaps { =20 virSGXCapability *sgxCapabilities; =20 + virCCACapability *ccaCapabilities; + virDomainCapsFeatureHyperv *hypervCapabilities; =20 /* Capabilities which may differ depending on the accelerator. */ @@ -1419,6 +1422,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[= ] =3D { { "sev-snp-guest", QEMU_CAPS_SEV_SNP_GUEST }, { "acpi-erst", QEMU_CAPS_DEVICE_ACPI_ERST }, { "virtio-mem-ccw", QEMU_CAPS_DEVICE_VIRTIO_MEM_CCW }, + { "rme-guest", QEMU_CAPS_CCA_GUEST }, }; =20 =20 diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index ea7c14daa9..12bb55e271 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -713,6 +713,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for = syntax-check */ =20 /* 475 */ QEMU_CAPS_VIRTIO_SCSI_IOTHREAD_MAPPING, /* virtio-scsi supports per-vi= rtqueue iothread mapping */ + QEMU_CAPS_CCA_GUEST, /* -object rme-guest */ =20 QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c index 48af467bf9..437c8d71fb 100644 --- a/src/qemu/qemu_cgroup.c +++ b/src/qemu/qemu_cgroup.c @@ -862,6 +862,8 @@ qemuSetupDevicesCgroup(virDomainObj *vm) if (qemuSetupSEVCgroup(vm) < 0) return -1; break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index e6d308534f..32a555c427 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -7042,6 +7042,9 @@ qemuBuildMachineCommandLine(virCommand *cmd, case VIR_DOMAIN_LAUNCH_SECURITY_PV: virBufferAddLit(&buf, ",confidential-guest-support=3Dlsec0"); break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + virBufferAddLit(&buf, ",confidential-guest-support=3Drme0"); + break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sec= type); @@ -9788,6 +9791,29 @@ qemuBuildPVCommandLine(virCommand *cmd) } =20 =20 +static int +qemuBuildCCACommandLine(virCommand *cmd, virDomainCCADef *cca) +{ + g_autoptr(virJSONValue) props =3D NULL; + + VIR_DEBUG("measurement_algorithm=3D%s personalization_value=3D%s measu= rement_log=3D%d", + cca->measurement_algo, cca->personalization_value, + cca->measurement_log); + + if (qemuMonitorCreateObjectProps(&props, "rme-guest", "rme0", + "S:measurement-algorithm", cca->measu= rement_algo, + "S:personalization-value", cca->perso= nalization_value, + "T:measurement-log", cca->measurement= _log, + NULL) < 0) + return -1; + + if (qemuBuildObjectCommandlineFromJSON(cmd, props) < 0) + return -1; + + return 0; +} + + static int qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd, virDomainSecDef *sec) @@ -9805,6 +9831,9 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand = *cmd, case VIR_DOMAIN_LAUNCH_SECURITY_PV: return qemuBuildPVCommandLine(cmd); =20 + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + return qemuBuildCCACommandLine(cmd, &sec->data.cca); + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: virReportEnumRangeError(virDomainLaunchSecurity, sec->sectype); diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index a34d6f1437..ce58abae28 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -19280,6 +19280,8 @@ qemuDomainGetLaunchSecurityInfo(virDomainPtr domain, if (qemuDomainGetSEVInfo(vm, list, flags) < 0) goto cleanup; break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c index 2d0ec0b4fa..c670ad11b0 100644 --- a/src/qemu/qemu_firmware.c +++ b/src/qemu/qemu_firmware.c @@ -1371,6 +1371,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def, } break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c index 59421ec9d1..61c575e96a 100644 --- a/src/qemu/qemu_namespace.c +++ b/src/qemu/qemu_namespace.c @@ -664,6 +664,8 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm, =20 VIR_DEBUG("Set up launch security for SEV"); break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 1af91c5909..3905fb0fbc 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -7011,6 +7011,8 @@ qemuProcessPrepareDomain(virQEMUDriver *driver, if (qemuProcessUpdateSEVInfo(vm) < 