[PATCH v4 10/23] conf: Expose TDX type in domain launch security capability

Thu, 10 Jul 2025 00:26:58 -0700 

As the tdx launch security type support is added, expose it in domain
capabilities so that domain definition validation check can take
effect.

Signed-off-by: Zhenzhong Duan <zhenzhong.d...@intel.com>
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
---
 src/qemu/qemu_capabilities.c                             | 2 ++
 tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml | 6 +++++-
 tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml          | 6 +++++-
 tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml | 6 +++++-
 tests/domaincapsdata/qemu_10.1.0-tcg.x86_64.xml          | 6 +++++-
 tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml     | 6 +++++-
 tests/domaincapsdata/qemu_10.1.0.x86_64.xml              | 6 +++++-
 7 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index f4f77a491c..d2b59ba1f4 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -6776,6 +6776,8 @@ virQEMUCapsFillDomainLaunchSecurity(virQEMUCaps *qemuCaps,
     if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST) &&
         virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT))
         VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype, 
VIR_DOMAIN_LAUNCH_SECURITY_PV);
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_TDX_GUEST))
+        VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype, 
VIR_DOMAIN_LAUNCH_SECURITY_TDX);
 
     if (launchSecurity->sectype.values == 0) {
         launchSecurity->supported = VIR_TRISTATE_BOOL_NO;
diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml 
b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
index 61aa1aafd0..fafa28ecbe 100644
--- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml
@@ -774,6 +774,10 @@
         <value>xmm_input</value>
       </enum>
     </hyperv>
-    <launchSecurity supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>tdx</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml 
b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
index d85073300d..4ea6cf920a 100644
--- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml
@@ -1718,6 +1718,10 @@
         <value>xmm_input</value>
       </enum>
     </hyperv>
-    <launchSecurity supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>tdx</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml 
b/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml
index 1d2795c4df..eba8023fc8 100644
--- a/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml
@@ -1821,6 +1821,10 @@
         <value>xmm_input</value>
       </enum>
     </hyperv>
-    <launchSecurity supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>tdx</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64.xml 
b/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64.xml
index 509f4aefe3..fd4ea39d42 100644
--- a/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64.xml
@@ -1822,6 +1822,10 @@
         <value>xmm_input</value>
       </enum>
     </hyperv>
-    <launchSecurity supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>tdx</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml 
b/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
index 6048a66b87..9ea7d779b5 100644
--- a/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
+++ b/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml
@@ -774,6 +774,10 @@
         <value>xmm_input</value>
       </enum>
     </hyperv>
-    <launchSecurity supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>tdx</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_10.1.0.x86_64.xml 
b/tests/domaincapsdata/qemu_10.1.0.x86_64.xml
index 3d69ed3af1..a46ab68b48 100644
--- a/tests/domaincapsdata/qemu_10.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_10.1.0.x86_64.xml
@@ -1718,6 +1718,10 @@
         <value>xmm_input</value>
       </enum>
     </hyperv>
-    <launchSecurity supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>tdx</value>
+      </enum>
+    </launchSecurity>
   </features>
 </domainCapabilities>
-- 
2.47.1

Reply via email to