From nobody Fri Oct 18 08:53:06 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1719309027212335.88039292124563;
 Tue, 25 Jun 2024 02:50:27 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 3AFF413FA; Tue, 25 Jun 2024 05:50:26 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id D3E2A13F5;
	Tue, 25 Jun 2024 05:49:17 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id DFA1513C6; Tue, 25 Jun 2024 05:49:12 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id F05DC13C6
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 05:49:03 -0400 (EDT)
Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-472-ZNGRIY0bPeC9eQE4YywOVg-1; Tue,
 25 Jun 2024 05:49:02 -0400
Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 5358419560B5
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:49:01 +0000 (UTC)
Received: from maggie.brq.redhat.com (unknown [10.43.3.102])
	by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 539E83000229
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:49:00 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,SPF_HELO_NONE
	autolearn=no autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1719308943;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=lwYQ2mU+s60Nntx3VTMfVA3AYnKFr0efJ7C9Vup5rm8=;
	b=LwnpGwCIJJFunwrTy9+tfsEMh5hfPmhCWMwdYrBfd5Mxvvat7BDgU9+nSImwVDaPsiOkj7
	gRkohOM2/7mK58xCTPxSrF+VY+EeYkfKkOA5f/7y6PLAc6Iw+a66UpW6yvH+pJVfcboMVN
	Z6zSIjaTMO66UyzJkNc3WbkTnx8QDNw=
X-MC-Unique: ZNGRIY0bPeC9eQE4YywOVg-1
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 4/8] domcaps: Report launchSecurity
Date: Tue, 25 Jun 2024 11:48:49 +0200
Message-ID: 
 <842c437dc8ef27050e1a391b0bd750acfd66e2ee.1719308850.git.mprivozn@redhat.com>
In-Reply-To: <cover.1719308849.git.mprivozn@redhat.com>
References: <cover.1719308849.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: B3PGZKECZDGKNGJZOELJAVO5ITISSVLO
X-Message-ID-Hash: B3PGZKECZDGKNGJZOELJAVO5ITISSVLO
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/B3PGZKECZDGKNGJZOELJAVO5ITISSVLO/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1719309028237100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

In order to learn what types of <launchSecurity/> are supported
users can turn to domain capabilities and find <sev/> and
<s390-pv/> elements. While these may expose some additional info
on individual launchSecurity types, we are lacking clean
enumeration (like we do for say device models). And given that
SEV and SEV SNP share the same basis (info found under <sev/> is
applicable to SEV SNP too) we have no other way to report SEV SNP
support.

Therefore, report supported launchSecurity types in domain
capabilities.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 docs/formatdomaincaps.rst       | 10 ++++++++++
 src/conf/domain_capabilities.c  | 14 ++++++++++++++
 src/conf/domain_capabilities.h  |  9 +++++++++
 src/conf/schemas/domaincaps.rng | 10 ++++++++++
 4 files changed, 43 insertions(+)

diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst
index 609a767189..a2ad0acc3d 100644
--- a/docs/formatdomaincaps.rst
+++ b/docs/formatdomaincaps.rst
@@ -798,3 +798,13 @@ are supported. The ``features`` enum corresponds to th=
e ``<hyperv/>`` element
 Please note that depending on the QEMU version some capabilities might be
 missing even though QEMU does support them. This is because prior to QEMU-=
6.1.0
 not all features were reported by QEMU.
+
+Launch security
+^^^^^^^^^^^^^^^
+
+The ``launchSecurity`` element exposes supported aspects of encrypted gues=
ts.
+The ``sectype`` enum corresponds to ``type`` attribute of ``<launchSecurit=
y/>``
+element as documented in `Launch Security
+<formatdomain.html#launch-security>`__.  :since:`(Since 10.5.0)` For addit=
ional
+information on individual types, see sections above: `s390-pv capability`_=
 for
+S390 PV, `SEV capabilities`_ for AMD SEV and/or AMD SEV-SNP.
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 68eb3c9797..3f2d231d1c 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -707,6 +707,19 @@ virDomainCapsFeatureHypervFormat(virBuffer *buf,
     FORMAT_EPILOGUE(hyperv);
 }
=20
+
+static void
+virDomainCapsLaunchSecurityFormat(virBuffer *buf,
+                                  const virDomainCapsLaunchSecurity *launc=
hSecurity)
+{
+    FORMAT_PROLOGUE(launchSecurity);
+
+    ENUM_PROCESS(launchSecurity, sectype, virDomainLaunchSecurityTypeToStr=
ing);
+
+    FORMAT_EPILOGUE(launchSecurity);
+}
+
+
 static void
 virDomainCapsFormatFeatures(const virDomainCaps *caps,
                             virBuffer *buf)
@@ -728,6 +741,7 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps,
     virDomainCapsFeatureSEVFormat(&childBuf, caps->sev);
     virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx);
     virDomainCapsFeatureHypervFormat(&childBuf, caps->hyperv);
+    virDomainCapsLaunchSecurityFormat(&childBuf, &caps->launchSecurity);
=20
     virXMLFormatElement(buf, "features", NULL, &childBuf);
 }
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index fadc30cdd7..986f3cb394 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -165,6 +165,14 @@ struct _virDomainCapsFeatureHyperv {
     virDomainCapsEnum features; /* Info about supported virDomainHyperv fe=
atures */
 };
=20
+STATIC_ASSERT_ENUM(VIR_DOMAIN_LAUNCH_SECURITY_LAST);
+typedef struct _virDomainCapsLaunchSecurity virDomainCapsLaunchSecurity;
+struct _virDomainCapsLaunchSecurity {
+    virTristateBool supported;
+    virDomainCapsEnum sectype; /* Info about supported virDomainLaunchSecu=
rity */
+};
+
+
 typedef enum {
     VIR_DOMCAPS_CPU_USABLE_UNKNOWN,
     VIR_DOMCAPS_CPU_USABLE_YES,
@@ -284,6 +292,7 @@ struct _virDomainCaps {
     virSEVCapability *sev;
     virSGXCapability *sgx;
     virDomainCapsFeatureHyperv *hyperv;
+    virDomainCapsLaunchSecurity launchSecurity;
     /* add new domain features here */
=20
     virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST];
diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.=
rng
index e7aa4a1066..b8115fe028 100644
--- a/src/conf/schemas/domaincaps.rng
+++ b/src/conf/schemas/domaincaps.rng
@@ -285,6 +285,13 @@
     </element>
   </define>
=20
+  <define name=3D"launchSecurity">
+    <element name=3D"launchSecurity">
+      <ref name=3D"supported"/>
+      <ref name=3D"enum"/>
+    </element>
+  </define>
+
   <define name=3D"features">
     <element name=3D"features">
       <optional>
@@ -317,6 +324,9 @@
       <optional>
         <ref name=3D"hyperv"/>
       </optional>
+      <optional>
+        <ref name=3D'launchSecurity'/>
+      </optional>
     </element>
   </define>
=20
--=20
2.44.2