From 9b3f2be8b56f71d1bea815dafa47545b39728c03 Mon Sep 17 00:00:00 2001 From: Xu Raoqing Date: Sat, 20 Sep 2025 11:05:53 +0800 Subject: [PATCH] add CCA support Signed-off-by: Xu Raoqing --- ...ckport-domcaps-Report-launchSecurity.patch | 146 ++ ...mu-Fill-launchSecurity-in-domaincaps.patch | 974 ++++++++++++ ...RM-CCA-support-in-qemu-driver-to-lau.patch | 375 +++++ ...RM-CCA-support-in-domain-capabilitie.patch | 1370 +++++++++++++++++ ...Add-ARM-CCA-support-in-domain-schema.patch | 322 ++++ libvirt.spec | 12 +- 6 files changed, 3198 insertions(+), 1 deletion(-) create mode 100644 0001-backport-domcaps-Report-launchSecurity.patch create mode 100644 0002-backport-qemu-Fill-launchSecurity-in-domaincaps.patch create mode 100644 0003-v4-1-4-src-Add-ARM-CCA-support-in-qemu-driver-to-lau.patch create mode 100644 0004-v4-2-4-src-Add-ARM-CCA-support-in-domain-capabilitie.patch create mode 100644 0005-v4-3-4-src-Add-ARM-CCA-support-in-domain-schema.patch diff --git a/0001-backport-domcaps-Report-launchSecurity.patch b/0001-backport-domcaps-Report-launchSecurity.patch new file mode 100644 index 0000000..6edd34c --- /dev/null +++ b/0001-backport-domcaps-Report-launchSecurity.patch @@ -0,0 +1,146 @@ +From 37ebfdae7c691e7a9fa7cb09632a68e5369661a1 Mon Sep 17 00:00:00 2001 +From: Michal Privoznik +Date: Tue, 25 Jun 2024 09:53:57 +0200 +Subject: [PATCH 1/5] [backport]domcaps: Report launchSecurity +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +bugzilla:https://gitee.com/openeuler/libvirt/issues/ICU4UF?from=project-issue +reference:https://gitlab.com/libvirt/libvirt/-/commit/d460e17282bec89dee1252db4fb3f2b7aa1b5ee8 + +-------------------------------- + +domcaps: Report launchSecurity + +In order to learn what types of are supported +users can turn to domain capabilities and find and + elements. While these may expose some additional info +on individual launchSecurity types, we are lacking clean +enumeration (like we do for say device models). And given that +SEV and SEV SNP share the same basis (info found under is +applicable to SEV SNP too) we have no other way to report SEV SNP +support. + +Therefore, report supported launchSecurity types in domain +capabilities. + +Signed-off-by: Michal Privoznik +Reviewed-by: Jiri Denemark +Reviewed-by: Daniel P. Berrangé +Signed-off-by: rpm-build +--- + docs/formatdomaincaps.rst | 10 ++++++++++ + src/conf/domain_capabilities.c | 14 ++++++++++++++ + src/conf/domain_capabilities.h | 9 +++++++++ + src/conf/schemas/domaincaps.rng | 10 ++++++++++ + 4 files changed, 43 insertions(+) + +diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst +index ef752a0..86353a6 100644 +--- a/docs/formatdomaincaps.rst ++++ b/docs/formatdomaincaps.rst +@@ -796,3 +796,13 @@ are supported. The ``features`` enum corresponds to the ```` element + Please note that depending on the QEMU version some capabilities might be + missing even though QEMU does support them. This is because prior to QEMU-6.1.0 + not all features were reported by QEMU. ++ ++Launch security ++^^^^^^^^^^^^^^^ ++ ++The ``launchSecurity`` element exposes supported aspects of encrypted guests. ++The ``sectype`` enum corresponds to ``type`` attribute of ```` ++element as documented in `Launch Security ++`__. :since:`(Since 10.5.0)` For additional ++information on individual types, see sections above: `s390-pv capability`_ for ++S390 PV, `SEV capabilities`_ for AMD SEV and/or AMD SEV-SNP. +diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c +index f6e09dc..2c69ba0 100644 +--- a/src/conf/domain_capabilities.c ++++ b/src/conf/domain_capabilities.c +@@ -707,6 +707,19 @@ virDomainCapsFeatureHypervFormat(virBuffer *buf, + FORMAT_EPILOGUE(hyperv); + } + ++ ++static void ++virDomainCapsLaunchSecurityFormat(virBuffer *buf, ++ const virDomainCapsLaunchSecurity *launchSecurity) ++{ ++ FORMAT_PROLOGUE(launchSecurity); ++ ++ ENUM_PROCESS(launchSecurity, sectype, virDomainLaunchSecurityTypeToString); ++ ++ FORMAT_EPILOGUE(launchSecurity); ++} ++ ++ + static void + virDomainCapsFormatFeatures(const virDomainCaps *caps, + virBuffer *buf) +@@ -728,6 +741,7 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps, + virDomainCapsFeatureSEVFormat(&childBuf, caps->sev); + virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx); + virDomainCapsFeatureHypervFormat(&childBuf, caps->hyperv); ++ virDomainCapsLaunchSecurityFormat(&childBuf, &caps->launchSecurity); + + virXMLFormatElement(buf, "features", NULL, &childBuf); + } +diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h +index 01bcfa2..ef2d6de 100644 +--- a/src/conf/domain_capabilities.h ++++ b/src/conf/domain_capabilities.h +@@ -165,6 +165,14 @@ struct _virDomainCapsFeatureHyperv { + virDomainCapsEnum features; /* Info about supported virDomainHyperv features */ + }; + ++STATIC_ASSERT_ENUM(VIR_DOMAIN_LAUNCH_SECURITY_LAST); ++typedef struct _virDomainCapsLaunchSecurity virDomainCapsLaunchSecurity; ++struct _virDomainCapsLaunchSecurity { ++ virTristateBool supported; ++ virDomainCapsEnum sectype; /* Info about supported virDomainLaunchSecurity */ ++}; ++ ++ + typedef enum { + VIR_DOMCAPS_CPU_USABLE_UNKNOWN, + VIR_DOMCAPS_CPU_USABLE_YES, +@@ -284,6 +292,7 @@ struct _virDomainCaps { + virSEVCapability *sev; + virSGXCapability *sgx; + virDomainCapsFeatureHyperv *hyperv; ++ virDomainCapsLaunchSecurity launchSecurity; + /* add new domain features here */ + + virTristateBool features[VIR_DOMAIN_CAPS_FEATURE_LAST]; +diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.rng +index e7aa4a1..b8115fe 100644 +--- a/src/conf/schemas/domaincaps.rng ++++ b/src/conf/schemas/domaincaps.rng +@@ -285,6 +285,13 @@ + + + ++ ++ ++ ++ ++ ++ ++ + + + +@@ -317,6 +324,9 @@ + + + ++ ++ ++ + + + +-- +2.43.0 + diff --git a/0002-backport-qemu-Fill-launchSecurity-in-domaincaps.patch b/0002-backport-qemu-Fill-launchSecurity-in-domaincaps.patch new file mode 100644 index 0000000..ee5f236 --- /dev/null +++ b/0002-backport-qemu-Fill-launchSecurity-in-domaincaps.patch @@ -0,0 +1,974 @@ +From 89e3c06c686cf769b243f42b2c4ae2c7d1cf44a0 Mon Sep 17 00:00:00 2001 +From: Michal Privoznik +Date: Tue, 25 Jun 2024 10:45:43 +0200 +Subject: [PATCH 2/5] [backport]qemu: Fill launchSecurity in domaincaps +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +bugzilla:https://gitee.com/openeuler/libvirt/issues/ICU4UF?from=project-issue +reference:https://gitlab.com/libvirt/libvirt/-/commit/66df7992d8efd6462148d2ddf39323dc552eb92a + +-------------------------------- + +qemu: Fill launchSecurity in domaincaps + +The inspiration for these rules comes from +qemuValidateDomainDef(). + +Signed-off-by: Michal Privoznik +Reviewed-by: Jiri Denemark +Reviewed-by: Daniel P. Berrangé +Signed-off-by: rpm-build +--- + src/qemu/qemu_capabilities.c | 21 +++++++++++++++++++ + src/qemu/qemu_capabilities.h | 3 +++ + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + + .../qemu_4.2.0-virt.aarch64.xml | 1 + + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + + .../qemu_5.0.0-tcg-virt.riscv64.xml | 1 + + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + + .../qemu_5.0.0-virt.aarch64.xml | 1 + + .../qemu_5.0.0-virt.riscv64.xml | 1 + + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 + + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 + + .../qemu_5.2.0-tcg-virt.riscv64.xml | 1 + + .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 + + .../qemu_5.2.0-virt.aarch64.xml | 1 + + .../qemu_5.2.0-virt.riscv64.xml | 1 + + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 + + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 5 +++++ + .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 5 +++++ + .../qemu_6.0.0-virt.aarch64.xml | 1 + + tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_6.0.0.s390x.xml | 5 +++++ + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 5 +++++ + .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 1 + + .../qemu_6.2.0-virt.aarch64.xml | 1 + + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 1 + + .../qemu_7.0.0-hvf.aarch64+hvf.xml | 1 + + .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 1 + + .../qemu_7.0.0-virt.aarch64.xml | 1 + + tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_7.1.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 1 + + .../qemu_7.2.0-hvf.x86_64+hvf.xml | 1 + + .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 1 + + .../qemu_7.2.0-tcg.x86_64+hvf.xml | 1 + + .