0) return -1; break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: @@ -7083,6 +7085,8 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainO= bj *vm) return qemuProcessPrepareSEVGuestInput(vm); case VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP: break; + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + return 0; case VIR_DOMAIN_LAUNCH_SECURITY_PV: return 0; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index b2c3c9e2f6..bb88a3b4aa 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -1413,6 +1413,10 @@ qemuValidateDomainDef(const virDomainDef *def, return -1; } break; + + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sec= type); diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 3ecbc7277d..81578c1625 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -2017,6 +2017,7 @@ virSecurityDACRestoreAllLabel(virSecurityManager *mgr, rc =3D -1; break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: @@ -2263,6 +2264,7 @@ virSecurityDACSetAllLabel(virSecurityManager *mgr, return -1; break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_CCA: break; case VIR_DOMAIN_LAUNCH_SECURITY_NONE: case VIR_DOMAIN_LAUNCH_SECURITY_LAST: --=20 2.43.5 From nobody Mon Sep 8 17:07:18 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail header.i=@fujitsu.com; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=aa.jp.fujitsu.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1749712685557972.2058938514926; Thu, 12 Jun 2025 00:18:05 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 7D05E938; Thu, 12 Jun 2025 03:18:04 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 6AA461211; Thu, 12 Jun 2025 03:16:29 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id B54B310A2; Thu, 12 Jun 2025 03:16:22 -0400 (EDT) Received: from esa11.hc1455-7.c3s2.iphmx.com (esa11.hc1455-7.c3s2.iphmx.com [207.54.90.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 37B53108A for ; Thu, 12 Jun 2025 03:15:49 -0400 (EDT) Received: from unknown (HELO yto-r4.gw.nic.fujitsu.com) ([218.44.52.220]) by esa11.hc1455-7.c3s2.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jun 2025 16:14:41 +0900 Received: from yto-m3.gw.nic.fujitsu.com (yto-nat-yto-m3.gw.nic.fujitsu.com [192.168.83.66]) by yto-r4.gw.nic.fujitsu.com (Postfix) with ESMTP id 437E8D5004 for ; Thu, 12 Jun 2025 16:14:38 +0900 (JST) Received: from yto-om3.fujitsu.com (yto-om3.o.css.fujitsu.com [10.128.89.164]) by yto-m3.gw.nic.fujitsu.com (Postfix) with ESMTP id 0E4751559A for ; Thu, 12 Jun 2025 16:14:38 +0900 (JST) Received: from sm-x86-amd03.ssoft.mng.com (sm-x86-stp01.soft.fujitsu.com [10.124.178.20]) by yto-om3.fujitsu.com (Postfix) with ESMTP id DB5CC400584F0; Thu, 12 Jun 2025 16:14:37 +0900 (JST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 X-Greylist: delayed 63 seconds by postgrey-1.37 at lists.libvirt.org; Thu, 12 Jun 2025 03:15:49 EDT DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=fujitsu.com; i=@fujitsu.com; q=dns/txt; s=fj2; t=1749712550; x=1781248550; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=NYGsKcvVJWoJ78Bkbps6w4U4pnC2PphIF7WsHybRcGg=; b=Y6yr8HfSUQJbz6lmNdOPsohuscm98s4OtYNyQxD0S2/BnWIEBABXUh2Z rRoc39arZV+ACf7dVVBHM6SjmjFJqLQMS0KEyLWC1LCmD7Z+AQY8NK6i1 JtPqFyyB4WSKvSb0JtgjvILYd6TQYKFA06k48Vl/aRvOrOgxpDZieKxxV DbeuDVSgOgeMRMTN+SaC0bcUvyodNAoQrR2NaJDUtxEbrsG/knF4OEFqi eip4kEhtgPt2Wj5twXp2nivKl4P+NsOkQcetYFljOKE4BVxeIPjrE92La oV+u/i+fKSEQX2akb5n2f6ISMh/v0Ns9Jh7zaxrhxcK+ipWoMSZkb3MPM A==; X-CSE-ConnectionGUID: xEfxHd9FRjyTQ0v181/6wg== X-CSE-MsgGUID: k/GzXAhWQsGlVX6KW2PNBw== X-IronPort-AV: E=McAfee;i="6800,10657,11461"; a="181987838" X-IronPort-AV: E=Sophos;i="6.16,230,1744038000"; d="scan'208";a="181987838" From: Kazuhiro Abe To: devel@lists.libvirt.org Subject: [RFC PATCH v4 2/4] src: Add ARM CCA support in domain capabilities command Date: Thu, 12 Jun 2025 16:12:05 +0900 Message-ID: <20250612071418.2926384-3-fj1078ii@aa.jp.fujitsu.