qemu: Fill launchSecurity in domaincaps

The inspiration for these rules comes from qemuValidateDomainDef(). Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2024-12-22 05:35:25 +00:00 · 2024-06-25 10:45:43 +02:00 · 2024-06-25 10:45:43 +02:00 · 66df7992d8
commit 66df7992d8
parent d460e17282
86 changed files with 134 additions and 0 deletions
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@ -6514,6 +6514,27 @@ virQEMUCapsFillDomainDeviceCryptoCaps(virQEMUCaps *qemuCaps,
 }


+void
+virQEMUCapsFillDomainLaunchSecurity(virQEMUCaps *qemuCaps,
+                                    virDomainCapsLaunchSecurity *launchSecurity)
+{
+    launchSecurity->supported = VIR_TRISTATE_BOOL_YES;
+    launchSecurity->sectype.report = true;
+
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST))
+        VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype, VIR_DOMAIN_LAUNCH_SECURITY_SEV);
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_SNP_GUEST))
+        VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype, VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP);
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_S390_PV_GUEST) &&
+        virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT))
+        VIR_DOMAIN_CAPS_ENUM_SET(launchSecurity->sectype, VIR_DOMAIN_LAUNCH_SECURITY_PV);
+
+    if (launchSecurity->sectype.values == 0) {
+        launchSecurity->supported = VIR_TRISTATE_BOOL_NO;
+    }
+}
+
+
 /**
 * virQEMUCapsSupportsGICVersion:
 * @qemuCaps: QEMU capabilities
@ -6678,6 +6699,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps,
    virDomainCapsDeviceChannel *channel = &domCaps->channel;
    virDomainCapsMemoryBacking *memoryBacking = &domCaps->memoryBacking;
    virDomainCapsDeviceCrypto *crypto = &domCaps->crypto;
+    virDomainCapsLaunchSecurity *launchSecurity = &domCaps->launchSecurity;

    virQEMUCapsFillDomainFeaturesFromQEMUCaps(qemuCaps, domCaps);

@ -6717,6 +6739,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps,
    virQEMUCapsFillDomainFeatureSGXCaps(qemuCaps, domCaps);
    virQEMUCapsFillDomainFeatureHypervCaps(qemuCaps, domCaps);
    virQEMUCapsFillDomainDeviceCryptoCaps(qemuCaps, crypto);
+    virQEMUCapsFillDomainLaunchSecurity(qemuCaps, launchSecurity);

    return 0;
 }
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@ -867,6 +867,9 @@ void virQEMUCapsFillDomainDeviceChannelCaps(virQEMUCaps *qemuCaps,
 void virQEMUCapsFillDomainDeviceCryptoCaps(virQEMUCaps *qemuCaps,
                                           virDomainCapsDeviceCrypto *crypto);

+void virQEMUCapsFillDomainLaunchSecurity(virQEMUCaps *qemuCaps,
+                                         virDomainCapsLaunchSecurity *launchSecurity);
+
 bool virQEMUCapsGuestIsNative(virArch host,
                              virArch guest);

