From nobody Fri Oct 18 06:20:11 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1719308994364298.44708853361635;
 Tue, 25 Jun 2024 02:49:54 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 443EB13EA; Tue, 25 Jun 2024 05:49:53 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 7E53513DF;
	Tue, 25 Jun 2024 05:49:04 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 872C71370; Tue, 25 Jun 2024 05:49:00 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 2BEA0136D
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 05:49:00 -0400 (EDT)
Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-443-14rHDRi0PYWaNCm9UhyvwA-1; Tue,
 25 Jun 2024 05:48:58 -0400
Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id BB7D219560AB
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:48:57 +0000 (UTC)
Received: from maggie.brq.redhat.com (unknown [10.43.3.102])
	by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id D22F1300021A
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:48:56 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,SPF_HELO_NONE
	autolearn=no autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1719308939;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=xJOzbXJRohUUzBFjXGPE8zr7wleqojGfiUyCQ7yNn1k=;
	b=BE8k79/glcOr9iNO4/P0VGchMtLu3ssfmIOpkf2Dd2zmgyuKFJWCPz05IlSFL8x2sBU1pm
	0GxcOl3wJSfF0T8l/mIYdLIKjsaCTw6tLzrIYb8D2+3ZWdR+ZzIkPB+NJePxw7/RSzpI/E
	dmDu3Ul8W40L5xExs07WsUQ/4An6XUI=
X-MC-Unique: 14rHDRi0PYWaNCm9UhyvwA-1
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 1/8] libvirt_private.syms: Export virDomainLaunchSecurity enum
 handlers
Date: Tue, 25 Jun 2024 11:48:46 +0200
Message-ID: 
 <ed790455be35a108a400d4e4d8ea246e1a382952.1719308850.git.mprivozn@redhat.com>
In-Reply-To: <cover.1719308849.git.mprivozn@redhat.com>
References: <cover.1719308849.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: TSHHTFBCVJTO7P5WU43MPZC2QDNNNETE
X-Message-ID-Hash: TSHHTFBCVJTO7P5WU43MPZC2QDNNNETE
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/TSHHTFBCVJTO7P5WU43MPZC2QDNNNETE/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1719308996120100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/libvirt_private.syms | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index bac4a8a366..f7a0a8bc36 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -497,6 +497,8 @@ virDomainIOThreadIDDel;
 virDomainIOThreadIDFind;
 virDomainKeyWrapCipherNameTypeFromString;
 virDomainKeyWrapCipherNameTypeToString;
+virDomainLaunchSecurityTypeFromString;
+virDomainLaunchSecurityTypeToString;
 virDomainLeaseDefFree;
 virDomainLeaseIndex;
 virDomainLeaseInsert;
--=20
2.44.2
From nobody Fri Oct 18 06:20:11 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 171930906740089.5829577921644;
 Tue, 25 Jun 2024 02:51:07 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 5C7349A3; Tue, 25 Jun 2024 05:51:06 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id C2069141C;
	Tue, 25 Jun 2024 05:49:30 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 998761382; Tue, 25 Jun 2024 05:49:24 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 952A7140C
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 05:49:07 -0400 (EDT)
Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-499-2XkWtIyDNN-8ZUQHLEAyHA-1; Tue,
 25 Jun 2024 05:48:59 -0400
Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id E8540195608E
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:48:58 +0000 (UTC)
Received: from maggie.brq.redhat.com (unknown [10.43.3.102])
	by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 081193000221
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:48:57 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,SPF_HELO_NONE
	autolearn=no autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1719308947;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=g4kteTgohbCEBJwmHnYQN3p0A1DON+Dq6k+q0mbODwc=;
	b=FBqZTNVkXvaeCkW5lM6YZE3JTNZDmqOM+07hfrtBx4VZEuY9zqYKekB2PhWXwFGCsvHCfe
	MH8YoGxt0FUUeplFqlJ9f2JOFZOwz6bUn2/MDoMTCRt/PnKYOV0x8u4eJkWkfkjcR30tc8
	4u28+W6fZbb/6f3+ja7ESgJlQrsD0Q4=
X-MC-Unique: 2XkWtIyDNN-8ZUQHLEAyHA-1
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 2/8] qemuxmlconftest;
 Explicitly enable QEMU_CAPS_SEV_SNP_GUEST for "launch-security-sev-snp"
Date: Tue, 25 Jun 2024 11:48:47 +0200
Message-ID: 
 <cdd3e3552c0c4ff171d3180b6ec0b81e13213701.1719308850.git.mprivozn@redhat.com>
In-Reply-To: <cover.1719308849.git.mprivozn@redhat.com>
References: <cover.1719308849.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: NICEAB543YYF2VB4SXDRCKA7CYISZCCK
X-Message-ID-Hash: NICEAB543YYF2VB4SXDRCKA7CYISZCCK
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/NICEAB543YYF2VB4SXDRCKA7CYISZCCK/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1719309068405100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

Soon, QEMU_CAPS_SEV_SNP_GUEST is going to be dependant on more
than plain presence of "sev-snp-guest" object in QEMU. Explicitly
enable the capability for "launch-security-sev-snp" test so that
we can continue testing cmd line and xml2xml.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
 tests/qemuxmlconftest.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index d27dc9fe94..8e0d47c6fd 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -2849,7 +2849,11 @@ mymain(void)
                                   QEMU_CAPS_SEV_GUEST,
                                   QEMU_CAPS_LAST);
=20
-    DO_TEST_CAPS_ARCH_LATEST("launch-security-sev-snp", "x86_64");
+    DO_TEST_CAPS_ARCH_LATEST_FULL("launch-security-sev-snp",
+                                  "x86_64",
+                                  ARG_QEMU_CAPS,
+                                  QEMU_CAPS_SEV_SNP_GUEST,
+                                  QEMU_CAPS_LAST);
=20
     DO_TEST_CAPS_ARCH_LATEST("launch-security-s390-pv", "s390x");
=20
--=20
2.44.2
From nobody Fri Oct 18 06:20:11 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1719309220240770.3123895208698;
 Tue, 25 Jun 2024 02:53:40 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 3D2E9BA2; Tue, 25 Jun 2024 05:53:39 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id ECEAD1448;
	Tue, 25 Jun 2024 05:49:38 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 4C64713C8; Tue, 25 Jun 2024 05:49:26 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 04EA713F8
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 05:49:08 -0400 (EDT)
Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-553-bDopsmaVOXigPsF3kGTMqQ-1; Tue,
 25 Jun 2024 05:49:01 -0400
Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id E89C019560B2
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:48:59 +0000 (UTC)
Received: from maggie.brq.redhat.com (unknown [10.43.3.102])
	by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 32B22300021A
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:48:58 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,SPF_HELO_NONE
	autolearn=no autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1719308948;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=FfEIkBtZDUQVNR7EkFQ6mXiw4K7Kcs2XLQtJ3IicUEM=;
	b=cQxOIj0jkcMbUR1ojm2ig6yyY1n215YQFSykTchhWRgvTHzR8PvpeKS23RZmhJnN0EL97o
	H2/N48eJ7CFNcGbCYdJU1EfwCLAR1MmvWcu4BhRKyhSrWnfOh1RZs/9/plCBZB+lj5aPYm
	Q5tTWHA2GE1jreypfoMHd+RnDQ38yQ4=
X-MC-Unique: bDopsmaVOXigPsF3kGTMqQ-1
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 3/8] qemu_capabilities: Probe SEV capabilities even for
 QEMU_CAPS_SEV_SNP_GUEST
Date: Tue, 25 Jun 2024 11:48:48 +0200
Message-ID: 
 <af71d698aa7fddd3d04eff921c80de86c05dc1d8.1719308850.git.mprivozn@redhat.com>
In-Reply-To: <cover.1719308849.git.mprivozn@redhat.com>
References: <cover.1719308849.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: P4F7ZLL5W3RST7MIS4CWIVKMOQNXU7YP
X-Message-ID-Hash: P4F7ZLL5W3RST7MIS4CWIVKMOQNXU7YP
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/P4F7ZLL5W3RST7MIS4CWIVKMOQNXU7YP/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1719309221084100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

While it's very unlikely to have QEMU that supports SEV-SNP but
doesn't support plain SEV, for completeness sake we ought to
query SEV capabilities if QEMU supports either. And similarly to
QEMU_CAPS_SEV_GUEST we need to clear the capability if talking to
QEMU proves SEV is not really supported.