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20250612071418.2926384-1-fj1078ii@aa.jp.fujitsu.com> References: <20250612071418.2926384-1-fj1078ii@aa.jp.fujitsu.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: P5QMKJE3AOUYUE5ZKGBBUYBMYBDH5FUT X-Message-ID-Hash: P5QMKJE3AOUYUE5ZKGBBUYBMYBDH5FUT X-MailFrom: fj1078ii@aa.jp.fujitsu.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: taketani.ryo@fujitsu.com X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1749712687011116600 Content-Type: text/plain; charset="utf-8" From: Akio Kakuno - Add ARM CCA support in domain capabilies XML schema. [Capability example] - Execution results of 'virsh domcapability" on qemu ... ... sha256 sha512 ... Signed-off-by: Kazuhiro Abe --- docs/formatdomaincaps.rst | 27 +++++++++- src/conf/domain_capabilities.c | 48 +++++++++++++++++ src/conf/domain_capabilities.h | 6 +++ src/libvirt_private.syms | 1 + src/qemu/qemu_capabilities.c | 28 ++++++++++ src/qemu/qemu_monitor.c | 10 ++++ src/qemu/qemu_monitor.h | 3 ++ src/qemu/qemu_monitor_json.c | 98 ++++++++++++++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 4 ++ 9 files changed, 224 insertions(+), 1 deletion(-) diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst index ed95af4fee..fbf7db12e6 100644 --- a/docs/formatdomaincaps.rst +++ b/docs/formatdomaincaps.rst @@ -734,6 +734,12 @@ capabilities. All features occur as children of the ma= in ``features`` element.
+ + + sha256 + sha512 + + relaxed @@ -861,6 +867,24 @@ document store. In order to use SGX with libvirt have = a look at `SGX in domain X ``sections`` The sections of the SGX enclave page cache (called EPC). =20 +CCA capabilities +^^^^^^^^^^^^^^^^ + +Arm Confidential Compute Architecture (CCA) capabilities are exposed under= the +``cca`` element. + +Arm CCA is a system solution comprised of hardware and software components= that +maximizes the security of data on devices and in the cloud. +CCA enhances the virtualization capabilities of the platform by separating= the +management of resources from access to those resources. + +For more details on the CCA feature, please follow resources in the CCA de= veloper's +document store. In order to use CCA with libvirt have a look at `CCA in do= main +XML `__ + +``measurement-algo`` + Options for the ``measurement-algo`` used to describe blob hashes. + =20 Hyper-V Enlightenments ^^^^^^^^^^^^^^^^^^^^^^ @@ -882,4 +906,5 @@ The ``sectype`` enum corresponds to ``type`` attribute = of ```` element as documented in `Launch Security `__. :since:`(Since 10.5.0)` For addit= ional information on individual types, see sections above: `s390-pv capability`_= for -S390 PV, `SEV capabilities`_ for AMD SEV and/or AMD SEV-SNP. +S390 PV, `SEV capabilities`_ for AMD SEV and/or AMD SEV-SNP, `CCA capabili= ties`_ +for Arm CCA. diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index 27551f6102..0d7b132c5e 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -91,6 +91,25 @@ virSGXCapabilitiesFree(virSGXCapability *cap) } =20 =20 +void +virCCACapabilitiesFree(virCCACapability *cap) +{ + size_t i; + + if (!cap) + return; + + if (cap->nCcaMeasurementAlgo) + for (i =3D 0; i < cap->nCcaMeasurementAlgo; i++) + g_free(cap->ccaMeasurementAlgo[i]); + + if (cap->ccaMeasurementAlgo) + g_free(cap->ccaMeasurementAlgo); + + g_free(cap); +} + + static void virDomainCapsDispose(void *obj) { @@ -104,6 +123,7 @@ virDomainCapsDispose(void *obj) virCPUDefFree(caps->cpu.hostModel); virSEVCapabilitiesFree(caps->sev); virSGXCapabilitiesFree(caps->sgx); + virCCACapabilitiesFree(caps->cca); g_free(caps->hyperv); =20 values =3D &caps->os.loader.values; @@ -775,6 +795,33 @@ virDomainCapsFeatureSGXFormat(virBuffer *buf, virBufferAddLit(buf, "\n"); } =20 +static void +virDomainCapsFeatureCCAFormat(virBuffer *buf, + const virCCACapability *cca) +{ + size_t i; + + if (!cca) { + virBufferAddLit(buf, "\n"); + return; + } + + virBufferAddLit(buf, "\n"); + virBufferAdjustIndent(buf, 2); + + virBufferAddLit(buf, "\n"); + virBufferAdjustIndent(buf, 2); + for (i =3D 0; i < cca->nCcaMeasurementAlgo; i++) { + virBufferAsprintf(buf, "%s\n", + cca->ccaMeasurementAlgo[i]); + } + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "\n"); + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "\n"); +} + static void virDomainCapsFeatureHypervFormat(virBuffer *buf, const virDomainCapsFeatureHyperv *hyperv) @@ -822,6 +869,7 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps, =20 virDomainCapsFeatureSEVFormat(&childBuf, caps->sev); virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx); + virDomainCapsFeatureCCAFormat(&childBuf, caps->cca); virDomainCapsFeatureHypervFormat(&childBuf, caps->hyperv); virDomainCapsLaunchSecurityFormat(&childBuf, &caps->launchSecurity); =20 diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 93e2cc2931..b55f860e7b 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -315,6 +315,7 @@ struct _virDomainCaps { virDomainCapsFeatureGIC gic; virSEVCapability *sev; virSGXCapability *sgx; + virCCACapability *cca; virDomainCapsFeatureHyperv *hyperv; virDomainCapsLaunchSecurity launchSecurity; /* add new domain features here */ @@ -375,3 +376,8 @@ void virSGXCapabilitiesFree(virSGXCapability *capabilities); =20 G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree); + +void +virCCACapabilitiesFree(virCCACapability *capabilities); + +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virCCACapability, virCCACapabilitiesFree); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index a8ebf9efd8..42954dc395 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -208,6 +208,7 @@ virDomainAuditVcpu; =20 =20 # conf/domain_capabilities.h +virCCACapabilitiesFree; virDomainCapsCPUModelsAdd; virDomainCapsCPUModelsCopy; virDomainCapsCPUModelsGet; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index bd8de6d854..8bac140944 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -3655,6 +3655,32 @@ virQEMUCapsProbeQMPSGXCapabilities(virQEMUCaps *qemu= Caps, } =20 =20 +static int +virQEMUCapsProbeQMPCCACapabilities(virQEMUCaps *qemuCaps, + qemuMonitor *mon) +{ + int rc =3D -1; + virCCACapability *caps =3D NULL; + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_CCA_GUEST)) + return 0; + + if ((rc =3D qemuMonitorGetCCACapabilities(mon, &caps)) < 0) + return -1; + + /* CCA isn't actually supported */ + if (rc =3D=3D 0) { + virQEMUCapsClear(qemuCaps, QEMU_CAPS_CCA_GUEST); + return 0; + } + + virCCACapabilitiesFree(qemuCaps->ccaCapabilities); + qemuCaps->ccaCapabilities =3D caps; + return 0; +} + + + /* * Filter for features which should never be passed to QEMU. Either because * QEMU never supported them or they were dropped as they never did anythi= ng @@ -5752,6 +5778,8 @@ virQEMUCapsInitQMPMonitor(virQEMUCaps *qemuCaps, return -1; if (virQEMUCapsProbeQMPSGXCapabilities(qemuCaps, mon) < 0) return -1; + if (virQEMUCapsProbeQMPCCACapabilities(qemuCaps, mon) < 0) + return -1; =20 virQEMUCapsInitProcessCaps(qemuCaps); =20 diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 981975cdd2..8852e697e0 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -3504,6 +3504,16 @@ qemuMonitorGetSGXCapabilities(qemuMonitor *mon, } =20 =20 +int +qemuMonitorGetCCACapabilities(qemuMonitor *mon, + virCCACapability **capabilities) +{ + QEMU_CHECK_MONITOR(mon); + + return qemuMonitorJSONGetCCACapabilities(mon, capabilities); +} + + int qemuMonitorNBDServerStart(qemuMonitor *mon, const virStorageNetHostDef *server, diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index 8d49ada114..e9b1b5a356 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -856,6 +856,9 @@ int