[PATCH v4 1/8] schemas: Make SEV policy on launch security optional

Boris Fiuczynski fiuczy at linux.ibm.com
Thu Jul 8 20:57:17 UTC 2021 

Change launch security policy of type SEV from required to
optional and add a test to ensure the required launch security
policy remains required when launch security type is SEV.

Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413 at gmail.com>
Reviewed-by: Pavel Hrdina <phrdina at redhat.com>
---
 docs/schemas/domaincommon.rng                 | 12 ++++---
 src/conf/domain_conf.c                        |  3 +-
 ...urity-sev-missing-policy.x86_64-2.12.0.err |  1 +
 .../launch-security-sev-missing-policy.xml    | 34 +++++++++++++++++++
 tests/qemuxml2argvtest.c                      |  1 +
 5 files changed, 46 insertions(+), 5 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12.0.err
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 5ea14b6dbf..8c1b6c3a09 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -483,7 +483,9 @@
   <define name="launchSecurity">
     <element name="launchSecurity">
       <attribute name="type">
-        <value>sev</value>
+        <choice>
+          <value>sev</value>
+        </choice>
       </attribute>
       <interleave>
         <optional>
@@ -496,9 +498,11 @@
             <data type="unsignedInt"/>
           </element>
         </optional>
-        <element name="policy">
-          <ref name="hexuint"/>
-        </element>
+        <optional>
+          <element name="policy">
+            <ref name="hexuint"/>
+          </element>
+        </optional>
         <optional>
           <element name="handle">
             <ref name="unsignedInt"/>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 2d8ae7e860..103bb47566 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -14734,7 +14734,8 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
 
     if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) {
         virReportError(VIR_ERR_XML_ERROR, "%s",
-                       _("failed to get launch security policy"));
+                       _("failed to get launch security policy for "
+                         "launch security type SEV"));
         return NULL;
     }
 
diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12.0.err b/tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12.0.err
new file mode 100644
index 0000000000..2019c8bb13
--- /dev/null
+++ b/tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12.0.err
@@ -0,0 +1 @@
+XML error: failed to get launch security policy for launch security type SEV
diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml b/tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml
new file mode 100644
index 0000000000..5461b06c9d
--- /dev/null
+++ b/tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml
@@ -0,0 +1,34 @@
+<domain type='kvm'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219100</memory>
+  <currentMemory unit='KiB'>219100</currentMemory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc-1.0'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type='block' device='disk'>
+      <driver name='qemu' type='raw'/>
+      <source dev='/dev/HostVG/QEMUGuest1'/>
+      <target dev='hda' bus='ide'/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <controller type='usb' index='0'/>
+    <controller type='ide' index='0'/>
+    <controller type='pci' index='0' model='pci-root'/>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <memballoon model='none'/>
+  </devices>
+  <launchSecurity type='sev'>
+    <dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCert>
+    <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
+  </launchSecurity>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index e315335e81..8d32aa7341 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -3468,6 +3468,7 @@ mymain(void)
     DO_TEST_CAPS_VER("launch-security-sev", "2.12.0");
     DO_TEST_CAPS_VER("launch-security-sev", "6.0.0");
     DO_TEST_CAPS_VER("launch-security-sev-missing-platform-info", "2.12.0");
+    DO_TEST_CAPS_VER_PARSE_ERROR("launch-security-sev-missing-policy", "2.12.0");
 
     DO_TEST_CAPS_LATEST("vhost-user-fs-fd-memory");
     DO_TEST_CAPS_LATEST("vhost-user-fs-hugepages");
-- 
2.31.1

More information about the libvir-list mailing list