This in turn removes the 'sev-snp'guest' capability from on of
our test cases as Peter's machine he uses to refresh capabilities
is not SEV capable. But that's okay. It's consistent with
'sev-guest' capability.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/qemu/qemu_capabilities.c                     | 4 +++-
 tests/qemucapabilitiesdata/caps_9.1.0_x86_64.xml | 1 -
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index fe704d16dd..adaf5f9c26 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -3465,7 +3465,8 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemuC=
aps,
     int rc =3D -1;
     virSEVCapability *caps =3D NULL;
=20
-    if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST))
+    if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) &&
+        !virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_SNP_GUEST))
         return 0;
=20
     if ((rc =3D qemuMonitorGetSEVCapabilities(mon, &caps)) < 0)
@@ -3474,6 +3475,7 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemuC=
aps,
     /* SEV isn't actually supported */
     if (rc =3D=3D 0) {
         virQEMUCapsClear(qemuCaps, QEMU_CAPS_SEV_GUEST);
+        virQEMUCapsClear(qemuCaps, QEMU_CAPS_SEV_SNP_GUEST);
         return 0;
     }
=20
diff --git a/tests/qemucapabilitiesdata/caps_9.1.0_x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_9.1.0_x86_64.xml
index a9973a0913..e0332ce1e8 100644
--- a/tests/qemucapabilitiesdata/caps_9.1.0_x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_9.1.0_x86_64.xml
@@ -203,7 +203,6 @@
   <flag name=3D'display-reload'/>
   <flag name=3D'usb-mtp'/>
   <flag name=3D'virtio-sound'/>
-  <flag name=3D'sev-snp-guest'/>
   <version>9000050</version>
   <microcodeVersion>43100246</microcodeVersion>
   <package>v9.0.0-1388-g80e8f06021-dirty</package>
--=20
2.44.2
From nobody Fri Oct 18 06:20:11 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1719309027212335.88039292124563;
 Tue, 25 Jun 2024 02:50:27 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 3AFF413FA; Tue, 25 Jun 2024 05:50:26 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id D3E2A13F5;
	Tue, 25 Jun 2024 05:49:17 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id DFA1513C6; Tue, 25 Jun 2024 05:49:12 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id F05DC13C6
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 05:49:03 -0400 (EDT)
Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-472-ZNGRIY0bPeC9eQE4YywOVg-1; Tue,
 25 Jun 2024 05:49:02 -0400
Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 5358419560B5
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:49:01 +0000 (UTC)
Received: from maggie.brq.redhat.com (unknown [10.43.3.102])
	by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 539E83000229
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:49:00 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,SPF_HELO_NONE
	autolearn=no autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1719308943;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=lwYQ2mU+s60Nntx3VTMfVA3AYnKFr0efJ7C9Vup5rm8=;
	b=LwnpGwCIJJFunwrTy9+tfsEMh5hfPmhCWMwdYrBfd5Mxvvat7BDgU9+nSImwVDaPsiOkj7
	gRkohOM2/7mK58xCTPxSrF+VY+EeYkfKkOA5f/7y6PLAc6Iw+a66UpW6yvH+pJVfcboMVN
	Z6zSIjaTMO66UyzJkNc3WbkTnx8QDNw=
X-MC-Unique: ZNGRIY0bPeC9eQE4YywOVg-1
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 4/8] domcaps: Report launchSecurity
Date: Tue, 25 Jun 2024 11:48:49 +0200
Message-ID: 
 <842c437dc8ef27050e1a391b0bd750acfd66e2ee.1719308850.git.mprivozn@redhat.com>
In-Reply-To: <cover.1719308849.git.mprivozn@redhat.com>
References: <cover.1719308849.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: B3PGZKECZDGKNGJZOELJAVO5ITISSVLO
X-Message-ID-Hash: B3PGZKECZDGKNGJZOELJAVO5ITISSVLO
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/B3PGZKECZDGKNGJZOELJAVO5ITISSVLO/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1719309028237100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

In order to learn what types of <launchSecurity/> are supported
users can turn to domain capabilities and find <sev/> and
<s390-pv/> elements. While these may expose some additional info
on individual launchSecurity types, we are lacking clean
enumeration (like we do for say device models). And given that
SEV and SEV SNP share the same basis (info found under <sev/> is
applicable to SEV SNP too) we have no other way to report SEV SNP
support.

Therefore, report supported launchSecurity types in domain
capabilities.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
 docs/formatdomaincaps.rst       | 10 ++++++++++
 src/conf/domain_capabilities.c  | 14 ++++++++++++++
 src/conf/domain_capabilities.h  |  9 +++++++++
 src/conf/schemas/domaincaps.rng | 10 ++++++++++
 4 files changed, 43 insertions(+)

diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst
index 609a767189..a2ad0acc3d 100644
--- a/docs/formatdomaincaps.rst
+++ b/docs/formatdomaincaps.rst
@@ -798,3 +798,13 @@ are supported. The ``features`` enum corresponds to th=
e ``<hyperv/>`` element
 Please note that depending on the QEMU version some capabilities might be
 missing even though QEMU does support them. This is because prior to QEMU-=
6.1.0
 not all features were reported by QEMU.
+
+Launch security
+^^^^^^^^^^^^^^^
+
+The ``launchSecurity`` element exposes supported aspects of encrypted gues=
ts.
+The ``sectype`` enum corresponds to ``type`` attribute of ``<launchSecurit=
y/>``
+element as documented in `Launch Security
+<formatdomain.html#launch-security>`__.  :since:`(Since 10.5.0)` For addit=
ional
+information on individual types, see sections above: `s390-pv capability`_=
 for
+S390 PV, `SEV capabilities`_ for AMD SEV and/or AMD SEV-SNP.