qemuMonitorGetSEVCapabilities(qemuMonitor *mon, int qemuMonitorGetSGXCapabilities(qemuMonitor *mon, virSGXCapability **capabilities); =20 +int qemuMonitorGetCCACapabilities(qemuMonitor *mon, + virCCACapability **capabilities); + typedef enum { QEMU_MONITOR_MIGRATE_RESUME =3D 1 << 0, /* resume failed post-= copy migration */ QEMU_MONITOR_MIGRATION_FLAGS_LAST diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index dc2eaace96..ce009dff69 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6299,6 +6299,104 @@ qemuMonitorJSONGetSGXCapabilities(qemuMonitor *mon, } =20 =20 +static int +qemuMonitorJSONGetCCAMeasurementAlgo(qemuMonitor *mon, + size_t *numalgo, + char ***malgo) +{ + g_autoptr(virJSONValue) cmd =3D NULL; + g_autoptr(virJSONValue) reply =3D NULL; + virJSONValue *caps; + virJSONValue *malgolist =3D NULL; + g_auto(GStrv) list =3D NULL; + size_t i; + size_t n =3D 0; + + if (!(cmd =3D qemuMonitorJSONMakeCommand("query-cca-capabilities", + NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + return -1; + + /* If the 'query-cca-capabilities' QMP command was not available + * we simply successfully return zero capabilities. + * This is the current QEMU (=3D9.1.91) and all non-ARM architectures = */ + if (qemuMonitorJSONHasError(reply, "CommandNotFound")) + return 0; + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + return -1; + + caps =3D virJSONValueObjectGetObject(reply, "return"); + + if (!(caps =3D qemuMonitorJSONGetReply(cmd, reply, VIR_JSON_TYPE_OBJEC= T))) + return -1; + + if ((malgolist =3D virJSONValueObjectGetArray(caps, "sections"))) { + n =3D virJSONValueArraySize(malgolist); + + /* If the received array is empty, an error is returned. */ + if (n =3D=3D 0) + return -1; + + list =3D g_new0(char *, n + 1); + + for (i =3D 0; i < n; i++) { + virJSONValue *cap =3D virJSONValueArrayGet(malgolist, i); + const char *measurement_algo =3D NULL; + + if (!cap || virJSONValueGetType(cap) !=3D VIR_JSON_TYPE_OBJECT= ) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("missing entry in CCA capabilities list")= ); + return -1; + } + + if (!(measurement_algo =3D virJSONValueObjectGetString(cap, "m= easurement-algo"))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-cca-capabilities reply was missing 'me= asurement-algo' field")); + return -1; + } + + list[i] =3D g_strdup(measurement_algo); + } + } + + *numalgo =3D n; + *malgo =3D g_steal_pointer(&list); + return 1; +} + + +/** + * qemuMonitorJSONGetCCACapabilities: + * @mon: qemu monitor object + * @capabilities: pointer to pointer to a CCA capability structure to be f= illed + * + * Returns -1 on error, 0 if CCA is not supported, and 1 if CCA is support= ed on + * the platform. + */ +int +qemuMonitorJSONGetCCACapabilities(qemuMonitor *mon, + virCCACapability **capabilities) +{ + g_autoptr(virCCACapability) capability =3D NULL; + int ret =3D 0; + + *capabilities =3D NULL; + capability =3D g_new0(virCCACapability, 1); + + ret =3D qemuMonitorJSONGetCCAMeasurementAlgo(mon, + &capability->nCcaMeasuremen= tAlgo, + &capability->ccaMeasurement= Algo); + + if (ret > 0) + *capabilities =3D g_steal_pointer(&capability); + + return ret; +} + + static virJSONValue * qemuMonitorJSONBuildInetSocketAddress(const char *host, const char *port) diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index cec4fb387e..fa263b923f 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -168,6 +168,10 @@ int qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, virSEVCapability **capabilities); =20 +int +qemuMonitorJSONGetCCACapabilities(qemuMonitor *mon, + virCCACapability **capabilities); + int qemuMonitorJSONMigrate(qemuMonitor *mon, unsigned int flags, --=20 2.43.5 From nobody Mon Sep 8 17:07:18 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail header.i=@fujitsu.com; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=reject dis=none) header.from=aa.jp.fujitsu.