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_7.2.0.ppc.xml | 1 + + tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_8.0.0-q35.x86_64.xml | 1 + + .../qemu_8.0.0-tcg-virt.riscv64.xml | 1 + + .../domaincapsdata/qemu_8.0.0-tcg.x86_64.xml | 1 + + .../qemu_8.0.0-virt.riscv64.xml | 1 + + tests/domaincapsdata/qemu_8.0.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_8.1.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_8.1.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_8.1.0.s390x.xml | 5 +++++ + tests/domaincapsdata/qemu_8.1.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_8.2.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_8.2.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_8.2.0.x86_64.xml | 1 + + 74 files changed, 116 insertions(+) + +diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c +index ae44328..d0da3ed 100644 +--- a/src/qemu/qemu_capabilities.c ++++ b/src/qemu/qemu_capabilities.c +@@ -6495,6 +6495,25 @@ virQEMUCapsFillDomainDeviceCryptoCaps(virQEMUCaps *qemuCaps, + } + + ++void ++virQEMUCapsFillDomainLaunchSecurity(virQEMUCaps *qemuCaps, ++ virDomainCapsLaunchSecurity *launchSecurity) ++{ ++ launchSecurity->supported = VIR_TRISTATE_BOOL_YES; ++ launchSecurity->sectype.report = true; ++ ++ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) ++ VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype, VIR_DOMAIN_LAUNCH_SECURITY_SEV); ++ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST) && ++ virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT)) ++ VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype, VIR_DOMAIN_LAUNCH_SECURITY_PV); ++ ++ if (launchSecurity->sectype.values == 0) { ++ launchSecurity->supported = VIR_TRISTATE_BOOL_NO; ++ } ++} ++ ++ + /** + * virQEMUCapsSupportsGICVersion: + * @qemuCaps: QEMU capabilities +@@ -6659,6 +6678,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps, + virDomainCapsDeviceChannel *channel = &domCaps->channel; + virDomainCapsMemoryBacking *memoryBacking = &domCaps->memoryBacking; + virDomainCapsDeviceCrypto *crypto = &domCaps->crypto; ++ virDomainCapsLaunchSecurity *launchSecurity = &domCaps->launchSecurity; + + virQEMUCapsFillDomainFeaturesFromQEMUCaps(qemuCaps, domCaps); + +@@ -6698,6 +6718,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps, + virQEMUCapsFillDomainFeatureSGXCaps(qemuCaps, domCaps); + virQEMUCapsFillDomainFeatureHypervCaps(qemuCaps, domCaps); + virQEMUCapsFillDomainDeviceCryptoCaps(qemuCaps, crypto); ++ virQEMUCapsFillDomainLaunchSecurity(qemuCaps, launchSecurity); + + return 0; + } +diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h +index 3c4f7f6..4670e45 100644 +--- a/src/qemu/qemu_capabilities.h ++++ b/src/qemu/qemu_capabilities.h +@@ -853,6 +853,9 @@ void virQEMUCapsFillDomainDeviceChannelCaps(virQEMUCaps *qemuCaps, + void virQEMUCapsFillDomainDeviceCryptoCaps(virQEMUCaps *qemuCaps, + virDomainCapsDeviceCrypto *crypto); + ++void virQEMUCapsFillDomainLaunchSecurity(virQEMUCaps *qemuCaps, ++ virDomainCapsLaunchSecurity *launchSecurity); ++ + bool virQEMUCapsGuestIsNative(virArch host, + virArch guest); + +diff --git a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml +index 152f201..7e1bdce 100644 +--- a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml +@@ -318,5 +318,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml +index cea9377..7015920 100644 +--- a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml +@@ -264,5 +264,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml +index ab68d35..acf69bd 100644 +--- a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml +@@ -196,5 +196,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml +index ab68d35..acf69bd 100644 +--- a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml +@@ -196,5 +196,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml +index 66a9ba8..338bcf1 100644 +--- a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml +@@ -164,5 +164,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_4.2.0.s390x.xml b/tests/domaincapsdata/qemu_4.2.0.s390x.xml +index c0567ff..a2268fb 100644 +--- a/tests/domaincapsdata/qemu_4.2.0.s390x.xml ++++ b/tests/domaincapsdata/qemu_4.2.0.s390x.xml +@@ -270,5 +270,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml +index 8b7cf44..0928216 100644 +--- a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml +@@ -318,5 +318,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml +index 1d29a40..d99b2a4 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml +@@ -320,5 +320,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml b/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml +index 1c7d7c9..73e2fdd 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml +@@ -149,5 +149,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml +index 7b7420f..ee819f9 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml +@@ -266,5 +266,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml +index d3cd333..02a7695 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml +@@ -209,5 +209,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml b/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml +index 3272241..f9a7d8b 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml +@@ -152,5 +152,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml +index d3cd333..02a7695 100644 +--- a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml +@@ -209,5 +209,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml +index 5f29f5c..e887156 100644 +--- a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml +@@ -171,5 +171,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml +index f3b3adb..b3126cf 100644 +--- a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml +@@ -320,5 +320,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml +index 2a8a784..d89060b 100644 +--- a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml +@@ -253,5 +253,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml +index 272d9be..78f1461 100644 +--- a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml +@@ -266,5 +266,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.1.0.sparc.xml b/tests/domaincapsdata/qemu_5.1.0.sparc.xml +index 7baee95..b9a9531 100644 +--- a/tests/domaincapsdata/qemu_5.1.0.sparc.xml ++++ b/tests/domaincapsdata/qemu_5.1.0.sparc.xml +@@ -135,5 +135,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml +index 735cd42..469c515 100644 +--- a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml +@@ -253,5 +253,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml +index 968cfe6..2ce499b 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml +@@ -253,5 +253,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml b/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml +index 1c7d7c9..73e2fdd 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml +@@ -149,5 +149,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml +index 526f392..d89e357 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml +@@ -266,5 +266,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml +index f326345..2b83eee 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml +@@ -209,5 +209,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml b/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml +index 3272241..f9a7d8b 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml +@@ -152,5 +152,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml +index f326345..2b83eee 100644 +--- a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml +@@ -209,5 +209,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml +index 96fd13e..2ed2512 100644 +--- a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml +@@ -171,5 +171,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.2.0.s390x.xml b/tests/domaincapsdata/qemu_5.2.0.s390x.xml +index 2af88d0..a865b63 100644 +--- a/tests/domaincapsdata/qemu_5.2.0.s390x.xml ++++ b/tests/domaincapsdata/qemu_5.2.0.s390x.xml +@@ -272,5 +272,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml +index 9bbb22b..e8e7517 100644 +--- a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml +@@ -253,5 +253,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml +index 66da296..ed2511d 100644 +--- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml +@@ -260,5 +260,10 @@ + 450 + + ++ ++ ++ sev ++ ++ + + +diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml +index 0ffd95a..3eaf8e9 100644 +--- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml +@@ -274,5 +274,10 @@ + 450 + + ++ ++ ++ sev ++ ++ + + +diff --git a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml +index 64e62aa..a9a56ee 100644 +--- a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml +@@ -211,5 +211,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml +index 64e62aa..a9a56ee 100644 +--- a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml +@@ -211,5 +211,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_6.0.0.s390x.xml b/tests/domaincapsdata/qemu_6.0.0.s390x.xml +index c8dd1e8..d4fdef3 100644 +--- a/tests/domaincapsdata/qemu_6.0.0.s390x.xml ++++ b/tests/domaincapsdata/qemu_6.0.0.s390x.xml +@@ -273,5 +273,10 @@ + + + ++ ++ ++ s390-pv ++ ++ + + +diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml +index 0af8b9d..557c22a 100644 +--- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml +@@ -260,5 +260,10 @@ + 450 + + ++ ++ ++ sev ++ ++ + + +diff --git a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml +index cc20819..93491bb 100644 +--- a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml +@@ -256,5 +256,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml +index a80c86d..876418c 100644 +--- a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml +@@ -269,5 +269,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml +index 22f8c8a..6d280d6 100644 +--- a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml +@@ -256,5 +256,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml +index 782aa79..7af1069 100644 +--- a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml +@@ -256,5 +256,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml +index 7ed62fb..4283863 100644 +--- a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml +@@ -271,5 +271,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml +index 64bed8b..09c7af6 100644 +--- a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml +@@ -218,5 +218,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml +index 64bed8b..09c7af6 100644 +--- a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml +@@ -218,5 +218,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml +index 69a6bcc..f2cf750 100644 +--- a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml +@@ -170,5 +170,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml +index e6283ff..a407ddc 100644 +--- a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml +@@ -256,5 +256,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml b/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml +index 94a79e8..9c7b63f 100644 +--- a/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml ++++ b/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml +@@ -172,5 +172,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml +index 50b2ee2..b48e443 100644 +--- a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml +@@ -266,5 +266,6 @@ +
+ + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml +index 3a71b54..8a29213 100644 +--- a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml +@@ -281,5 +281,6 @@ +
+ + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml +index d5830c4..4d047b1 100644 +--- a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml +@@ -217,5 +217,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml +index d5830c4..4d047b1 100644 +--- a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml +@@ -217,5 +217,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml +index c865dcf..6385402 100644 +--- a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml +@@ -175,5 +175,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml +index fa4b912..02c781b 100644 +--- a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml +@@ -266,5 +266,6 @@ +
+ + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml +index 2eec2e3..1964de8 100644 +--- a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml +@@ -256,5 +256,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml +index 1ae2a7c..7361e3a 100644 +--- a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml +@@ -270,5 +270,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml +index aa3a057..82f8788 100644 +--- a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml +@@ -168,5 +168,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml +index 449e1b5..f236ae5 100644 +--- a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml +@@ -256,5 +256,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml b/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml +index dfd3194..6faacb8 100644 +--- a/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml ++++ b/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml +@@ -179,5 +179,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml +index e48a07d..16a6675 100644 +--- a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml +@@ -262,5 +262,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml +index 69b6be7..322ab03 100644 +--- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml ++++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml +@@ -260,5 +260,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml +index 69b6be7..322ab03 100644 +--- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml +@@ -260,5 +260,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.2.0.ppc.xml b/tests/domaincapsdata/qemu_7.2.0.ppc.xml +index 7fd4b1c..8cd76c0 100644 +--- a/tests/domaincapsdata/qemu_7.2.0.ppc.xml ++++ b/tests/domaincapsdata/qemu_7.2.0.ppc.xml +@@ -154,5 +154,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml +index d116cf2..dd67bb5 100644 +--- a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml +@@ -262,5 +262,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml +index 2815064..becea14 100644 +--- a/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml +@@ -281,5 +281,6 @@ + avic + + ++ + + +diff --git a/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml b/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml +index 1911e34..73b3ebe 100644 +--- a/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml +@@ -155,5 +155,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml +index efb5fcb..f50047c 100644 +--- a/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml +@@ -283,5 +283,6 @@ + avic + + ++ + + +diff --git a/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml b/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml +index d331dc4..a243713 100644 +--- a/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml +@@ -158,5 +158,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_8.0.0.x86_64.xml b/tests/domaincapsdata/qemu_8.0.0.x86_64.xml +index 07d1d06..9e167f6 100644 +--- a/tests/domaincapsdata/qemu_8.0.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0.x86_64.xml +@@ -281,5 +281,6 @@ + avic + + ++ + + +diff --git a/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml +index 4d438ef..967a5f3 100644 +--- a/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml +@@ -283,5 +283,6 @@ + avic + + ++ + + +diff --git a/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml +index e32cd80..4db25d3 100644 +--- a/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml +@@ -284,5 +284,6 @@ + avic + + ++ + + +diff --git a/tests/domaincapsdata/qemu_8.1.0.s390x.xml b/tests/domaincapsdata/qemu_8.1.0.s390x.xml +index 37c7c3b..2a7cc97 100644 +--- a/tests/domaincapsdata/qemu_8.1.0.s390x.xml ++++ b/tests/domaincapsdata/qemu_8.1.0.s390x.xml +@@ -280,5 +280,10 @@ + + + ++ ++ ++ s390-pv ++ ++ + + +diff --git a/tests/domaincapsdata/qemu_8.1.0.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0.x86_64.xml +index 919357e..db95884 100644 +--- a/tests/domaincapsdata/qemu_8.1.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.1.0.x86_64.xml +@@ -283,5 +283,6 @@ + avic + + ++ + + +diff --git a/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml +index f711a51..419423e 100644 +--- a/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml +@@ -285,5 +285,6 @@ + avic + + ++ + + +diff --git a/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml +index 784a29a..5cddf3c 100644 +--- a/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml +@@ -284,5 +284,6 @@ + avic + + ++ + + +diff --git a/tests/domaincapsdata/qemu_8.2.0.x86_64.xml b/tests/domaincapsdata/qemu_8.2.0.x86_64.xml +index bc060e2..f4d42ea 100644 +--- a/tests/domaincapsdata/qemu_8.