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 68eb3c9797..3f2d231d1c 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -707,6 +707,19 @@ virDomainCapsFeatureHypervFormat(virBuffer *buf,
     FORMAT_EPILOGUE(hyperv);
 }
=20
+
+static void
+virDomainCapsLaunchSecurityFormat(virBuffer *buf,
+                                  const virDomainCapsLaunchSecurity *launc=
hSecurity)
+{
+    FORMAT_PROLOGUE(launchSecurity);
+
+    ENUM_PROCESS(launchSecurity, sectype, virDomainLaunchSecurityTypeToStr=
ing);
+
+    FORMAT_EPILOGUE(launchSecurity);
+}
+
+
 static void
 virDomainCapsFormatFeatures(const virDomainCaps *caps,
                             virBuffer *buf)
@@ -728,6 +741,7 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps,
     virDomainCapsFeatureSEVFormat(&childBuf, caps->sev);
     virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx);
     virDomainCapsFeatureHypervFormat(&childBuf, caps->hyperv);
+    virDomainCapsLaunchSecurityFormat(&childBuf, &caps->launchSecurity);
=20
     virXMLFormatElement(buf, "features", NULL, &childBuf);
 }
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index fadc30cdd7..986f3cb394 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -165,6 +165,14 @@ struct _virDomainCapsFeatureHyperv {
     virDomainCapsEnum features; /* Info about supported virDomainHyperv fe=
atures */
 };
=20
+STATIC_ASSERT_ENUM(VIR_DOMAIN_LAUNCH_SECURITY_LAST);
+typedef struct _virDomainCapsLaunchSecurity virDomainCapsLaunchSecurity;
+struct _virDomainCapsLaunchSecurity {
+    virTristateBool supported;
+    virDomainCapsEnum sectype; /* Info about supported virDomainLaunchSecu=
rity */
+};
+
+
 typedef enum {
     VIR_DOMCAPS_CPU_USABLE_UNKNOWN,
     VIR_DOMCAPS_CPU_USABLE_YES,
@@ -284,6 +292,7 @@ struct _virDomainCaps {
     virSEVCapability *sev;
     virSGXCapability *sgx;
     virDomainCapsFeatureHyperv *hyperv;
+    virDomainCapsLaunchSecurity launchSecurity;
     /* add new domain features here */
=20
     virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST];
diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.=
rng
index e7aa4a1066..b8115fe028 100644
--- a/src/conf/schemas/domaincaps.rng
+++ b/src/conf/schemas/domaincaps.rng
@@ -285,6 +285,13 @@
     </element>
   </define>
=20
+  <define name=3D"launchSecurity">
+    <element name=3D"launchSecurity">
+      <ref name=3D"supported"/>
+      <ref name=3D"enum"/>
+    </element>
+  </define>
+
   <define name=3D"features">
     <element name=3D"features">
       <optional>
@@ -317,6 +324,9 @@
       <optional>
         <ref name=3D"hyperv"/>
       </optional>
+      <optional>
+        <ref name=3D'launchSecurity'/>
+      </optional>
     </element>
   </define>
=20
--=20
2.44.2
From nobody Fri Oct 18 06:20:11 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1719309164518302.28801554869733;
 Tue, 25 Jun 2024 02:52:44 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 39A941404; Tue, 25 Jun 2024 05:52:43 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id B684E99D;
	Tue, 25 Jun 2024 05:49:33 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id B38D71401; Tue, 25 Jun 2024 05:49:24 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 1B0471401
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 05:49:06 -0400 (EDT)
Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-6-yVWiD6NoOo2pl9lB5R20Dw-1; Tue,
 25 Jun 2024 05:49:03 -0400
Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id B16BE195608F
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:49:02 +0000 (UTC)
Received: from maggie.brq.redhat.com (unknown [10.43.3.102])
	by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 76851300021A
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:49:01 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,SPF_HELO_NONE
	autolearn=no autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1719308945;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=9xALK4QooRmxXl0lgKiwIsfL6X3uaJ3wlzlvtdH+rU0=;
	b=hlMSmhg11jkZQb2bPg6YveA5SGPXSFHQgLOcVlSqKBchmuOrlCQuKRinSkO6Xo0KahBzeK
	YMdSqSmgxWfTABV8T6F7+Ii0VjsMkECAY4F5QMSExp5ALdypaD4oBuaEnR3tFruiNekm9t
	2osoF+MJuBjClwkU/8yMormnUuNxXag=
X-MC-Unique: yVWiD6NoOo2pl9lB5R20Dw-1
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 5/8] qemu: Fill launchSecurity in domaincaps
Date: Tue, 25 Jun 2024 11:48:50 +0200
Message-ID: 
 <d05a0f191eca44aa0ee141a61e9e0c47054ed534.1719308850.git.mprivozn@redhat.com>
In-Reply-To: <cover.1719308849.git.mprivozn@redhat.com>
References: <cover.1719308849.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: KEYTHWZVFWOUF4XJQ36MISSM6POGVHIM
X-Message-ID-Hash: KEYTHWZVFWOUF4XJQ36MISSM6POGVHIM
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/KEYTHWZVFWOUF4XJQ36MISSM6POGVHIM/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1719309164913100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

The inspiration for these rules comes from
qemuValidateDomainDef().

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/qemu/qemu_capabilities.c                  | 20 +++++++++++++++++++
 src/qemu/qemu_capabilities.h                  |  3 +++
 .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml  |  3 +++
 .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml  |  3 +++
 .../qemu_4.2.0-virt.aarch64.xml               |  3 +++
 tests/domaincapsdata/qemu_4.2.0.aarch64.xml   |  3 +++
 tests/domaincapsdata/qemu_4.2.0.ppc64.xml     |  3 +++
 tests/domaincapsdata/qemu_4.2.0.s390x.xml     |  3 +++
 tests/domaincapsdata/qemu_4.2.0.x86_64.xml    |  3 +++
 .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml  |  3 +++
 .../qemu_5.0.0-tcg-virt.riscv64.xml           |  3 +++
 .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml  |  3 +++
 .../qemu_5.0.0-virt.aarch64.xml               |  3 +++
 .../qemu_5.0.0-virt.riscv64.xml               |  3 +++
 tests/domaincapsdata/qemu_5.0.0.aarch64.xml   |  3 +++
 tests/domaincapsdata/qemu_5.0.0.ppc64.xml     |  3 +++
 tests/domaincapsdata/qemu_5.0.0.x86_64.xml    |  3 +++
 .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml  |  3 +++
 .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml  |  3 +++
 tests/domaincapsdata/qemu_5.1.0.sparc.xml     |  3 +++
 tests/domaincapsdata/qemu_5.1.0.x86_64.xml    |  3 +++
 .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml  |  3 +++
 .../qemu_5.2.0-tcg-virt.riscv64.xml           |  3 +++
 .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml  |  3 +++
 .../qemu_5.2.0-virt.aarch64.xml               |  3 +++
 .../qemu_5.2.0-virt.riscv64.xml               |  3 +++
 tests/domaincapsdata/qemu_5.2.0.aarch64.xml   |  3 +++
 tests/domaincapsdata/qemu_5.2.0.ppc64.xml     |  3 +++
 tests/domaincapsdata/qemu_5.2.0.s390x.xml     |  3 +++
 tests/domaincapsdata/qemu_5.2.0.x86_64.xml    |  3 +++
 .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml  |  5 +++++
 .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  |  5 +++++
 .../qemu_6.0.0-virt.aarch64.xml               |  3 +++
 tests/domaincapsdata/qemu_6.0.0.aarch64.xml   |  3 +++
 tests/domaincapsdata/qemu_6.0.0.s390x.xml     |  5 +++++
 tests/domaincapsdata/qemu_6.0.0.x86_64.xml    |  5 +++++
 .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml  |  3 +++
 .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml  |  3 +++
 tests/domaincapsdata/qemu_6.1.0.x86_64.xml    |  3 +++
 .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml  |  3 +++
 .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml  |  3 +++
 .../qemu_6.2.0-virt.aarch64.xml               |  3 +++
 tests/domaincapsdata/qemu_6.2.0.aarch64.xml   |  3 +++
 tests/domaincapsdata/qemu_6.2.0.ppc64.xml     |  3 +++
 tests/domaincapsdata/qemu_6.2.0.x86_64.xml    |  3 +++
 .../qemu_7.0.0-hvf.aarch64+hvf.xml            |  3 +++
 .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml  |  3 +++
 .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml  |  3 +++
 .../qemu_7.0.0-virt.aarch64.xml               |  3 +++
 tests/domaincapsdata/qemu_7.0.0.aarch64.xml   |  3 +++
 tests/domaincapsdata/qemu_7.0.0.ppc64.xml     |  3 +++