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1749712532159366.4301643205581; Thu, 12 Jun 2025 00:15:32 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id DA79F137D; Thu, 12 Jun 2025 03:15:29 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id CC22DE7D; Thu, 12 Jun 2025 03:14:51 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 5A4D4E76; Thu, 12 Jun 2025 03:14:48 -0400 (EDT) Received: from esa4.hc1455-7.c3s2.iphmx.com (esa4.hc1455-7.c3s2.iphmx.com [68.232.139.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 32D29E73 for ; Thu, 12 Jun 2025 03:14:44 -0400 (EDT) Received: from unknown (HELO yto-r1.gw.nic.fujitsu.com) ([218.44.52.217]) by esa4.hc1455-7.c3s2.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jun 2025 16:14:41 +0900 Received: from yto-m2.gw.nic.fujitsu.com (yto-nat-yto-m2.gw.nic.fujitsu.com [192.168.83.65]) by yto-r1.gw.nic.fujitsu.com (Postfix) with ESMTP id 43E4CD6863 for ; Thu, 12 Jun 2025 16:14:39 +0900 (JST) Received: from yto-om3.fujitsu.com (yto-om3.o.css.fujitsu.com [10.128.89.164]) by yto-m2.gw.nic.fujitsu.com (Postfix) with ESMTP id 177F2D50E1 for ; Thu, 12 Jun 2025 16:14:39 +0900 (JST) Received: from sm-x86-amd03.ssoft.mng.com (sm-x86-stp01.soft.fujitsu.com [10.124.178.20]) by yto-om3.fujitsu.com (Postfix) with ESMTP id E6793400584EE; Thu, 12 Jun 2025 16:14:38 +0900 (JST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=fujitsu.com; i=@fujitsu.com; q=dns/txt; s=fj2; t=1749712484; x=1781248484; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=R+Q51FVOX3w1JKpv236v7a4CuDWmMVxhUvQjXvNbN5g=; b=r5T5VBiAKPHcbNw74ngRqQOjZ50v76kM5PeQN4Q9Igjzisr9R6QmURLh 7RqhWqECXnxoaS2zmDnWGUjHCn5WgZM7HGT6HuUv+pLcEaHsSUsqmsViw 2T8LPbSCPy16UAH6z+STLIaWHx+cKk1kno+HPzL2zBn0R2JyVkapjMPGW YXqMhboYGFYMXcPZbVsChda6yXztmd2s1cXhdxpm0Je9+ngQfD8cHIrmb smeunl/AkzxibMPjFL9cIBXGbPR3JS6x9xcWQlesWhszWoy5/506jUckU ZzrAsu+NQPuqiTjktwu8MfgU+zyAlhaLAYhlydFIK6IWiUJnKWZXkQEw2 w==; X-CSE-ConnectionGUID: iYyfvcBaTliWzATKBPEJWA== X-CSE-MsgGUID: MqvSZllKRiqz5opmcNK1eg== X-IronPort-AV: E=McAfee;i="6800,10657,11461"; a="202978021" X-IronPort-AV: E=Sophos;i="6.16,230,1744038000"; d="scan'208";a="202978021" From: Kazuhiro Abe To: devel@lists.libvirt.org Subject: [RFC PATCH v4 3/4] src: Add ARM CCA support in domain schema Date: Thu, 12 Jun 2025 16:12:06 +0900 Message-ID: <20250612071418.2926384-4-fj1078ii@aa.jp.fujitsu.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20250612071418.2926384-1-fj1078ii@aa.jp.fujitsu.com> References: <20250612071418.2926384-1-fj1078ii@aa.jp.fujitsu.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: JQYLCALFYJMUPOMNG4YOMLTFFJ5KOF25 X-Message-ID-Hash: JQYLCALFYJMUPOMNG4YOMLTFFJ5KOF25 X-MailFrom: fj1078ii@aa.jp.fujitsu.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: taketani.ryo@fujitsu.com X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1749712536371116600 Content-Type: text/plain; charset="utf-8" From: Akio Kakuno - Add ARM CCA support in domain schema files. Signed-off-by: Kazuhiro Abe --- src/conf/schemas/domaincaps.rng | 36 ++++++++++ src/conf/schemas/domaincommon.rng | 26 +++++++ src/qemu/qemu_capabilities.c | 113 ++++++++++++++++++++++++++++++ src/qemu/qemu_capabilities.h | 3 + 4 files changed, 178 insertions(+) diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.= rng index 595dbcd634..d8f88d20c3 100644 --- a/src/conf/schemas/domaincaps.rng +++ b/src/conf/schemas/domaincaps.rng @@ -363,6 +363,9 @@ + + + @@ -486,6 +489,39 @@ =20 + + + + + + + + + + + + + measurement-algo + + + + sha256 + + + sha512 + + + + + + + + + + + + + diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom= mon.rng index 5597d5a66b..50889297df 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -549,6 +549,9 @@ s390-pv + + + @@ -644,6 +647,29 @@ + + + + cca + + + + + + + + + + + + + + + + + + +