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.2.0.x86_64.xml +@@ -285,5 +285,6 @@ + avic + + ++ + + +-- +2.43.0 + diff --git a/0003-v4-1-4-src-Add-ARM-CCA-support-in-qemu-driver-to-lau.patch b/0003-v4-1-4-src-Add-ARM-CCA-support-in-qemu-driver-to-lau.patch new file mode 100644 index 0000000..4de5b81 --- /dev/null +++ b/0003-v4-1-4-src-Add-ARM-CCA-support-in-qemu-driver-to-lau.patch @@ -0,0 +1,375 @@ +From a326e4b429de5b67288dbc2c8a9714e3812f1bb2 Mon Sep 17 00:00:00 2001 +From: Kazuhiro Abe +Date: Thu, 21 Aug 2025 19:19:32 +0800 +Subject: [PATCH 3/5] [v4-1-4]src: Add ARM CCA support in qemu driver to launch + VM + +bugzilla:https://gitee.com/openeuler/libvirt/issues/ICU4UF?from=project-issue +reference:https://patchew.org/Libvirt/20250612071418.2926384-1-fj1078ii@aa.jp.fujitsu.com/ + +-------------------------------- + +src: Add ARM CCA support in qemu driver to launch VM + +bugzilla:https://gitee.com/openeuler/libvirt/issues/ICU4UF?from=project-issue +reference:https://patchew.org/Libvirt/20250612071418.2926384-1-fj1078ii@aa.jp.fujitsu.com/ + +-------------------------------- + +- Add ARM CCA support to the qemu driver for aarch64 systems. + +[XML example] + + ... + + sha256 + + ... + + +Signed-off-by: Kazuhiro Abe +Signed-off-by: rpm-build +--- + docs/formatdomain.rst | 43 ++++++++++++++++++++++++++++++++++ + src/conf/domain_capabilities.h | 6 +++++ + src/conf/domain_conf.c | 25 ++++++++++++++++++++ + src/conf/domain_conf.h | 9 +++++++ + src/conf/virconftypes.h | 2 ++ + src/qemu/qemu_capabilities.c | 4 ++++ + src/qemu/qemu_capabilities.h | 1 + + src/qemu/qemu_command.c | 28 ++++++++++++++++++++++ + src/qemu/qemu_firmware.c | 1 + + src/qemu/qemu_namespace.c | 2 ++ + src/qemu/qemu_process.c | 2 ++ + src/qemu/qemu_validate.c | 4 ++++ + 12 files changed, 127 insertions(+) + +diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst +index 310d2bc..85a6a0a 100644 +--- a/docs/formatdomain.rst ++++ b/docs/formatdomain.rst +@@ -8748,6 +8748,49 @@ spec `__ + session blob defined in the SEV API spec. See SEV spec LAUNCH_START section + for the session blob format. + ++The contents of the ```` element is used to create ++RealmVM using the Arm CCA feature (Confidential Compute Architecture). ++CCA :since:`Since 11.0.0` enhances the virtualization capabilities of the ++platform by separating the management of resources from access to those resources. ++This is achieved by extending the TrustZone of Cortex-A's Normal and Secure ++world concepts and adding the Realm world and the underlying Root world. ++The Secure Monitor runs in the root world and manages the transition between ++these security states. For more information see the Learn the architecture - ++Arm Confidential Compute Architecture software stack: ++``__ ++ ++:: ++ ++ ++ ... ++ ++ sha256 ++ ... ++ ++ ... ++ ++ ++The ```` element accepts the following attributes: ++ ++``measurement-algo`` ++ The optional ``measurement-algo`` element determines algorithm used to ++ describe blob hashes. ++ ++``personalization-value`` ++ The optional ``personalization-value`` element is used to configure ++ the Realm Personalization Value (RPV). The Realm Personalization ++ Value (RPV) is provided by the user to distinguish Realms that have ++ the same initial measurement. The personalization-value for libvirt ++ must be an 88-character string representing the Base64 encoding of ++ the 64-byte hexadecimal value defined in the RMM specification. ++ Ensure that you encode the 64-byte hex value from the RMM specification ++ using Base64 before providing it to libvirt. ++ ++``measurement-log`` ++ The optional ``measurement-log`` element provides a way to create ++ an event log in the format defined by the Trusted Computing Group ++ for TPM2. ++ + Example configs + =============== + +diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h +index ef2d6de..8718910 100644 +--- a/src/conf/domain_capabilities.h ++++ b/src/conf/domain_capabilities.h +@@ -239,6 +239,12 @@ struct _virSGXCapability { + virSGXSection *sgxSections; + }; + ++typedef struct _virCCACapability virCCACapability; ++struct _virCCACapability { ++ size_t nCcaMeasurementAlgo; ++ char **ccaMeasurementAlgo; ++}; ++ + STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_MODEL_LAST); + STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_TYPE_LAST); + STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_BACKEND_LAST); +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index d18e19b..1a1f354 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -1514,6 +1514,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity, + "", + "sev", + "s390-pv", ++ "cca", + ); + + typedef enum { +@@ -3825,6 +3826,10 @@ virDomainSecDefFree(virDomainSecDef *def) + g_free(def->data.sev.secret_header); + g_free(def->data.sev.secret); + break; ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ g_free(def->data.cca.measurement_algo); ++ g_free(def->data.cca.personalization_value); ++ break; + case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: +@@ -13497,6 +13502,21 @@ virDomainSEVDefParseXML(virDomainSEVDef *def, + } + + ++static int ++virDomainCCADefParseXML(virDomainCCADef *def, ++ xmlXPathContextPtr ctxt) ++{ ++ def->measurement_algo = virXPathString("string(./measurement-algo)", ctxt); ++ def->personalization_value = virXPathString("string(./personalization-value)", ctxt); ++ ++ if (virXMLPropTristateBool(ctxt->node, "measurement-log", VIR_XML_PROP_NONE, ++ &def->measurement_log) < 0) ++ return -1; ++ ++ return 0; ++} ++ ++ + static virDomainSecDef * + virDomainSecDefParseXML(xmlNodePtr lsecNode, + xmlXPathContextPtr ctxt) +@@ -13518,6 +13538,10 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode, + break; + case VIR_DOMAIN_LAUNCH_SECURITY_PV: + break; ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ if (virDomainCCADefParseXML(&sec->data.cca, ctxt) < 0) ++ return NULL; ++ break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: + default: +@@ -26545,6 +26569,7 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec) + } + + case VIR_DOMAIN_LAUNCH_SECURITY_PV: ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; + + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: +diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h +index 63f88bd..8dc10a2 100644 +--- a/src/conf/domain_conf.h ++++ b/src/conf/domain_conf.h +@@ -2846,6 +2846,7 @@ typedef enum { + VIR_DOMAIN_LAUNCH_SECURITY_NONE, + VIR_DOMAIN_LAUNCH_SECURITY_SEV, + VIR_DOMAIN_LAUNCH_SECURITY_PV, ++ VIR_DOMAIN_LAUNCH_SECURITY_CCA, + + VIR_DOMAIN_LAUNCH_SECURITY_LAST, + } virDomainLaunchSecurity; +@@ -2865,10 +2866,18 @@ struct _virDomainSEVDef { + char *secret; + }; + ++struct _virDomainCCADef { ++ char *measurement_algo; ++ char *personalization_value; ++ virTristateBool measurement_log; ++}; ++ ++ + struct _virDomainSecDef { + virDomainLaunchSecurity sectype; + union { + virDomainSEVDef sev; ++ virDomainCCADef cca; + } data; + }; + +diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h +index 26cb966..b9b52af 100644 +--- a/src/conf/virconftypes.h ++++ b/src/conf/virconftypes.h +@@ -210,6 +210,8 @@ typedef struct _virDomainResourceDef virDomainResourceDef; + + typedef struct _virDomainSEVDef virDomainSEVDef; + ++typedef struct _virDomainCCADef virDomainCCADef; ++ + typedef struct _virDomainSecDef virDomainSecDef; + + typedef struct _virDomainShmemDef virDomainShmemDef; +diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c +index d0da3ed..c7d96d1 100644 +--- a/src/qemu/qemu_capabilities.c ++++ b/src/qemu/qemu_capabilities.c +@@ -698,6 +698,7 @@ VIR_ENUM_IMPL(virQEMUCaps, + /* 450 */ + "run-with.async-teardown", /* QEMU_CAPS_RUN_WITH_ASYNC_TEARDOWN */ + "virtio-blk-vhost-vdpa", /* QEMU_CAPS_DEVICE_VIRTIO_BLK_VHOST_VDPA */ ++ "rme-guest", /* QEMU_CAPS_CCA_GUEST */ + ); + + +@@ -783,6 +784,8 @@ struct _virQEMUCaps { + + virSGXCapability *sgxCapabilities; + ++ virCCACapability *ccaCapabilities; ++ + virDomainCapsFeatureHyperv *hypervCapabilities; + + /* Capabilities which may differ depending on the accelerator. */ +@@ -1386,6 +1389,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = { + { "virtio-crypto-device", QEMU_CAPS_DEVICE_VIRTIO_CRYPTO }, + { "cryptodev-backend-lkcf", QEMU_CAPS_OBJECT_CRYPTO_LKCF }, + { "pvpanic-pci", QEMU_CAPS_DEVICE_PANIC_PCI }, ++ { "rme-guest", QEMU_CAPS_CCA_GUEST }, + }; + + +diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h +index 4670e45..e75ba1f 100644 +--- a/src/qemu/qemu_capabilities.h ++++ b/src/qemu/qemu_capabilities.h +@@ -677,6 +677,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */ + /* 450 */ + QEMU_CAPS_RUN_WITH_ASYNC_TEARDOWN, /* asynchronous teardown -run-with async-teardown=on|off */ + QEMU_CAPS_DEVICE_VIRTIO_BLK_VHOST_VDPA, /* virtio-blk-vhost-vdpa block driver */ ++ QEMU_CAPS_CCA_GUEST, /* -object rme-guest */ + + QEMU_CAPS_LAST /* this must always be the last item */ + } virQEMUCapsFlags; +diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c +index e34b7a0..619e13b 100644 +--- a/src/qemu/qemu_command.c ++++ b/src/qemu/qemu_command.c +@@ -7003,6 +7003,9 @@ qemuBuildMachineCommandLine(virCommand *cmd, + case VIR_DOMAIN_LAUNCH_SECURITY_PV: + virBufferAddLit(&buf, ",confidential-guest-support=lsec0"); + break; ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ virBufferAddLit(&buf, ",confidential-guest-support=rme0"); ++ break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: + virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype); +@@ -9729,6 +9732,29 @@ qemuBuildPVCommandLine(virDomainObj *vm, virCommand *cmd) + } + + ++static int ++qemuBuildCCACommandLine(virCommand *cmd, virDomainCCADef *cca, qemuDomainObjPrivate *priv) ++{ ++ g_autoptr(virJSONValue) props = NULL; ++ ++ VIR_DEBUG("measurement_algorithm=%s personalization_value=%s measurement_log=%d", ++ cca->measurement_algo, cca->personalization_value, ++ cca->measurement_log); ++ ++ if (qemuMonitorCreateObjectProps(&props, "rme-guest", "rme0", ++ "S:measurement-algorithm", cca->measurement_algo, ++ "S:personalization-value", cca->personalization_value, ++ "T:measurement-log", cca->measurement_log, ++ NULL) < 0) ++ return -1; ++ ++ if (qemuBuildObjectCommandlineFromJSON(cmd, props, priv->qemuCaps) < 0) ++ return -1; ++ ++ return 0; ++} ++ ++ + static int + qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd, + virDomainSecDef *sec) +@@ -9743,6 +9769,8 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd, + case VIR_DOMAIN_LAUNCH_SECURITY_PV: + return qemuBuildPVCommandLine(vm, cmd); + break; ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ return qemuBuildCCACommandLine(cmd, &sec->data.cca, vm->privateData); + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: + virReportEnumRangeError(virDomainLaunchSecurity, sec->sectype); +diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c +index d39e61d..9a65156 100644 +--- a/src/qemu/qemu_firmware.c ++++ b/src/qemu/qemu_firmware.c +@@ -1374,6 +1374,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def, + } + break; + case VIR_DOMAIN_LAUNCH_SECURITY_PV: ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: +diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c +index 915d443..12a7a95 100644 +--- a/src/qemu/qemu_namespace.c ++++ b/src/qemu/qemu_namespace.c +@@ -659,6 +659,8 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm, + + VIR_DEBUG("Set up launch security for SEV"); + break; ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ break; + case VIR_DOMAIN_LAUNCH_SECURITY_PV: + break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: +diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c +index cf7ae8b..779da11 100644 +--- a/src/qemu/qemu_process.c ++++ b/src/qemu/qemu_process.c +@@ -6754,6 +6754,8 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainObj *vm) + switch ((virDomainLaunchSecurity) sec->sectype) { + case VIR_DOMAIN_LAUNCH_SECURITY_SEV: + return qemuProcessPrepareSEVGuestInput(vm); ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ return 0; + case VIR_DOMAIN_LAUNCH_SECURITY_PV: + return 0; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: +diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c +index d32b20a..bd347f4 100644 +--- a/src/qemu/qemu_validate.c ++++ b/src/qemu/qemu_validate.c +@@ -1322,6 +1322,10 @@ qemuValidateDomainDef(const virDomainDef *def, + return -1; + } + break; ++ ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ break; ++ + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: + virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype); +-- +2.43.0 + diff --git a/0004-v4-2-4-src-Add-ARM-CCA-support-in-domain-capabilitie.patch b/0004-v4-2-4-src-Add-ARM-CCA-support-in-domain-capabilitie.patch new file mode 100644 index 0000000..4a89ec4 --- /dev/null +++ b/0004-v4-2-4-src-Add-ARM-CCA-support-in-domain-capabilitie.patch @@ -0,0 +1,1370 @@ +From 550a3d4296fffb285fc6290f225fab01cb806af0 Mon Sep 17 00:00:00 2001 +From: Kazuhiro Abe +Date: Thu, 21 Aug 2025 19:38:21 +0800 +Subject: [PATCH 4/5] [v4-2-4]src: Add ARM CCA support in domain capabilities + command + +bugzilla:https://gitee.com/openeuler/libvirt/issues/ICU4UF?from=project-issue +reference:https://patchew.org/Libvirt/20250612071418.2926384-1-fj1078ii@aa.jp.fujitsu.com/ + +---------------------------------------- + +src: Add ARM CCA support in domain capabilities command + +bugzilla:https://gitee.com/openeuler/libvirt/issues/ICU4UF?from=project-issue +reference:https://patchew.org/Libvirt/20250612071418.2926384-1-fj1078ii@aa.jp.fujitsu.com/ + +---------------------------------------- + +- Add ARM CCA support in domain capabilies XML schema. + +[Capability example] +- Execution results of 'virsh domcapability" on qemu + +... + + ... + + + + sha256 + sha512 + + + + ... + + + +Signed-off-by: Kazuhiro Abe +Signed-off-by: rpm-build +--- + docs/formatdomaincaps.rst | 27 ++++- + src/conf/domain_capabilities.c | 48 +++++++++ + src/conf/domain_capabilities.h | 6 ++ + src/libvirt_private.syms | 1 + + src/qemu/qemu_capabilities.c | 28 ++++++ + src/qemu/qemu_monitor.c | 10 ++ + src/qemu/qemu_monitor.h | 3 + + src/qemu/qemu_monitor_json.c | 98 +++++++++++++++++++ + src/qemu/qemu_monitor_json.h | 4 + + tests/domaincapsdata/empty.xml | 1 + + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + + .../qemu_4.2.0-virt.aarch64.xml | 1 + + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + + .../qemu_5.0.0-tcg-virt.riscv64.xml | 1 + + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + + .../qemu_5.0.0-virt.aarch64.xml | 1 + + .../qemu_5.0.0-virt.riscv64.xml | 1 + + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 + + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 + + .../qemu_5.2.0-tcg-virt.riscv64.xml | 1 + + .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 + + .../qemu_5.2.0-virt.aarch64.xml | 1 + + .../qemu_5.2.0-virt.riscv64.xml | 1 + + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 + + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 + + .../qemu_6.0.0-virt.aarch64.xml | 1 + + tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 + + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 1 + + .../qemu_6.2.0-virt.aarch64.xml | 1 + + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 1 + + .../qemu_7.0.0-hvf.aarch64+hvf.xml | 1 + + .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 1 + + .../qemu_7.0.0-virt.aarch64.xml | 1 + + tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_7.1.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 1 + + .../qemu_7.2.0-hvf.x86_64+hvf.xml | 1 + + .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 1 + + .../qemu_7.2.0-tcg.x86_64+hvf.xml | 1 + + .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_7.2.0.ppc.xml | 1 + + tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_8.0.0-q35.x86_64.xml | 1 + + .../qemu_8.0.0-tcg-virt.riscv64.xml | 1 + + .../domaincapsdata/qemu_8.0.0-tcg.x86_64.xml | 1 + + .../qemu_8.0.0-virt.riscv64.xml | 1 + + tests/domaincapsdata/qemu_8.0.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_8.1.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_8.1.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_8.1.0.s390x.xml | 1 + + tests/domaincapsdata/qemu_8.1.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_8.2.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_8.2.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_8.2.0.x86_64.xml | 1 + + 82 files changed, 297 insertions(+), 1 deletion(-) + +diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst +index 86353a6..ba08a86 100644 +--- a/docs/formatdomaincaps.rst ++++ b/docs/formatdomaincaps.rst +@@ -663,6 +663,12 @@ capabilities. All features occur as children of the main ``features`` element. +
