diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 7301fa4337..92004634da 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -290,7 +290,7 @@ VIR_ENUM_IMPL(virQEMUCaps, "pvpanic", /* QEMU_CAPS_DEVICE_PANIC */ /* 160 */ - "enable-fips", /* QEMU_CAPS_ENABLE_FIPS */ + "enable-fips", /* X_QEMU_CAPS_ENABLE_FIPS */ "spice-file-xfer-disable", /* X_QEMU_CAPS_SPICE_FILE_XFER_DISABLE */ "spiceport", /* X_QEMU_CAPS_CHARDEV_SPICEPORT */ "usb-kbd", /* QEMU_CAPS_DEVICE_USB_KBD */ diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index c65ba7d138..cbd1e73289 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -268,7 +268,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */ QEMU_CAPS_DEVICE_PANIC, /* -device pvpanic */ /* 160 */ - QEMU_CAPS_ENABLE_FIPS, /* -enable-fips */ + X_QEMU_CAPS_ENABLE_FIPS, /* -enable-fips */ X_QEMU_CAPS_SPICE_FILE_XFER_DISABLE, /* -spice disable-agent-file-xfer */ X_QEMU_CAPS_CHARDEV_SPICEPORT, /* -chardev spiceport */ QEMU_CAPS_DEVICE_USB_KBD, /* -device usb-kbd */ diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 6ec1e9cbef..684de3f701 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -10512,21 +10512,6 @@ qemuBuildCommandLine(virDomainObj *vm, if (qemuBuildPflashBlockdevCommandLine(cmd, vm) < 0) return NULL; - /* QEMU 1.2 and later have a binary flag -enable-fips that must be - * used for VNC auth to obey FIPS settings; but the flag only - * exists on Linux, and with no way to probe for it via QMP. Our - * solution: if FIPS mode is required, then unconditionally use the flag. - * - * In QEMU 5.2.0, use of -enable-fips was deprecated. In scenarios - * where FIPS is required, QEMU must be built against libgcrypt - * which automatically enforces FIPS compliance. - * - * Note this is the only use of driver->hostFips. - */ - if (driver->hostFips && - virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_ENABLE_FIPS)) - virCommandAddArg(cmd, "-enable-fips"); - if (qemuBuildMachineCommandLine(cmd, cfg, def, qemuCaps, priv) < 0) return NULL;