schema: Extend schema for TPM emulator profile node

Extend the schema for the TPM emulator profile node. Require that the
profile the user provides is described in a 'source' attribute. An optional
remove_disabled attribute is also supported for swtpm to automatically
remove algorithms from the 'custom' profile if they are disabled by FIPS
mode on the host.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Stefan Berger 2024-11-13 12:39:45 -05:00 committed by Michal Privoznik
parent 15ba6edabd
commit 498b5b7440

View File

@ -5929,6 +5929,7 @@
<ref name="tpm-backend-emulator-encryption"/> <ref name="tpm-backend-emulator-encryption"/>
<ref name="tpm-backend-emulator-active-pcr-banks"/> <ref name="tpm-backend-emulator-active-pcr-banks"/>
<ref name="tpm-backend-emulator-source"/> <ref name="tpm-backend-emulator-source"/>
<ref name="tpm-backend-emulator-profile"/>
</interleave> </interleave>
<optional> <optional>
<attribute name="persistent_state"> <attribute name="persistent_state">
@ -6051,6 +6052,30 @@
</optional> </optional>
</define> </define>
<define name="profileName">
<data type="string">
<param name="pattern">[A-Za-z0-9.\-:]+</param>
</data>
</define>
<define name="tpm-backend-emulator-profile">
<optional>
<element name="profile">
<attribute name="source">
<ref name="profileName"/>
</attribute>
<optional>
<attribute name="removeDisabled">
<choice>
<value>check</value>
<value>fips-host</value>
</choice>
</attribute>
</optional>
</element>
</optional>
</define>
<define name="vsock"> <define name="vsock">
<element name="vsock"> <element name="vsock">
<optional> <optional>