schema: Extend schema for TPM emulator profile node

Extend the schema for the TPM emulator profile node. Require that the profile the user provides is described in a 'source' attribute. An optional remove_disabled attribute is also supported for swtpm to automatically remove algorithms from the 'custom' profile if they are disabled by FIPS mode on the host. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-12-22 05:35:25 +00:00 · 2024-11-13 12:39:45 -05:00 · 2024-11-13 12:39:45 -05:00 · 498b5b7440
commit 498b5b7440
parent 15ba6edabd
1 changed files with 25 additions and 0 deletions
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@ -5929,6 +5929,7 @@
            <ref name="tpm-backend-emulator-encryption"/>
            <ref name="tpm-backend-emulator-active-pcr-banks"/>
            <ref name="tpm-backend-emulator-source"/>
+            <ref name="tpm-backend-emulator-profile"/>
          </interleave>
          <optional>
            <attribute name="persistent_state">
@ -6051,6 +6052,30 @@
    </optional>
  </define>

+  <define name="profileName">
+    <data type="string">
+      <param name="pattern">[A-Za-z0-9.\-:]+</param>
+    </data>
+  </define>
+
+  <define name="tpm-backend-emulator-profile">
+    <optional>
+      <element name="profile">
+        <attribute name="source">
+          <ref name="profileName"/>
+        </attribute>
+        <optional>
+          <attribute name="removeDisabled">
+            <choice>
+              <value>check</value>
+              <value>fips-host</value>
+            </choice>
+          </attribute>
+        </optional>
+      </element>
+    </optional>
+  </define>
+
  <define name="vsock">
    <element name="vsock">
      <optional>