 tests/domaincapsdata/qemu_7.0.0.x86_64.xml    |  3 +++
 .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml  |  3 +++
 .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml  |  3 +++
 tests/domaincapsdata/qemu_7.1.0.ppc64.xml     |  3 +++
 tests/domaincapsdata/qemu_7.1.0.x86_64.xml    |  3 +++
 .../qemu_7.2.0-hvf.x86_64+hvf.xml             |  3 +++
 .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml  |  3 +++
 .../qemu_7.2.0-tcg.x86_64+hvf.xml             |  3 +++
 .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml  |  3 +++
 tests/domaincapsdata/qemu_7.2.0.ppc.xml       |  3 +++
 tests/domaincapsdata/qemu_7.2.0.x86_64.xml    |  3 +++
 .../domaincapsdata/qemu_8.0.0-q35.x86_64.xml  |  3 +++
 .../qemu_8.0.0-tcg-virt.riscv64.xml           |  3 +++
 .../domaincapsdata/qemu_8.0.0-tcg.x86_64.xml  |  3 +++
 .../qemu_8.0.0-virt.riscv64.xml               |  3 +++
 tests/domaincapsdata/qemu_8.0.0.x86_64.xml    |  3 +++
 .../domaincapsdata/qemu_8.1.0-q35.x86_64.xml  |  3 +++
 .../domaincapsdata/qemu_8.1.0-tcg.x86_64.xml  |  3 +++
 tests/domaincapsdata/qemu_8.1.0.s390x.xml     |  5 +++++
 tests/domaincapsdata/qemu_8.1.0.x86_64.xml    |  3 +++
 .../domaincapsdata/qemu_8.2.0-q35.x86_64.xml  |  3 +++
 .../qemu_8.2.0-tcg-virt.loongarch64.xml       |  3 +++
 .../domaincapsdata/qemu_8.2.0-tcg.x86_64.xml  |  3 +++
 .../qemu_8.2.0-virt.aarch64.xml               |  3 +++
 .../qemu_8.2.0-virt.loongarch64.xml           |  3 +++
 tests/domaincapsdata/qemu_8.2.0.aarch64.xml   |  3 +++
 tests/domaincapsdata/qemu_8.2.0.armv7l.xml    |  3 +++
 tests/domaincapsdata/qemu_8.2.0.s390x.xml     |  5 +++++
 tests/domaincapsdata/qemu_8.2.0.x86_64.xml    |  3 +++
 .../domaincapsdata/qemu_9.0.0-q35.x86_64.xml  |  3 +++
 .../domaincapsdata/qemu_9.0.0-tcg.x86_64.xml  |  3 +++
 tests/domaincapsdata/qemu_9.0.0.x86_64.xml    |  3 +++
 .../domaincapsdata/qemu_9.1.0-q35.x86_64.xml  |  3 +++
 .../domaincapsdata/qemu_9.1.0-tcg.x86_64.xml  |  3 +++
 tests/domaincapsdata/qemu_9.1.0.x86_64.xml    |  3 +++
 86 files changed, 287 insertions(+)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index adaf5f9c26..4f9895ba9c 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -6514,6 +6514,24 @@ virQEMUCapsFillDomainDeviceCryptoCaps(virQEMUCaps *q=
emuCaps,
 }
=20
=20
+void
+virQEMUCapsFillDomainLaunchSecurity(virQEMUCaps *qemuCaps,
+                                    virDomainCapsLaunchSecurity *launchSec=
urity)
+{
+    launchSecurity->supported =3D VIR_TRISTATE_BOOL_YES;
+    launchSecurity->sectype.report =3D true;
+
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST))
+        VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype, VIR_DOMAIN_LAUNC=
H_SECURITY_SEV);
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_SNP_GUEST))
+        VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype, VIR_DOMAIN_LAUNC=
H_SECURITY_SEV_SNP);
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST) &&
+        virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPO=
RT))
+        VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype, VIR_DOMAIN_LAUNC=
H_SECURITY_PV);
+}
+
+
+
 /**
  * virQEMUCapsSupportsGICVersion:
  * @qemuCaps: QEMU capabilities
@@ -6678,6 +6696,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps,
     virDomainCapsDeviceChannel *channel =3D &domCaps->channel;
     virDomainCapsMemoryBacking *memoryBacking =3D &domCaps->memoryBacking;
     virDomainCapsDeviceCrypto *crypto =3D &domCaps->crypto;
+    virDomainCapsLaunchSecurity *launchSecurity =3D &domCaps->launchSecuri=
ty;
=20
     virQEMUCapsFillDomainFeaturesFromQEMUCaps(qemuCaps, domCaps);
=20
@@ -6717,6 +6736,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps,
     virQEMUCapsFillDomainFeatureSGXCaps(qemuCaps, domCaps);
     virQEMUCapsFillDomainFeatureHypervCaps(qemuCaps, domCaps);
     virQEMUCapsFillDomainDeviceCryptoCaps(qemuCaps, crypto);
+    virQEMUCapsFillDomainLaunchSecurity(qemuCaps, launchSecurity);
=20
     return 0;
 }
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index a98da8c2eb..ef71e8511e 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -867,6 +867,9 @@ void virQEMUCapsFillDomainDeviceChannelCaps(virQEMUCaps=
 *qemuCaps,
 void virQEMUCapsFillDomainDeviceCryptoCaps(virQEMUCaps *qemuCaps,
                                            virDomainCapsDeviceCrypto *cryp=
to);
=20
+void virQEMUCapsFillDomainLaunchSecurity(virQEMUCaps *qemuCaps,
+                                         virDomainCapsLaunchSecurity *laun=
chSecurity);
+
 bool virQEMUCapsGuestIsNative(virArch host,
                               virArch guest);
=20
diff --git a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_4.2.0-q35.x86_64.xml
index c42a20763f..f9aacbfbf9 100644
--- a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml
@@ -319,5 +319,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_4.2.0-tcg.x86_64.xml
index 5766bcc428..9a3f15f56b 100644
--- a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml
@@ -264,5 +264,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml b/tests/domai=
ncapsdata/qemu_4.2.0-virt.aarch64.xml
index ab68d3547b..c5337f602f 100644
--- a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml
@@ -196,5 +196,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml b/tests/domaincaps=
data/qemu_4.2.0.aarch64.xml
index ab68d3547b..c5337f602f 100644
--- a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml
@@ -196,5 +196,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml b/tests/domaincapsda=
ta/qemu_4.2.0.ppc64.xml
index 66a9ba87e9..735d563e1b 100644
--- a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml
@@ -164,5 +164,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0.s390x.xml b/tests/domaincapsda=
ta/qemu_4.2.0.s390x.xml
index c0567ffdde..e275d71d5d 100644
--- a/tests/domaincapsdata/qemu_4.2.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.s390x.xml
@@ -270,5 +270,8 @@
     <s390-pv supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_4.2.0.x86_64.xml
index 27199ff0c5..68caf22e4a 100644
--- a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml
@@ -319,5 +319,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_5.0.0-q35.x86_64.xml
index a4db647efc..18ed6c5929 100644
--- a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml
@@ -321,5 +321,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml b/tests/d=
omaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml
index 1c7d7c97df..e2a4ac3c66 100644
--- a/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml
@@ -149,5 +149,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_5.0.0-tcg.x86_64.xml
index d2b82e5581..520cf1fa30 100644
--- a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml
@@ -266,5 +266,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml b/tests/domai=
ncapsdata/qemu_5.0.0-virt.aarch64.xml
index d3cd333c07..6899e58ff2 100644
--- a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml
@@ -209,5 +209,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml b/tests/domai=
ncapsdata/qemu_5.0.0-virt.riscv64.xml
index 3272241b8f..3780a0c765 100644
--- a/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml
@@ -152,5 +152,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml b/tests/domaincaps=
data/qemu_5.0.0.aarch64.xml
index d3cd333c07..6899e58ff2 100644
--- a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml
@@ -209,5 +209,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml b/tests/domaincapsda=
ta/qemu_5.0.0.ppc64.xml
index 5f29f5c4ae..9e640a7e63 100644
--- a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml
@@ -171,5 +171,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_5.0.0.x86_64.xml
index 56b94b1ea0..c939476333 100644
--- a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml
@@ -321,5 +321,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_5.1.0-q35.x86_64.xml
index 2a8a784813..31b312e26e 100644
--- a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml
@@ -253,5 +253,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_5.1.0-tcg.x86_64.xml
index 2743f91431..9c442ff803 100644
