The launch-security element can be used to define the security
model to use when launching a domain. Currently we support 'sev'.

When 'sev' is used, the VM will be launched with AMD SEV feature enabled.
SEV feature supports running encrypted VM under the control of KVM.
Encrypted VMs have their pages (code and data) secured such that only the
guest itself has access to the unencrypted version. Each encrypted VM is
associated with a unique encryption key; if its data is accessed to a
different entity using a different key the encrypted guests data will be
incorrectly decrypted, leading to unintelligible data.
Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>

Extend hypervisor capabilities to include sev feature. When available,
hypervisor supports launching an encrypted VM on AMD platform. The
sev feature tag provides additional details like Platform Diffie-Hellman
(PDH) key and certificate chain which can be used by the guest owner to
establish a cryptographic session with the SEV firmware to negotiate
keys used for attestation or to provide secret during launch.
Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com>
Reviewed-by: NErik Skultety <eskultet@redhat.com>

Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

TSEG (Top of Memory Segment) is one of many regions that SMM (System Management
Mode) can occupy.  This one, however is special, because a) most of the SMM code
lives in TSEG nowadays and b) QEMU just (well, some time ago) added support for
so called 'extended' TSEG.  The difference to the TSEG implemented in real q35's
MCH (Memory Controller Hub) is that it can offer one extra size to the guest OS
apart from the standard TSEG's 1, 2, and 8 MiB and that size can be selected in
1 MiB increments.  Maximum may vary based on QEMU and is way too big, so we
don't need to check for the maximum here.  Similarly to the memory size we'll
leave it to the hypervisor to try satisfying that and giving us an error message
in case it is not possible.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
Acked-by: NLaszlo Ersek <lersek@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NDaniel Nicoletti <dantti12@gmail.com>

The process used to build the snapshots no longer works because the box
it runs on is outdated. Analysing the web logs shows the majority of
traffic to these links is from search engine bots. With those removed,
there is about 1 hit per day from (probable) humans.

Most users needing a tarball are better served by using official
releases. Those needing latest code are better served by using git
checkout. The tarball snapshots are not compelling enough to invest time
in fixing the script that produces them.
Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>

Signed-off-by: NRoman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

Recently, bhyve started supporting specifying guest CPU topology.
It looks this way:

  bhyve -c cpus=C,sockets=S,cores=C,threads=T ...

The old behaviour was bhyve -c C, where C is a number of vCPUs, is
still supported.

So if we have CPU topology in the domain XML, use the new syntax,
otherwise keep the old behaviour.

Also, document this feature in the bhyve driver page.
Signed-off-by: NRoman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

ip(8) is the contemporary way of configuring bridges.
Signed-off-by: NJán Tomko <jtomko@redhat.com>

The default is actually `on` when `<smm/>` is specified.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>

Amend the paragraphs about no CLAs and implicit license
agreements to mention mandatory Signed-off-by tags.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>

Extend the existing auditing with auditing for the TPM emulator.
Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

This patch extends the TPM's device XML with TPM 2.0 support. This only works
for the emulator type backend and looks as follows:

    <tpm model='tpm-tis'>
      <backend type='emulator' version='2.0'/>
    </tpm>

The swtpm process now has --tpm2 as an additional parameter:

system_u:system_r:svirt_t:s0:c597,c632 tss 18477 11.8  0.0 28364  3868 ?        Rs   11:13  13:50 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/var/run/libvirt/qemu/swtpm/testvm-swtpm.sock,mode=0660 --tpmstate dir=/var/lib/libvirt/swtpm/testvm/tpm2,mode=0640 --log file=/var/log/swtpm/libvirt/qemu/testvm-swtpm.log --tpm2 --pid file=/var/run/libvirt/qemu/swtpm/testvm-swtpm.pid

The version of the TPM can be changed and the state of the TPM is preserved.
Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

This patch adds support for an external swtpm TPM emulator. The XML for
this type of TPM looks as follows:

 <tpm model='tpm-tis'>
   <backend type='emulator'/>
 </tpm>

The XML will currently only define a TPM 1.2.

Extend the documentation.

Add a test case testing the XML parser and formatter.
Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NFilip Alac <filipalac@gmail.com>

Signed-off-by: NFilip Alac <filipalac@gmail.com>
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1544869Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

The encryption was buggy and qemu actually dropped it upstream. Forbid
it for all versions since it would cause other problems too.

Problems with the old encryption include weak crypto, corruption of
images with blockjobs and a lot of usability problems.