--- a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml
@ -319,5 +319,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml
@ -264,5 +264,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml
@ -196,5 +196,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml
@ -196,5 +196,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml
@ -164,5 +164,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_4.2.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.s390x.xml
@ -270,5 +270,6 @@
    <s390-pv supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml
@ -319,5 +319,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml
@ -321,5 +321,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml
@ -149,5 +149,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml
@ -266,5 +266,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml
@ -209,5 +209,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml
@ -152,5 +152,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml
@ -209,5 +209,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml
@ -171,5 +171,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml
@ -321,5 +321,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml
@ -253,5 +253,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml
@ -266,5 +266,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.1.0.sparc.xml
+++ b/tests/domaincapsdata/qemu_5.1.0.sparc.xml
@ -135,5 +135,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml
@ -253,5 +253,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml
@ -253,5 +253,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml
@ -149,5 +149,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml
@ -266,5 +266,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml
@ -209,5 +209,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml
@ -152,5 +152,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml
@ -209,5 +209,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml
@ -171,5 +171,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.2.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.s390x.xml
@ -272,5 +272,6 @@
    <s390-pv supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml
@ -253,5 +253,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
@ -260,5 +260,10 @@
      <maxESGuests>450</maxESGuests>
    </sev>
    <sgx supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>sev</value>
+      </enum>
+    </launchSecurity>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
@ -274,5 +274,10 @@
      <maxESGuests>450</maxESGuests>
    </sev>
    <sgx supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>sev</value>
+      </enum>
+    </launchSecurity>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml
@ -211,5 +211,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml
@ -211,5 +211,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.0.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.s390x.xml
@ -273,5 +273,10 @@
    <s390-pv supported='yes'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>s390-pv</value>
+      </enum>
+    </launchSecurity>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
@ -260,5 +260,10 @@
      <maxESGuests>450</maxESGuests>
    </sev>
    <sgx supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>sev</value>
+      </enum>
+    </launchSecurity>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml
@ -256,5 +256,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml
@ -269,5 +269,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml
@ -256,5 +256,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml
@ -256,5 +256,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml
@ -271,5 +271,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml
@ -218,5 +218,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml
@ -218,5 +218,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml
@ -170,5 +170,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml
@ -256,5 +256,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml
+++ b/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml
@ -172,5 +172,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml
@ -266,5 +266,6 @@
        <section node='1' size='262144' unit='KiB'/>
      </sections>
    </sgx>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml
@ -281,5 +281,6 @@
        <section node='1' size='262144' unit='KiB'/>
      </sections>
    </sgx>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml
@ -217,5 +217,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml
@ -217,5 +217,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml
@ -175,5 +175,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml
@ -266,5 +266,6 @@
        <section node='1' size='262144' unit='KiB'/>
      </sections>
    </sgx>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml
@ -256,5 +256,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml
@ -270,5 +270,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml
+++ b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml
@ -168,5 +168,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml
@ -256,5 +256,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml
+++ b/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml
@ -179,5 +179,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml
@ -262,5 +262,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml
+++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml
@ -260,5 +260,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml
@ -260,5 +260,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.2.0.ppc.xml
+++ b/tests/domaincapsdata/qemu_7.2.0.ppc.xml
@ -154,5 +154,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml
@ -262,5 +262,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml
@ -281,5 +281,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml
+++ b/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml
@ -155,5 +155,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml
@ -283,5 +283,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml
+++ b/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml
@ -158,5 +158,6 @@
    <async-teardown supported='no'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.0.0.x86_64.xml
@ -281,5 +281,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml
@ -283,5 +283,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml
@ -284,5 +284,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.1.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_8.1.0.s390x.xml
@ -268,5 +268,10 @@
    <s390-pv supported='yes'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>s390-pv</value>
+      </enum>
+    </launchSecurity>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.1.0.x86_64.xml
@ -283,5 +283,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml
@ -285,5 +285,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.2.0-tcg-virt.loongarch64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0-tcg-virt.loongarch64.xml
@ -161,5 +161,6 @@
    <async-teardown supported='yes'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml
@ -284,5 +284,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml
@ -223,5 +223,6 @@
    <async-teardown supported='yes'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.2.0-virt.loongarch64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0-virt.loongarch64.xml
@ -165,5 +165,6 @@
    <async-teardown supported='yes'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0.aarch64.xml
@ -223,5 +223,6 @@
    <async-teardown supported='yes'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.2.0.armv7l.xml
+++ b/tests/domaincapsdata/qemu_8.2.0.armv7l.xml
@ -171,5 +171,6 @@
    <async-teardown supported='yes'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.2.0.s390x.xml
+++ b/tests/domaincapsdata/qemu_8.2.0.s390x.xml
@ -268,5 +268,10 @@
    <s390-pv supported='yes'/>
    <sev supported='no'/>
    <sgx supported='no'/>
+    <launchSecurity supported='yes'>
+      <enum name='sectype'>
+        <value>s390-pv</value>
+      </enum>
+    </launchSecurity>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_8.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_8.2.0.x86_64.xml
@ -285,5 +285,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_9.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.0.0-q35.x86_64.xml
@ -285,5 +285,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_9.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.0.0-tcg.x86_64.xml
@ -286,5 +286,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_9.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.0.0.x86_64.xml
@ -285,5 +285,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_9.1.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.1.0-q35.x86_64.xml
@ -286,5 +286,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_9.1.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.1.0-tcg.x86_64.xml
@ -285,5 +285,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>
--- a/tests/domaincapsdata/qemu_9.1.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_9.1.0.x86_64.xml
@ -286,5 +286,6 @@
        <value>avic</value>
      </enum>
    </hyperv>
+    <launchSecurity supported='no'/>
  </features>
 </domainCapabilities>