--- a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml
@@ -266,5 +266,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.1.0.sparc.xml b/tests/domaincapsda=
ta/qemu_5.1.0.sparc.xml
index 7baee953ce..3752115e46 100644
--- a/tests/domaincapsdata/qemu_5.1.0.sparc.xml
+++ b/tests/domaincapsdata/qemu_5.1.0.sparc.xml
@@ -135,5 +135,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_5.1.0.x86_64.xml
index 735cd42466..b634db1fd6 100644
--- a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml
@@ -253,5 +253,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_5.2.0-q35.x86_64.xml
index 968cfe68e8..ed4112461f 100644
--- a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml
@@ -253,5 +253,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml b/tests/d=
omaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml
index 1c7d7c97df..e2a4ac3c66 100644
--- a/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml
@@ -149,5 +149,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_5.2.0-tcg.x86_64.xml
index 7e5f3c8c2b..bc28ada928 100644
--- a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml
@@ -266,5 +266,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml b/tests/domai=
ncapsdata/qemu_5.2.0-virt.aarch64.xml
index f32634548b..3ad9cf7a39 100644
--- a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml
@@ -209,5 +209,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml b/tests/domai=
ncapsdata/qemu_5.2.0-virt.riscv64.xml
index 3272241b8f..3780a0c765 100644
--- a/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml
@@ -152,5 +152,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml b/tests/domaincaps=
data/qemu_5.2.0.aarch64.xml
index f32634548b..3ad9cf7a39 100644
--- a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml
@@ -209,5 +209,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml b/tests/domaincapsda=
ta/qemu_5.2.0.ppc64.xml
index 96fd13e06e..791bf6e60e 100644
--- a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml
@@ -171,5 +171,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0.s390x.xml b/tests/domaincapsda=
ta/qemu_5.2.0.s390x.xml
index 2af88d081a..5189544d66 100644
--- a/tests/domaincapsdata/qemu_5.2.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.s390x.xml
@@ -272,5 +272,8 @@
     <s390-pv supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_5.2.0.x86_64.xml
index 9bbb22b0d8..99a565072b 100644
--- a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml
@@ -253,5 +253,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_6.0.0-q35.x86_64.xml
index 66da296d8e..ed2511d138 100644
--- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
@@ -260,5 +260,10 @@
       <maxESGuests>450</maxESGuests>
     </sev>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'>
+        <value>sev</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_6.0.0-tcg.x86_64.xml
index 169e777644..b4c9092996 100644
--- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
@@ -274,5 +274,10 @@
       <maxESGuests>450</maxESGuests>
     </sev>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'>
+        <value>sev</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml b/tests/domai=
ncapsdata/qemu_6.0.0-virt.aarch64.xml
index 64e62aacf2..6a0a497b83 100644
--- a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml
@@ -211,5 +211,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml b/tests/domaincaps=
data/qemu_6.0.0.aarch64.xml
index 64e62aacf2..6a0a497b83 100644
--- a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml
@@ -211,5 +211,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0.s390x.xml b/tests/domaincapsda=
ta/qemu_6.0.0.s390x.xml
index c8dd1e88c9..d4fdef3791 100644
--- a/tests/domaincapsdata/qemu_6.0.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.s390x.xml
@@ -273,5 +273,10 @@
     <s390-pv supported=3D'yes'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'>
+        <value>s390-pv</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_6.0.0.x86_64.xml
index 0af8b9d064..557c22a67e 100644
--- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
@@ -260,5 +260,10 @@
       <maxESGuests>450</maxESGuests>
     </sev>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'>
+        <value>sev</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_6.1.0-q35.x86_64.xml
index cc2081955d..ae8f0bcda1 100644
--- a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml
@@ -256,5 +256,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_6.1.0-tcg.x86_64.xml
index 35f31f4ae8..59ee5c3c67 100644
--- a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml
@@ -269,5 +269,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_6.1.0.x86_64.xml
index 22f8c8a397..3c13c2712c 100644
--- a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml
@@ -256,5 +256,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_6.2.0-q35.x86_64.xml
index 782aa792a9..4df5b1b3ab 100644
--- a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml
@@ -256,5 +256,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_6.2.0-tcg.x86_64.xml
index fa1c32f138..9f3e6cb9de 100644
--- a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml
@@ -271,5 +271,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml b/tests/domai=
ncapsdata/qemu_6.2.0-virt.aarch64.xml
index 64bed8b367..682d796ba9 100644
--- a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml
@@ -218,5 +218,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml b/tests/domaincaps=
data/qemu_6.2.0.aarch64.xml
index 64bed8b367..682d796ba9 100644
--- a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml
@@ -218,5 +218,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml b/tests/domaincapsda=
ta/qemu_6.2.0.ppc64.xml
index 69a6bcc8bc..b7336e995d 100644
--- a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml
@@ -170,5 +170,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_6.2.0.x86_64.xml
index e6283ff153..dbc25bd48e 100644
--- a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml
@@ -256,5 +256,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml b/tests/do=
maincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml
index 94a79e8743..5b4e05f91e 100644
--- a/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml
+++ b/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml
@@ -172,5 +172,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_7.0.0-q35.x86_64.xml
index 50b2ee2ffe..59953e6309 100644
--- a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml
@@ -266,5 +266,8 @@
         <section node=3D'1' size=3D'262144' unit=3D'KiB'/>
       </sections>
     </sgx>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_7.0.0-tcg.x86_64.xml
index 8a98f7ed87..02e585816a 100644
--- a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml
@@ -281,5 +281,8 @@
         <section node=3D'1' size=3D'262144' unit=3D'KiB'/>
       </sections>
     </sgx>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml b/tests/domai=
ncapsdata/qemu_7.0.0-virt.aarch64.xml
index d5830c46a3..86ec857aaa 100644
--- a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml
@@ -217,5 +217,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml b/tests/domaincaps=
data/qemu_7.0.0.aarch64.xml
index d5830c46a3..86ec857aaa 100644
--- a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml
@@ -217,5 +217,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml b/tests/domaincapsda=
ta/qemu_7.0.0.ppc64.xml
index c865dcf418..83ac4a9ba9 100644
--- a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml
@@ -175,5 +175,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_7.0.0.x86_64.xml
index fa4b912168..b0dd57f4f7 100644
--- a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml
@@ -266,5 +266,8 @@
         <section node=3D'1' size=3D'262144' unit=3D'KiB'/>
       </sections>
     </sgx>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_7.1.0-q35.x86_64.xml
index 2eec2e3162..d68ba222e2 100644
--- a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml
@@ -256,5 +256,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_7.1.0-tcg.x86_64.xml
