[PATCH v3 1/6] schemas: Make SEV policy on launch security optional
Daniel Henrique Barboza
danielhb413 at gmail.com
Tue Jun 22 17:43:14 UTC 2021
On 6/22/21 10:10 AM, Boris Fiuczynski wrote:
> Change launch security policy of type SEV from required to
> optional and add a test to ensure the required launch security
> policy remains required when launch security type is SEV.
>
> Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
> ---
Reviewed-by: Daniel Henrique Barboza <danielhb413 at gmail.com>
> docs/schemas/domaincommon.rng | 12 ++++---
> src/conf/domain_conf.c | 3 +-
> ...urity-sev-missing-policy.x86_64-2.12.0.err | 1 +
> .../launch-security-sev-missing-policy.xml | 34 +++++++++++++++++++
> tests/qemuxml2argvtest.c | 1 +
> 5 files changed, 46 insertions(+), 5 deletions(-)
> create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12.0.err
> create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml
>
> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> index 5ea14b6dbf..8c1b6c3a09 100644
> --- a/docs/schemas/domaincommon.rng
> +++ b/docs/schemas/domaincommon.rng
> @@ -483,7 +483,9 @@
> <define name="launchSecurity">
> <element name="launchSecurity">
> <attribute name="type">
> - <value>sev</value>
> + <choice>
> + <value>sev</value>
> + </choice>
> </attribute>
> <interleave>
> <optional>
> @@ -496,9 +498,11 @@
> <data type="unsignedInt"/>
> </element>
> </optional>
> - <element name="policy">
> - <ref name="hexuint"/>
> - </element>
> + <optional>
> + <element name="policy">
> + <ref name="hexuint"/>
> + </element>
> + </optional>
> <optional>
> <element name="handle">
> <ref name="unsignedInt"/>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index f65509d8ec..af2fd03d3c 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -14749,7 +14749,8 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
>
> if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) {
> virReportError(VIR_ERR_XML_ERROR, "%s",
> - _("failed to get launch security policy"));
> + _("failed to get launch security policy for "
> + "launch security type SEV"));
> goto error;
> }
>
> diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12.0.err b/tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12.0.err
> new file mode 100644
> index 0000000000..2019c8bb13
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12.0.err
> @@ -0,0 +1 @@
> +XML error: failed to get launch security policy for launch security type SEV
> diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml b/tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml
> new file mode 100644
> index 0000000000..5461b06c9d
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml
> @@ -0,0 +1,34 @@
> +<domain type='kvm'>
> + <name>QEMUGuest1</name>
> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> + <memory unit='KiB'>219100</memory>
> + <currentMemory unit='KiB'>219100</currentMemory>
> + <vcpu placement='static'>1</vcpu>
> + <os>
> + <type arch='x86_64' machine='pc-1.0'>hvm</type>
> + <boot dev='hd'/>
> + </os>
> + <clock offset='utc'/>
> + <on_poweroff>destroy</on_poweroff>
> + <on_reboot>restart</on_reboot>
> + <on_crash>destroy</on_crash>
> + <devices>
> + <emulator>/usr/bin/qemu-system-x86_64</emulator>
> + <disk type='block' device='disk'>
> + <driver name='qemu' type='raw'/>
> + <source dev='/dev/HostVG/QEMUGuest1'/>
> + <target dev='hda' bus='ide'/>
> + <address type='drive' controller='0' bus='0' target='0' unit='0'/>
> + </disk>
> + <controller type='usb' index='0'/>
> + <controller type='ide' index='0'/>
> + <controller type='pci' index='0' model='pci-root'/>
> + <input type='mouse' bus='ps2'/>
> + <input type='keyboard' bus='ps2'/>
> + <memballoon model='none'/>
> + </devices>
> + <launchSecurity type='sev'>
> + <dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCert>
> + <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
> + </launchSecurity>
> +</domain>
> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
> index 9df28658b9..ef6afae586 100644
> --- a/tests/qemuxml2argvtest.c
> +++ b/tests/qemuxml2argvtest.c
> @@ -3459,6 +3459,7 @@ mymain(void)
> DO_TEST_CAPS_VER("launch-security-sev", "2.12.0");
> DO_TEST_CAPS_VER("launch-security-sev", "6.0.0");
> DO_TEST_CAPS_VER("launch-security-sev-missing-platform-info", "2.12.0");
> + DO_TEST_CAPS_VER_PARSE_ERROR("launch-security-sev-missing-policy", "2.12.0");
>
> DO_TEST_CAPS_LATEST("vhost-user-fs-fd-memory");
> DO_TEST_CAPS_LATEST("vhost-user-fs-hugepages");
>
More information about the libvir-list
mailing list