+ + ++ ++ ++ sha256 ++ sha512 ++ ++ + + + relaxed +@@ -784,6 +790,24 @@ document store. In order to use SGX with libvirt have a look at `SGX in domain X + ``sections`` + The sections of the SGX enclave page cache (called EPC). + ++CCA capabilities ++^^^^^^^^^^^^^^^^ ++ ++Arm Confidential Compute Architecture (CCA) capabilities are exposed under the ++``cca`` element. ++ ++Arm CCA is a system solution comprised of hardware and software components that ++maximizes the security of data on devices and in the cloud. ++CCA enhances the virtualization capabilities of the platform by separating the ++management of resources from access to those resources. ++ ++For more details on the CCA feature, please follow resources in the CCA developer's ++document store. In order to use CCA with libvirt have a look at `CCA in domain ++XML `__ ++ ++``measurement-algo`` ++ Options for the ``measurement-algo`` used to describe blob hashes. ++ + + Hyper-V Enlightenments + ^^^^^^^^^^^^^^^^^^^^^^ +@@ -805,4 +829,5 @@ The ``sectype`` enum corresponds to ``type`` attribute of ```` + element as documented in `Launch Security + `__. :since:`(Since 10.5.0)` For additional + information on individual types, see sections above: `s390-pv capability`_ for +-S390 PV, `SEV capabilities`_ for AMD SEV and/or AMD SEV-SNP. ++S390 PV, `SEV capabilities`_ for AMD SEV and/or AMD SEV-SNP, `CCA capabilities`_ ++for Arm CCA. +diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c +index 2c69ba0..c5fa73b 100644 +--- a/src/conf/domain_capabilities.c ++++ b/src/conf/domain_capabilities.c +@@ -88,6 +88,25 @@ virSGXCapabilitiesFree(virSGXCapability *cap) + } + + ++void ++virCCACapabilitiesFree(virCCACapability *cap) ++{ ++ size_t i; ++ ++ if (!cap) ++ return; ++ ++ if (cap->nCcaMeasurementAlgo) ++ for (i = 0; i < cap->nCcaMeasurementAlgo; i++) ++ g_free(cap->ccaMeasurementAlgo[i]); ++ ++ if (cap->ccaMeasurementAlgo) ++ g_free(cap->ccaMeasurementAlgo); ++ ++ g_free(cap); ++} ++ ++ + static void + virDomainCapsDispose(void *obj) + { +@@ -101,6 +120,7 @@ virDomainCapsDispose(void *obj) + virCPUDefFree(caps->cpu.hostModel); + virSEVCapabilitiesFree(caps->sev); + virSGXCapabilitiesFree(caps->sgx); ++ virCCACapabilitiesFree(caps->cca); + g_free(caps->hyperv); + + values = &caps->os.loader.values; +@@ -693,6 +713,33 @@ virDomainCapsFeatureSGXFormat(virBuffer *buf, + virBufferAddLit(buf, "\n"); + } + ++static void ++virDomainCapsFeatureCCAFormat(virBuffer *buf, ++ const virCCACapability *cca) ++{ ++ size_t i; ++ ++ if (!cca) { ++ virBufferAddLit(buf, "\n"); ++ return; ++ } ++ ++ virBufferAddLit(buf, "\n"); ++ virBufferAdjustIndent(buf, 2); ++ ++ virBufferAddLit(buf, "\n"); ++ virBufferAdjustIndent(buf, 2); ++ for (i = 0; i < cca->nCcaMeasurementAlgo; i++) { ++ virBufferAsprintf(buf, "%s\n", ++ cca->ccaMeasurementAlgo[i]); ++ } ++ virBufferAdjustIndent(buf, -2); ++ virBufferAddLit(buf, "\n"); ++ ++ virBufferAdjustIndent(buf, -2); ++ virBufferAddLit(buf, "\n"); ++} ++ + static void + virDomainCapsFeatureHypervFormat(virBuffer *buf, + const virDomainCapsFeatureHyperv *hyperv) +@@ -740,6 +787,7 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps, + + virDomainCapsFeatureSEVFormat(&childBuf, caps->sev); + virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx); ++ virDomainCapsFeatureCCAFormat(&childBuf, caps->cca); + virDomainCapsFeatureHypervFormat(&childBuf, caps->hyperv); + virDomainCapsLaunchSecurityFormat(&childBuf, &caps->launchSecurity); + +diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h +index 8718910..1b72764 100644 +--- a/src/conf/domain_capabilities.h ++++ b/src/conf/domain_capabilities.h +@@ -297,6 +297,7 @@ struct _virDomainCaps { + virDomainCapsFeatureGIC gic; + virSEVCapability *sev; + virSGXCapability *sgx; ++ virCCACapability *cca; + virDomainCapsFeatureHyperv *hyperv; + virDomainCapsLaunchSecurity launchSecurity; + /* add new domain features here */ +@@ -354,3 +355,8 @@ void + virSGXCapabilitiesFree(virSGXCapability *capabilities); + + G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree); ++ ++void ++virCCACapabilitiesFree(virCCACapability *capabilities); ++ ++G_DEFINE_AUTOPTR_CLEANUP_FUNC(virCCACapability, virCCACapabilitiesFree); +diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms +index 553b01b..09f316f 100644 +--- a/src/libvirt_private.syms ++++ b/src/libvirt_private.syms +@@ -206,6 +206,7 @@ virDomainAuditVcpu; + + + # conf/domain_capabilities.h ++virCCACapabilitiesFree; + virDomainCapsCPUModelsAdd; + virDomainCapsCPUModelsCopy; + virDomainCapsCPUModelsGet; +diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c +index c7d96d1..08bb1c7 100644 +--- a/src/qemu/qemu_capabilities.c ++++ b/src/qemu/qemu_capabilities.c +@@ -3481,6 +3481,32 @@ virQEMUCapsProbeQMPSGXCapabilities(virQEMUCaps *qemuCaps, + } + + ++static int ++virQEMUCapsProbeQMPCCACapabilities(virQEMUCaps *qemuCaps, ++ qemuMonitor *mon) ++{ ++ int rc = -1; ++ virCCACapability *caps = NULL; ++ ++ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_CCA_GUEST)) ++ return 0; ++ ++ if ((rc = qemuMonitorGetCCACapabilities(mon, &caps)) < 0) ++ return -1; ++ ++ /* CCA isn't actually supported */ ++ if (rc == 0) { ++ virQEMUCapsClear(qemuCaps, QEMU_CAPS_CCA_GUEST); ++ return 0; ++ } ++ ++ virCCACapabilitiesFree(qemuCaps->ccaCapabilities); ++ qemuCaps->ccaCapabilities = caps; ++ return 0; ++} ++ ++ ++ + /* + * Filter for features which should never be passed to QEMU. Either because + * QEMU never supported them or they were dropped as they never did anything +@@ -5568,6 +5594,8 @@ virQEMUCapsInitQMPMonitor(virQEMUCaps *qemuCaps, + return -1; + if (virQEMUCapsProbeQMPSGXCapabilities(qemuCaps, mon) < 0) + return -1; ++ if (virQEMUCapsProbeQMPCCACapabilities(qemuCaps, mon) < 0) ++ return -1; + + virQEMUCapsInitProcessCaps(qemuCaps); + +diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c +index ec586b9..600944a 100644 +--- a/src/qemu/qemu_monitor.c ++++ b/src/qemu/qemu_monitor.c +@@ -3449,6 +3449,16 @@ qemuMonitorGetSGXCapabilities(qemuMonitor *mon, + } + + ++int ++qemuMonitorGetCCACapabilities(qemuMonitor *mon, ++ virCCACapability **capabilities) ++{ ++ QEMU_CHECK_MONITOR(mon); ++ ++ return qemuMonitorJSONGetCCACapabilities(mon, capabilities); ++} ++ ++ + int + qemuMonitorNBDServerStart(qemuMonitor *mon, + const virStorageNetHostDef *server, +diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h +index c4af9b4..73cfbda 100644 +--- a/src/qemu/qemu_monitor.h ++++ b/src/qemu/qemu_monitor.h +@@ -832,6 +832,9 @@ int qemuMonitorGetSEVCapabilities(qemuMonitor *mon, + int qemuMonitorGetSGXCapabilities(qemuMonitor *mon, + virSGXCapability **capabilities); + ++int qemuMonitorGetCCACapabilities(qemuMonitor *mon, ++ virCCACapability **capabilities); ++ + typedef enum { + QEMU_MONITOR_MIGRATE_RESUME = 1 << 0, /* resume failed post-copy migration */ + QEMU_MONITOR_MIGRATION_FLAGS_LAST +diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c +index a913379..c96b2c3 100644 +--- a/src/qemu/qemu_monitor_json.c ++++ b/src/qemu/qemu_monitor_json.c +@@ -6109,6 +6109,104 @@ qemuMonitorJSONGetSGXCapabilities(qemuMonitor *mon, + } + + ++static int ++qemuMonitorJSONGetCCAMeasurementAlgo(qemuMonitor *mon, ++ size_t *numalgo, ++ char ***malgo) ++{ ++ g_autoptr(virJSONValue) cmd = NULL; ++ g_autoptr(virJSONValue) reply = NULL; ++ virJSONValue *caps; ++ virJSONValue *malgolist = NULL; ++ g_auto(GStrv) list = NULL; ++ size_t i; ++ size_t n = 0; ++ ++ if (!(cmd = qemuMonitorJSONMakeCommand("query-cca-capabilities", ++ NULL))) ++ return -1; ++ ++ if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) ++ return -1; ++ ++ /* If the 'query-cca-capabilities' QMP command was not available ++ * we simply successfully return zero capabilities. ++ * This is the current QEMU (=9.1.91) and all non-ARM architectures */ ++ if (qemuMonitorJSONHasError(reply, "CommandNotFound")) ++ return 0; ++ ++ if (qemuMonitorJSONCheckError(cmd, reply) < 0) ++ return -1; ++ ++ caps = virJSONValueObjectGetObject(reply, "return"); ++ ++ if (!(caps = qemuMonitorJSONGetReply(cmd, reply, VIR_JSON_TYPE_OBJECT))) ++ return -1; ++ ++ if ((malgolist = virJSONValueObjectGetArray(caps, "sections"))) { ++ n = virJSONValueArraySize(malgolist); ++ ++ /* If the received array is empty, an error is returned. */ ++ if (n == 0) ++ return -1; ++ ++ list = g_new0(char *, n + 1); ++ ++ for (i = 0; i < n; i++) { ++ virJSONValue *cap = virJSONValueArrayGet(malgolist, i); ++ const char *measurement_algo = NULL; ++ ++ if (!cap || virJSONValueGetType(cap) != VIR_JSON_TYPE_OBJECT) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", ++ _("missing entry in CCA capabilities list")); ++ return -1; ++ } ++ ++ if (!