index 4741164370..a9c4b36f90 100644
--- a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml
@@ -270,5 +270,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml b/tests/domaincapsda=
ta/qemu_7.1.0.ppc64.xml
index aa3a0571b6..5aec717752 100644
--- a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml
@@ -168,5 +168,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_7.1.0.x86_64.xml
index 449e1b51d1..1e33d89b6e 100644
--- a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml
@@ -256,5 +256,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml b/tests/dom=
aincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml
index dfd319431e..076a1daa99 100644
--- a/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml
+++ b/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml
@@ -179,5 +179,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_7.2.0-q35.x86_64.xml
index e48a07da28..7d855b68c5 100644
--- a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml
@@ -262,5 +262,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml b/tests/dom=
aincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml
index bba0e5069b..42b889b1d2 100644
--- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml
+++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml
@@ -260,5 +260,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_7.2.0-tcg.x86_64.xml
index bba0e5069b..42b889b1d2 100644
--- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml
@@ -260,5 +260,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.2.0.ppc.xml b/tests/domaincapsdata=
/qemu_7.2.0.ppc.xml
index 7fd4b1ce17..f76d41b7a3 100644
--- a/tests/domaincapsdata/qemu_7.2.0.ppc.xml
+++ b/tests/domaincapsdata/qemu_7.2.0.ppc.xml
@@ -154,5 +154,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_7.2.0.x86_64.xml
index d116cf2e48..5ca0ad53c7 100644
--- a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml
@@ -262,5 +262,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_8.0.0-q35.x86_64.xml
index 2815064abc..ac181ca366 100644
--- a/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml
@@ -281,5 +281,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml b/tests/d=
omaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml
index 1911e34b07..cd462603d4 100644
--- a/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml
+++ b/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml
@@ -155,5 +155,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_8.0.0-tcg.x86_64.xml
index ce9035cb9b..5ad8f24d87 100644
--- a/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml
@@ -283,5 +283,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml b/tests/domai=
ncapsdata/qemu_8.0.0-virt.riscv64.xml
index d331dc45e5..913f20afc3 100644
--- a/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml
+++ b/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml
@@ -158,5 +158,8 @@
     <async-teardown supported=3D'no'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.0.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_8.0.0.x86_64.xml
index 07d1d06115..7fb44a17a3 100644
--- a/tests/domaincapsdata/qemu_8.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.0.0.x86_64.xml
@@ -281,5 +281,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_8.1.0-q35.x86_64.xml
index 4d438efdf7..0b5da8882e 100644
--- a/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml
@@ -283,5 +283,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_8.1.0-tcg.x86_64.xml
index b8a566920f..759af05bd4 100644
--- a/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml
@@ -284,5 +284,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.1.0.s390x.xml b/tests/domaincapsda=
ta/qemu_8.1.0.s390x.xml
index 3f4299237e..e909ffd420 100644
--- a/tests/domaincapsdata/qemu_8.1.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_8.1.0.s390x.xml
@@ -268,5 +268,10 @@
     <s390-pv supported=3D'yes'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'>
+        <value>s390-pv</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.1.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_8.1.0.x86_64.xml
index 919357e577..3e8a25452e 100644
--- a/tests/domaincapsdata/qemu_8.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.1.0.x86_64.xml
@@ -283,5 +283,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_8.2.0-q35.x86_64.xml
index f711a51044..83cc97b2fd 100644
--- a/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml
@@ -285,5 +285,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.2.0-tcg-virt.loongarch64.xml b/tes=
ts/domaincapsdata/qemu_8.2.0-tcg-virt.loongarch64.xml
index 0edce04323..0f59518360 100644
--- a/tests/domaincapsdata/qemu_8.2.0-tcg-virt.loongarch64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0-tcg-virt.loongarch64.xml
@@ -161,5 +161,8 @@
     <async-teardown supported=3D'yes'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_8.2.0-tcg.x86_64.xml
index e215b5d946..0eb354e836 100644
--- a/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml
@@ -284,5 +284,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml b/tests/domai=
ncapsdata/qemu_8.2.0-virt.aarch64.xml
index e4519e4a1b..291493272b 100644
--- a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
@@ -223,5 +223,8 @@
     <async-teardown supported=3D'yes'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.2.0-virt.loongarch64.xml b/tests/d=
omaincapsdata/qemu_8.2.0-virt.loongarch64.xml
index 2259a6ebca..32b2385af8 100644
--- a/tests/domaincapsdata/qemu_8.2.0-virt.loongarch64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0-virt.loongarch64.xml
@@ -165,5 +165,8 @@
     <async-teardown supported=3D'yes'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml b/tests/domaincaps=
data/qemu_8.2.0.aarch64.xml
index e4519e4a1b..291493272b 100644
--- a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
@@ -223,5 +223,8 @@
     <async-teardown supported=3D'yes'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.2.0.armv7l.xml b/tests/domaincapsd=
ata/qemu_8.2.0.armv7l.xml
index efc6010e44..059c4236c3 100644
--- a/tests/domaincapsdata/qemu_8.2.0.armv7l.xml
+++ b/tests/domaincapsdata/qemu_8.2.0.armv7l.xml
@@ -171,5 +171,8 @@
     <async-teardown supported=3D'yes'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.2.0.s390x.xml b/tests/domaincapsda=
ta/qemu_8.2.0.s390x.xml
index 9c00145370..6897395eef 100644
--- a/tests/domaincapsdata/qemu_8.2.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_8.2.0.s390x.xml
@@ -268,5 +268,10 @@
     <s390-pv supported=3D'yes'/>
     <sev supported=3D'no'/>
     <sgx supported=3D'no'/>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'>
+        <value>s390-pv</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_8.2.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_8.2.0.x86_64.xml
index bc060e21b6..6e20c9be9b 100644
--- a/tests/domaincapsdata/qemu_8.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0.x86_64.xml
@@ -285,5 +285,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_9.0.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_9.0.0-q35.x86_64.xml
index 015effd3b0..7b3f073e2e 100644
--- a/tests/domaincapsdata/qemu_9.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.0.0-q35.x86_64.xml
@@ -285,5 +285,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_9.0.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_9.0.0-tcg.x86_64.xml
index 91d3f68c26..3d16bbce6e 100644
--- a/tests/domaincapsdata/qemu_9.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.0.0-tcg.x86_64.xml
@@ -286,5 +286,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_9.0.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_9.0.0.x86_64.xml
index a258cdc063..ce5f901e37 100644
--- a/tests/domaincapsdata/qemu_9.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.0.0.x86_64.xml
@@ -285,5 +285,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_9.1.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_9.1.0-q35.x86_64.xml
index 40e8533e16..0150f0ab93 100644
--- a/tests/domaincapsdata/qemu_9.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.1.0-q35.x86_64.xml
@@ -286,5 +286,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_9.1.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_9.1.0-tcg.x86_64.xml
index 996d2e9390..0111abd4e6 100644
--- a/tests/domaincapsdata/qemu_9.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.1.0-tcg.x86_64.xml
@@ -285,5 +285,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_9.1.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_9.1.0.x86_64.xml
index 6381d05bf2..7275237a47 100644
--- a/tests/domaincapsdata/qemu_9.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.1.0.x86_64.xml
@@ -286,5 +286,8 @@
         <value>avic</value>
       </enum>
     </hyperv>
+    <launchSecurity supported=3D'yes'>
+      <enum name=3D'sectype'/>
+    </launchSecurity>
   </features>
 </domainCapabilities>
--=20
2.44.2
From nobody Fri Oct 18 06:20:11 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1719309050569511.02664790587005;
 Tue, 25 Jun 2024 02:50:50 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 5F58713B5; Tue, 25 Jun 2024 05:50:49 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 26DDE13C1;
	Tue, 25 Jun 2024 05:49:30 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 0E7E213DD; Tue, 25 Jun 2024 05:49:24 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id A2090138A
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 05:49:06 -0400 (EDT)
Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-36-LExE5v7BNkaOtggAeAIfpg-1; Tue,
 25 Jun 2024 05:49:04 -0400
Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id C807F195608F
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:49:03 +0000 (UTC)
Received: from maggie.brq.redhat.com (unknown [10.43.3.102])
	by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 1233B3000221
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:49:02 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,SPF_HELO_NONE
	autolearn=no autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1719308946;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=J18SblDKHc9GFcsMyzodhEw0s2IykRPAUzvbkmiYewE=;
	b=Gw5v0/J0nOtsb5kAfyuXhvK0ZpILWzac2ua4cj24Mv0fvF0j6lEDGnTP9j5RrJFSA/m9GB
	sXtEHcX81VM0ngjYQfqo+AIujBWh1XMSXnl6RUSI31FLDHopYi1ElEy8wHqmTm8gZx0tE5
	sIrL7sd2rGXjSijy7WTS/frWuGxZs38=
X-MC-Unique: LExE5v7BNkaOtggAeAIfpg-1
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 6/8] qemu_validate: Use domaincaps to validate supported
 launchSecurity type
Date: Tue, 25 Jun 2024 11:48:51 +0200
Message-ID: 
 <4d603f5c189d73d0aca0310a5e072a1f5e5f4eb2.1719308850.git.mprivozn@redhat.com>
In-Reply-To: <cover.1719308849.git.mprivozn@redhat.com>
References: <cover.1719308849.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 5V6KNYA64TOFFYCYXFJXFGJCWQ6TGYE6
X-Message-ID-Hash: 5V6KNYA64TOFFYCYXFJXFGJCWQ6TGYE6
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/5V6KNYA64TOFFYCYXFJXFGJCWQ6TGYE6/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1719309052346100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

Now that the logic for detecting supported launchSecurity types
has been moved to domain capabilities generation, we can just use
it when validating launchSecurity type. Just like we do for
device models and so on.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/qemu/qemu_validate.c | 29 ++++++++++++-----------------
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 3cfcceafc9..b392428f48 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1310,14 +1310,20 @@ qemuValidateDomainDef(const virDomainDef *def,
         return -1;
=20
     if (def->sec) {
+        virDomainCapsLaunchSecurity launchSecurity =3D { };
+
+        virQEMUCapsFillDomainLaunchSecurity(qemuCaps, &launchSecurity);
+
+        if (!VIR_DOMAIN_CAPS_ENUM_IS_SET(launchSecurity.sectype,
+                                         def->sec->sectype)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("'%1$s' launch security is not supported with=
 this QEMU binary"),
+                           virDomainLaunchSecurityTypeToString(def->sec->s=
ectype));
+            return -1;
+        }
+
         switch (def->sec->sectype) {
         case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
-            if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
-                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                               _("SEV launch security is not supported wit=
h this QEMU binary"));
-                return -1;
-            }
-
             if (def->sec->data.sev.common.kernel_hashes !=3D VIR_TRISTATE_=
BOOL_ABSENT &&
                 !virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST_KERNEL_HASHE=
S)) {
                 virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
@@ -1327,20 +1333,9 @@ qemuValidateDomainDef(const virDomainDef *def,
             break;
=20
         case VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP:
-            if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_SNP_GUEST)) {
-                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                               _("SEV SNP launch security is not supported=
 with this QEMU binary"));
-                return -1;
-            }
             break;
=20
         case VIR_DOMAIN_LAUNCH_SECURITY_PV:
-            if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GU=
EST_SUPPORT) ||
-                !virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST)) {
-                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                               _("S390 PV launch security is not supported=
 with this QEMU binary"));
-                return -1;
-            }
             if (!virQEMUCapsGetKVMSupportsSecureGuest(qemuCaps)) {
                 virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                                _("S390 PV launch security is not supported=
 by this host or kernel"));
--=20
2.44.2
From nobody Fri Oct 18 06:20:11 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 171930918748343.03341319956712;
 Tue, 25 Jun 2024 02:53:07 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 4A39A9A5; Tue, 25 Jun 2024 05:53:06 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 70242BF9;
	Tue, 25 Jun 2024 05:49:35 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 807FB13B3; Tue, 25 Jun 2024 05:49:25 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id DBDAD140F
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 05:49:07 -0400 (EDT)
Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-70-qTVXBHMdPp-CvqZqvJqwKw-1; Tue,
 25 Jun 2024 05:49:05 -0400
Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 1DAE91956089
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:49:05 +0000 (UTC)
Received: from maggie.brq.redhat.com (unknown [10.43.3.102])
	by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 333EF300021A
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:49:03 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,SPF_HELO_NONE
	autolearn=no autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1719308947;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=1gADpXJ9hsLYwgw0u+37q35bQ/aXrB1pHC06+/5od1w=;
	b=TLx3HO7168g9HmGAjADl+uKvnRFgcGFMigf8zljGttD12j2qDXJmeXM4hS7fY0T6Z+WGy3
	6Ft8wDSSpVwodOY+58fJkCntGhPxbYX+r6b8Cml8IH6qeJZVD/P6LFz0yefbuIOgdQEQ7y
	d9LrStlr+d0Y8CZEhG+nAVqb7lTStJ8=
X-MC-Unique: qTVXBHMdPp-CvqZqvJqwKw-1
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 7/8] virt-host-validate: Move AMD SEV into a separate func
Date: Tue, 25 Jun 2024 11:48:52 +0200
Message-ID: 
 <3a6736316f815c4440d90347cf6028ab23f473bc.1719308850.git.mprivozn@redhat.com>
In-Reply-To: <cover.1719308849.git.mprivozn@redhat.com>
References: <cover.1719308849.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: IZ577CVV6OLF3EQBHXY2Z23KM4OMA5IG
X-Message-ID-Hash: IZ577CVV6OLF3EQBHXY2Z23KM4OMA5IG
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/IZ577CVV6OLF3EQBHXY2Z23KM4OMA5IG/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1719309188996100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

The code that validates AMD SEV is going to be expanded soon.
Move it into its own function to avoid lengthening
virHostValidateSecureGuests() where the code lives now, even
more.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
 tools/virt-host-validate-common.c | 54 ++++++++++++++++++-------------
 1 file changed, 32 insertions(+), 22 deletions(-)

diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-c=
ommon.c
index ad06dfb245..7dca1d795b 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -379,6 +379,35 @@ bool virHostKernelModuleIsLoaded(const char *module)
 }
=20
=20
+static int
+virHostValidateAMDSev(virValidateLevel level)
+{
+    g_autofree char *mod_value =3D NULL;
+
+    if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parameters=
/sev") < 0) {
+        virValidateFail(level, "AMD Secure Encrypted Virtualization not "
+                        "supported by the currently used kernel");
+        return VIR_VALIDATE_FAILURE(level);
+    }
+
+    if (mod_value[0] !=3D '1' && mod_value[0] !=3D 'Y' && mod_value[0] !=
=3D 'y') {
+        virValidateFail(level,
+                        "AMD Secure Encrypted Virtualization appears to be=
 "
+                        "disabled in kernel. Add kvm_amd.sev=3D1 "
+                        "to the kernel cmdline arguments");
+        return VIR_VALIDATE_FAILURE(level);
+    }
+
+    if (!virFileExists("/dev/sev")) {
+        virValidateFail(level,
+                        "AMD Secure Encrypted Virtualization appears to be=
 "
+                        "disabled in firmware.");
+        return VIR_VALIDATE_FAILURE(level);
+    }
+
+    return 1;
+}
+
 int virHostValidateSecureGuests(const char *hvname,
                                 virValidateLevel level)
 {
@@ -388,7 +417,6 @@ int virHostValidateSecureGuests(const char *hvname,
     virArch arch =3D virArchFromHost();
     g_autofree char *cmdline =3D NULL;
     static const char *kIBMValues[] =3D {"y", "Y", "on", "ON", "oN", "On",=
 "1"};
-    g_autofree char *mod_value =3D NULL;
=20
     flags =3D virHostValidateGetCPUFlags();
=20
@@ -430,29 +458,11 @@ int virHostValidateSecureGuests(const char *hvname,
             return VIR_VALIDATE_FAILURE(level);
         }
     } else if (hasAMDSev) {
-        if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parame=
ters/sev") < 0) {
-            virValidateFail(level, "AMD Secure Encrypted Virtualization no=
t "
-                            "supported by the currently used kernel");
-            return VIR_VALIDATE_FAILURE(level);
-        }
+        int rc =3D virHostValidateAMDSev(level);
=20
-        if (mod_value[0] !=3D '1' && mod_value[0] !=3D 'Y' && mod_value[0]=
 !=3D 'y') {
-            virValidateFail(level,
-                            "AMD Secure Encrypted Virtualization appears t=
o be "
-                            "disabled in kernel. Add kvm_amd.sev=3D1 "
-                            "to the kernel cmdline arguments");
-            return VIR_VALIDATE_FAILURE(level);
-        }
-
-        if (virFileExists("/dev/sev")) {
+        if (rc > 0)
             virValidatePass();
-            return 1;
-        } else {
-            virValidateFail(level,
-                            "AMD Secure Encrypted Virtualization appears t=
o be "
-                            "disabled in firmware.");
-            return VIR_VALIDATE_FAILURE(level);
-        }
+        return rc;
     }
=20
     virValidateFail(level,
--=20
2.44.2
From nobody Fri Oct 18 06:20:11 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1719309236667152.67914459843985;
 Tue, 25 Jun 2024 02:53:56 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 9ADAE9B0; Tue, 25 Jun 2024 05:53:55 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id A981713A6;
	Tue, 25 Jun 2024 05:49:40 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id E86B913E9; Tue, 25 Jun 2024 05:49:26 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 75B60137F
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 05:49:10 -0400 (EDT)
Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-13-QDIHPfUoPtKxGy6KTlW7mg-1; Tue,
 25 Jun 2024 05:49:06 -0400
Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 1530619560B4
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:49:06 +0000 (UTC)
Received: from maggie.brq.redhat.com (unknown [10.43.3.102])
	by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 543F0300021A
	for <devel@lists.libvirt.org>; Tue, 25 Jun 2024 09:49:05 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,SPF_HELO_NONE
	autolearn=no autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1719308950;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=LUsSctNd6mB9dCYrkKTI0Oc6p9f8k8DLu/AuVt6aoc4=;
	b=VOmOzeq0dtRUKZcJMEh+zm1zuHPyeFKhX2tymKbw3GC/agH/0+lDZ1v0wE+Nh8lmJV9t/r
	pWHjF1VX4PXdq4ZNUm6cSj2zftVzRtwfMofG0FXyG+dgjz8vhJ1e+2aXGfWD56wWNG4Sgv
	RFwBf7GN+a0Ng0DaicFFEMLD7sAHBDQ=
X-MC-Unique: QDIHPfUoPtKxGy6KTlW7mg-1
From: Michal Privoznik <mprivozn@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 8/8] virt-host-validate: Detect SEV-ES and SEV-SNP
Date: Tue, 25 Jun 2024 11:48:53 +0200
Message-ID: 
 <ff53b1289229032dfb0f47eaace86bf5eca9ca16.1719308850.git.mprivozn@redhat.com>
In-Reply-To: <cover.1719308849.git.mprivozn@redhat.com>
References: <cover.1719308849.git.mprivozn@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: LW75T2AMYJIPBDQPKS2H3BMOQ3OFAELA
X-Message-ID-Hash: LW75T2AMYJIPBDQPKS2H3BMOQ3OFAELA
X-MailFrom: mprivozn@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/LW75T2AMYJIPBDQPKS2H3BMOQ3OFAELA/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1719309237128100001
Content-Type: text/plain; charset="utf-8"

With a simple cpuid (Section "E.4.17 Function
8000_001Fh=E2=80=94Encrypted Memory Capabilities" in "AMD64 Architecture
Programmer=E2=80=99s Manual Vol. 3") we can detect whether CPU is capable
of running SEV-ES and/or SEV-SNP guests. Report these in
virt-host-validate tool.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
 tools/virt-host-validate-common.c | 33 +++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-c=
ommon.c
index 7dca1d795b..2985c0c826 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -34,6 +34,7 @@
 #include "virstring.h"
 #include "virarch.h"
 #include "virutil.h"
+#include "virhostcpu.h"
=20
 #define VIR_FROM_THIS VIR_FROM_NONE
=20
@@ -380,9 +381,11 @@ bool virHostKernelModuleIsLoaded(const char *module)
=20
=20
 static int
-virHostValidateAMDSev(virValidateLevel level)
+virHostValidateAMDSev(const char *hvname,
+                      virValidateLevel level)
 {
     g_autofree char *mod_value =3D NULL;
+    uint32_t eax, ebx;
=20
     if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parameters=
/sev") < 0) {
         virValidateFail(level, "AMD Secure Encrypted Virtualization not "
@@ -405,6 +408,32 @@ virHostValidateAMDSev(virValidateLevel level)
         return VIR_VALIDATE_FAILURE(level);
     }
=20
+    virValidatePass();
+
+    virValidateCheck(hvname, "%s",
+                     _("Checking for AMD Secure Encrypted Virtualization-E=
ncrypted State (SEV-ES)"));
+
+    virHostCPUX86GetCPUID(0x8000001F, 0, &eax, &ebx, NULL, NULL);
+
+    if (eax & (1U << 3)) {
+        virValidatePass();
+    } else {
+        virValidateFail(level,
+                        "AMD SEV-ES is not supported");
+        return VIR_VALIDATE_FAILURE(level);
+    }
+
+    virValidateCheck(hvname, "%s",
+                     _("Checking for AMD Secure Encrypted Virtualization-S=
ecure Nested Paging (SEV-SNP)"));
+
+    if (eax & (1U << 4)) {
+        virValidatePass();
+    } else {
+        virValidateFail(level,
+                        "AMD SEV-SNP is not supported");
+        return VIR_VALIDATE_FAILURE(level);
+    }
+
     return 1;
 }
=20
@@ -458,7 +487,7 @@ int virHostValidateSecureGuests(const char *hvname,
             return VIR_VALIDATE_FAILURE(level);
         }
     } else if (hasAMDSev) {
-        int rc =3D virHostValidateAMDSev(level);
+        int rc =3D virHostValidateAMDSev(hvname, level);
=20
         if (rc > 0)
             virValidatePass();
--=20
2.44.2