[PATCH v3 0/6] Support for launchSecurity type s390-pv
Pavel Hrdina
phrdina at redhat.com
Fri Jun 25 10:13:00 UTC 2021
On Tue, Jun 22, 2021 at 03:10:43PM +0200, Boris Fiuczynski wrote:
> This patch series introduces the launch security type s390-pv.
> Specifying s390-pv as launch security type in an s390 domain prepares for
> running the guest in protected virtualization secure mode, also known as
> IBM Secure Execution.
>
> diff to v2:
> - Broke up previous patch one into three patches
>
> diff to v1:
> - Rebased to current master
> - Added verification check for confidential-guest-support capability
>
> Boris Fiuczynski (6):
> schemas: Make SEV policy on launch security optional
> conf: modernize SEV XML parse and format methods
> conf: refactor launch security to allow more types
> qemu: add s390-pv-guest capability
> conf: add s390-pv as launch security type
> docs: add s390-pv documentation
Overall looks good. Please add one more patch which would export the
availability of s390-pv in domain capabilities the like we do for SEV.
Pavel
>
> docs/formatdomain.rst | 7 +
> docs/kbase/s390_protected_virt.rst | 55 ++++++-
> docs/schemas/domaincommon.rng | 13 +-
> src/conf/domain_conf.c | 155 +++++++++++-------
> src/conf/domain_conf.h | 14 +-
> src/conf/virconftypes.h | 2 +
> src/qemu/qemu_capabilities.c | 2 +
> src/qemu/qemu_capabilities.h | 1 +
> src/qemu/qemu_cgroup.c | 4 +-
> src/qemu/qemu_command.c | 70 +++++++-
> src/qemu/qemu_driver.c | 3 +-
> src/qemu/qemu_firmware.c | 34 ++--
> src/qemu/qemu_namespace.c | 21 ++-
> src/qemu/qemu_process.c | 34 +++-
> src/qemu/qemu_validate.c | 31 +++-
> src/security/security_dac.c | 6 +-
> .../launch-security-s390-pv-ignore-policy.xml | 24 +++
> .../launch-security-s390-pv.xml | 18 ++
> .../launch-security-s390-pv-ignore-policy.xml | 1 +
> tests/genericxml2xmltest.c | 2 +
> .../qemucapabilitiesdata/caps_6.0.0.s390x.xml | 1 +
> ...ty-s390-pv-ignore-policy.s390x-latest.args | 35 ++++
> .../launch-security-s390-pv-ignore-policy.xml | 33 ++++
> .../launch-security-s390-pv.s390x-latest.args | 35 ++++
> .../launch-security-s390-pv.xml | 30 ++++
> ...urity-sev-missing-policy.x86_64-2.12.0.err | 1 +
> .../launch-security-sev-missing-policy.xml | 34 ++++
> tests/qemuxml2argvtest.c | 4 +
> 28 files changed, 562 insertions(+), 108 deletions(-)
> create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv-ignore-policy.xml
> create mode 100644 tests/genericxml2xmlindata/launch-security-s390-pv.xml
> create mode 120000 tests/genericxml2xmloutdata/launch-security-s390-pv-ignore-policy.xml
> create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.s390x-latest.args
> create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv-ignore-policy.xml
> create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
> create mode 100644 tests/qemuxml2argvdata/launch-security-s390-pv.xml
> create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.x86_64-2.12.0.err
> create mode 100644 tests/qemuxml2argvdata/launch-security-sev-missing-policy.xml
>
> --
> 2.30.2
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20210625/f45b7619/attachment-0001.sig>
More information about the libvir-list
mailing list