This requires changing of the encryption type for the encrypted disk
tests.
Signed-off-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NJiri Denemark <jdenemar@redhat.com>

* docs/news.xml: updated for release
Signed-off-by: NDaniel Veillard <veillard@redhat.com>

It's "a hard_limit", not "an hard_limit".  Probably that was just a typo.
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>

Document the addition of vsock.
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Acked-by: NPeter Krempa <pkrempa@redhat.com>

To avoid the <source> vs. <target> confusion,
change <source auto='no' cid='3'/> to:
<cid auto='no' address='3'/>
Signed-off-by: NJán Tomko <jtomko@redhat.com>
Suggested-by: NDaniel P. Berrangé <berrange@redhat.com>
Acked-by: NPeter Krempa <pkrempa@redhat.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>

The first feature is SCSI persistent reservation, the other is
support for multihead screenshots.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Add a new 'vsock' element for the vsock device.
The 'model' attribute is optional.
A <source cid> subelement should be used to specify the guest cid,
or <source auto='yes'/> should be used.

https://bugzilla.redhat.com/show_bug.cgi?id=1291851Signed-off-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1566416

Commit id 'fe2af45b' added output for logical_block_size and
num_blocks for both removeable and fixed storage, but did not
update the nodedev capability causing virt-xml-validate to fail.
It's listed as optional only because it only prints if the
sizes are > 0. For a CDROM drive the values won't be formatted.

Update the nodedevxml2xmltest in order to output the values
for storage based on the logic from udevProcessRemoveableMedia
and udevProcessSD with respect to the logical_blocksize and
num_blocks calculations.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by Michal Privoznik <mprivozn@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1572491

Commit id '02129b7c' added a single pagesElem for slightly
different purposes. One usage was an output for host page size
listing and the other for NUMA supported page sizes. For the
former, only the pages unit and size are formatted, while for
the latter the pages unit, size, and availability data is formatted.

The virt-xml-validate would fail because it expected something
extra in the host page size output. So split up pagesElem a bit
and create pagesHost and pagesNuma for the differences.

Modify some capabilityschemadata output to have the output - even
though the results may not be realistic with respect to the
original incarnation of the data.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by Michal Privoznik <mprivozn@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1572491

Commit id 'd2440f3b' added printing the <microcode> for the
capabilities, but didn't update the capabilities schema.

While at it, update capabilityschemadata for caps-test2
and caps-test3 to output some value for validation.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by Michal Privoznik <mprivozn@redhat.com>

Commit id '0eced74f' added vzmigr as a valid option for
virCapabilitiesAddHostMigrateTransport, but didn't update
the capabilities schema resulting in possible virt-xml-validate
failure.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by Michal Privoznik <mprivozn@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1572491

Commit id 'b3fd95e3' added rdma as a valid option for
virCapabilitiesAddHostMigrateTransport, but didn't update
the capabilities schema resulting in possible virt-xml-validate
failure.

While at it, update the capabilityschemadata for caps-qemu-kvm
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by Michal Privoznik <mprivozn@redhat.com>

Commit id 'e4938ce2' changed the esx_driver to use 'vpxmigr'
instead of esx for virCapabilitiesAddHostMigrateTransport, so
update the capabilities to allow virt-xml-validate to pass and
update the test to use the newer name.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by Michal Privoznik <mprivozn@redhat.com>

Commit id '1dac5fbb' removed xenmigr as a capability option
for virCapabilitiesAddHostMigrateTransport but didn't update
the schema resulting in possible failure for virt-xml-validate.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by Michal Privoznik <mprivozn@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1572491

Commit id '78661cb1' added a physical output, but failed to update
the schema resulting in a failure from virt-xml-validate.

While at it - update the storagevolschemadata for the output.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by Michal Privoznik <mprivozn@redhat.com>

Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by: NMichal Privoznik <mprivozn@redhat.com>

Report domaincaps <features><genid supported='yes'/> if the guest
config accepts <genid/> or <genid>$GUID</genid>.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by: NMichal Privoznik <mprivozn@redhat.com>

The VM Generation ID is a mechanism to provide a unique 128-bit,
cryptographically random, and integer value identifier known as
the GUID (Globally Unique Identifier) to the guest OS. The value
is used to help notify the guest operating system when the virtual
machine is executed with a different configuration.

This patch adds support for a new "genid" XML element similar to
the "uuid" element. The "genid" element can have two forms "<genid/>"
or "<genid>$GUID</genid>". If the $GUID is not provided, libvirt
will generate one and save it in the XML.

Since adding support for a generated GUID (or UUID like) value to
be displayed modifying the xml2xml test to include virrandommock.so
is necessary since it will generate a "known" value.
Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
ACKed-by: NMichal Privoznik <mprivozn@redhat.com>

Signed-off-by: NLin Ma <lma@suse.com>