(measurement_algo = virJSONValueObjectGetString(cap, "measurement-algo"))) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", ++ _("query-cca-capabilities reply was missing 'measurement-algo' field")); ++ return -1; ++ } ++ ++ list[i] = g_strdup(measurement_algo); ++ } ++ } ++ ++ *numalgo = n; ++ *malgo = g_steal_pointer(&list); ++ return 1; ++} ++ ++ ++/** ++ * qemuMonitorJSONGetCCACapabilities: ++ * @mon: qemu monitor object ++ * @capabilities: pointer to pointer to a CCA capability structure to be filled ++ * ++ * Returns -1 on error, 0 if CCA is not supported, and 1 if CCA is supported on ++ * the platform. ++ */ ++int ++qemuMonitorJSONGetCCACapabilities(qemuMonitor *mon, ++ virCCACapability **capabilities) ++{ ++ g_autoptr(virCCACapability) capability = NULL; ++ int ret = 0; ++ ++ *capabilities = NULL; ++ capability = g_new0(virCCACapability, 1); ++ ++ ret = qemuMonitorJSONGetCCAMeasurementAlgo(mon, ++ &capability->nCcaMeasurementAlgo, ++ &capability->ccaMeasurementAlgo); ++ ++ if (ret > 0) ++ *capabilities = g_steal_pointer(&capability); ++ ++ return ret; ++} ++ ++ + static virJSONValue * + qemuMonitorJSONBuildInetSocketAddress(const char *host, + const char *port) +diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h +index ed0027c..6a82cd5 100644 +--- a/src/qemu/qemu_monitor_json.h ++++ b/src/qemu/qemu_monitor_json.h +@@ -168,6 +168,10 @@ int + qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, + virSEVCapability **capabilities); + ++int ++qemuMonitorJSONGetCCACapabilities(qemuMonitor *mon, ++ virCCACapability **capabilities); ++ + int + qemuMonitorJSONMigrate(qemuMonitor *mon, + unsigned int flags, +diff --git a/tests/domaincapsdata/empty.xml b/tests/domaincapsdata/empty.xml +index 97752ca..5157d68 100644 +--- a/tests/domaincapsdata/empty.xml ++++ b/tests/domaincapsdata/empty.xml +@@ -14,5 +14,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml +index 7e1bdce..4ddfbb4 100644 +--- a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml +@@ -318,6 +318,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml +index 7015920..206c8df 100644 +--- a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml +@@ -264,6 +264,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml +index acf69bd..0175d87 100644 +--- a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml +@@ -196,6 +196,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml +index acf69bd..0175d87 100644 +--- a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml +@@ -196,6 +196,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml +index 338bcf1..965e98f 100644 +--- a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml +@@ -164,6 +164,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_4.2.0.s390x.xml b/tests/domaincapsdata/qemu_4.2.0.s390x.xml +index a2268fb..7aa8e03 100644 +--- a/tests/domaincapsdata/qemu_4.2.0.s390x.xml ++++ b/tests/domaincapsdata/qemu_4.2.0.s390x.xml +@@ -270,6 +270,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml +index 0928216..1eaf56d 100644 +--- a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml +@@ -318,6 +318,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml +index d99b2a4..ca45869 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml +@@ -320,6 +320,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml b/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml +index 73e2fdd..07893aa 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml +@@ -149,6 +149,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml +index ee819f9..25bf81f 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml +@@ -266,6 +266,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml +index 02a7695..a141d4c 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml +@@ -209,6 +209,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml b/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml +index f9a7d8b..b596a87 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml +@@ -152,6 +152,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml +index 02a7695..a141d4c 100644 +--- a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml +@@ -209,6 +209,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml +index e887156..5c8449a 100644 +--- a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml +@@ -171,6 +171,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml +index b3126cf..4a77889 100644 +--- a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml +@@ -320,6 +320,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml +index d89060b..33f7543 100644 +--- a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml +@@ -253,6 +253,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml +index 78f1461..938b075 100644 +--- a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml +@@ -266,6 +266,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.1.0.sparc.xml b/tests/domaincapsdata/qemu_5.1.0.sparc.xml +index b9a9531..be7fec9 100644 +--- a/tests/domaincapsdata/qemu_5.1.0.sparc.xml ++++ b/tests/domaincapsdata/qemu_5.1.0.sparc.xml +@@ -135,6 +135,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml +index 469c515..db35ef9 100644 +--- a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml +@@ -253,6 +253,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml +index 2ce499b..b0c4521 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml +@@ -253,6 +253,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml b/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml +index 73e2fdd..07893aa 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml +@@ -149,6 +149,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml +index d89e357..d108a6a 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml +@@ -266,6 +266,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml +index 2b83eee..87e41b2 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml +@@ -209,6 +209,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml b/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml +index f9a7d8b..b596a87 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml +@@ -152,6 +152,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml +index 2b83eee..87e41b2 100644 +--- a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml +@@ -209,6 +209,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml +index 2ed2512..ba9d764 100644 +--- a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml +@@ -171,6 +171,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0.s390x.xml b/tests/domaincapsdata/qemu_5.2.0.s390x.xml +index a865b63..37718e6 100644 +--- a/tests/domaincapsdata/qemu_5.2.0.s390x.xml ++++ b/tests/domaincapsdata/qemu_5.2.0.s390x.xml +@@ -272,6 +272,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml +index e8e7517..839aaa5 100644 +--- a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml +@@ -253,6 +253,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml +index ed2511d..de1c09e 100644 +--- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml +@@ -260,6 +260,7 @@ + 450 + + ++ + + + sev +diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml +index 3eaf8e9..b1c6c29 100644 +--- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml +@@ -274,6 +274,7 @@ + 450 + + ++ + + + sev +diff --git a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml +index a9a56ee..68a600b 100644 +--- a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml +@@ -211,6 +211,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml +index a9a56ee..68a600b 100644 +--- a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml +@@ -211,6 +211,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.0.0.s390x.xml b/tests/domaincapsdata/qemu_6.0.0.s390x.xml +index d4fdef3..d4b4e8b 100644 +--- a/tests/domaincapsdata/qemu_6.0.0.s390x.xml ++++ b/tests/domaincapsdata/qemu_6.0.0.s390x.xml +@@ -273,6 +273,7 @@ + + + ++ + + + s390-pv +diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml +index 557c22a..152a4fe 100644 +--- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml +@@ -260,6 +260,7 @@ + 450 + + ++ + + + sev +diff --git a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml +index 93491bb..076517b 100644 +--- a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml +@@ -256,6 +256,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml +index 876418c..e2c0d09 100644 +--- a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml +@@ -269,6 +269,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml +index 6d280d6..f0aa445 100644 +--- a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml +@@ -256,6 +256,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml +index 7af1069..f27faff 100644 +--- a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml +@@ -256,6 +256,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml +index 4283863..6f66102 100644 +--- a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml +@@ -271,6 +271,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml +index 09c7af6..4967bed 100644 +--- a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml +@@ -218,6 +218,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml +index 09c7af6..4967bed 100644 +--- a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml +@@ -218,6 +218,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml +index f2cf750..5128cfd 100644 +--- a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml +@@ -170,6 +170,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml +index a407ddc..b204376 100644 +--- a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml +@@ -256,6 +256,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml b/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml +index 9c7b63f..bbefbfc 100644 +--- a/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml ++++ b/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml +@@ -172,6 +172,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml +index b48e443..da71510 100644 +--- a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml +@@ -266,6 +266,7 @@ +
+ + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml +index 8a29213..bea11e4 100644 +--- a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml +@@ -281,6 +281,7 @@ +
+ + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml +index 4d047b1..1f3571a 100644 +--- a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml +@@ -217,6 +217,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml +index 4d047b1..1f3571a 100644 +--- a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml +@@ -217,6 +217,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml +index 6385402..c1825ea 100644 +--- a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml +@@ -175,6 +175,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml +index 02c781b..28d1687 100644 +--- a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml +@@ -266,6 +266,7 @@ +
+ + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml +index 1964de8..d1dc893 100644 +--- a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml +@@ -256,6 +256,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml +index 7361e3a..7553983 100644 +--- a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml +@@ -270,6 +270,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml +index 82f8788..7bcb42f 100644 +--- a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml +@@ -168,6 +168,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml +index f236ae5..1fa7c27 100644 +--- a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml +@@ -256,6 +256,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml b/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml +index 6faacb8..13a8715 100644 +--- a/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml ++++ b/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml +@@ -179,6 +179,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml +index 16a6675..29e7cf8 100644 +--- a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml +@@ -262,6 +262,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml +index 322ab03..36483f7 100644 +--- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml ++++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml +@@ -260,6 +260,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml +index 322ab03..36483f7 100644 +--- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml +@@ -260,6 +260,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.2.0.ppc.xml b/tests/domaincapsdata/qemu_7.2.0.ppc.xml +index 8cd76c0..fdaafb4 100644 +--- a/tests/domaincapsdata/qemu_7.2.0.ppc.xml ++++ b/tests/domaincapsdata/qemu_7.2.0.ppc.xml +@@ -154,6 +154,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml +index dd67bb5..d79631d 100644 +--- a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml +@@ -262,6 +262,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml +index becea14..470f397 100644 +--- a/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml +@@ -263,6 +263,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml b/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml +index 73b3ebe..ab17f18 100644 +--- a/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml +@@ -155,6 +155,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml +index f50047c..3867a2e 100644 +--- a/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml +@@ -265,6 +265,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml b/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml +index a243713..5678f49 100644 +--- a/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml +@@ -158,6 +158,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_8.0.0.x86_64.xml b/tests/domaincapsdata/qemu_8.0.0.x86_64.xml +index 9e167f6..7dde62d 100644 +--- a/tests/domaincapsdata/qemu_8.0.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0.x86_64.xml +@@ -263,6 +263,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml +index 967a5f3..4ad4577 100644 +--- a/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml +@@ -265,6 +265,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml +index 4db25d3..436df98 100644 +--- a/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml +@@ -266,6 +266,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.1.0.s390x.xml b/tests/domaincapsdata/qemu_8.1.0.s390x.xml +index 2a7cc97..e597a95 100644 +--- a/tests/domaincapsdata/qemu_8.1.0.s390x.xml ++++ b/tests/domaincapsdata/qemu_8.1.0.s390x.xml +@@ -280,6 +280,7 @@ + + + ++ + + + s390-pv +diff --git a/tests/domaincapsdata/qemu_8.1.0.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0.x86_64.xml +index db95884..5f57c45 100644 +--- a/tests/domaincapsdata/qemu_8.1.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.1.0.x86_64.xml +@@ -265,6 +265,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml +index 419423e..1529492 100644 +--- a/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml +@@ -267,6 +267,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml +index 5cddf3c..8a71201 100644 +--- a/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml +@@ -266,6 +266,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.2.0.x86_64.xml b/tests/domaincapsdata/qemu_8.2.0.x86_64.xml +index f4d42ea..b3f7058 100644 +--- a/tests/domaincapsdata/qemu_8.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.2.0.x86_64.xml +@@ -267,6 +267,7 @@ + + + ++ + + + relaxed +-- +2.43.0 + diff --git a/0005-v4-3-4-src-Add-ARM-CCA-support-in-domain-schema.patch b/0005-v4-3-4-src-Add-ARM-CCA-support-in-domain-schema.patch new file mode 100644 index 0000000..1fd93c5 --- /dev/null +++ b/0005-v4-3-4-src-Add-ARM-CCA-support-in-domain-schema.patch @@ -0,0 +1,322 @@ +From e4f1ab792d8d1d0339e84525bbb957c050efd52c Mon Sep 17 00:00:00 2001 +From: Kazuhiro Abe +Date: Thu, 21 Aug 2025 21:20:01 +0800 +Subject: [PATCH 5/5] [v4-3-4]src: Add ARM CCA support in domain schema + +bugzilla:https://gitee.com/openeuler/libvirt/issues/ICU4UF?from=project-issue +reference:https://patchew.org/Libvirt/20250612071418.2926384-1-fj1078ii@aa.jp.fujitsu.com/ + +-------------------------------- + +- Add ARM CCA support in domain schema files. + +Signed-off-by: Kazuhiro Abe +Signed-off-by: rpm-build +--- + src/conf/schemas/domaincaps.rng | 36 ++++++++++ + src/conf/schemas/domaincommon.rng | 25 +++++++ + src/qemu/qemu_capabilities.c | 113 ++++++++++++++++++++++++++++++ + src/qemu/qemu_capabilities.h | 3 + + 4 files changed, 177 insertions(+) + +diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.rng +index b8115fe..4badc09 100644 +--- a/src/conf/schemas/domaincaps.rng ++++ b/src/conf/schemas/domaincaps.rng +@@ -321,6 +321,9 @@ + + + ++ ++ ++ + + + +@@ -433,6 +436,39 @@ + + + ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ measurement-algo ++ ++ ++ ++ sha256 ++ ++ ++ sha512 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng +index b98a2ae..c547d82 100644 +--- a/src/conf/schemas/domaincommon.rng ++++ b/src/conf/schemas/domaincommon.rng +@@ -520,6 +520,9 @@ + s390-pv + + ++ ++ ++ + + + +@@ -565,6 +568,28 @@ + + + ++ ++ ++ cca ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +