diff --git a/debian/changelog b/debian/changelog index de43482b..78d356e5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +libvirt (10.7.0-3deepin4) unstable; urgency=medium + + * feat: Add support for ARM-CCA confidential computing features + + -- WangYuli Fri, 05 Dec 2025 14:15:35 +0800 + libvirt (10.7.0-3deepin3) unstable; urgency=medium * feat: add sw64 support diff --git a/debian/patches/backport/0001-src-Add-ARM-CCA-support-in-qemu-driver-to-launch-VM.patch b/debian/patches/backport/0001-src-Add-ARM-CCA-support-in-qemu-driver-to-launch-VM.patch new file mode 100644 index 00000000..e90dcd65 --- /dev/null +++ b/debian/patches/backport/0001-src-Add-ARM-CCA-support-in-qemu-driver-to-launch-VM.patch @@ -0,0 +1,384 @@ +From 0c394e3cd79402a9a0741b3ca980379f1cc78a5e Mon Sep 17 00:00:00 2001 +From: WangYuli +Date: Fri, 5 Dec 2025 12:46:45 +0800 +Subject: [PATCH 1/3] src: Add ARM CCA support in qemu driver to launch VM + +bugzilla:https://gitee.com/openeuler/libvirt/issues/ICU4UF?from=project-issue +reference:https://patchew.org/Libvirt/20250612071418.2926384-1-fj1078ii@aa.jp.fujitsu.com/ + +-------------------------------- + +src: Add ARM CCA support in qemu driver to launch VM + +- Add ARM CCA support to the qemu driver for aarch64 systems. + +[XML example] + + ... + + sha256 + + ... + + +Signed-off-by: Kazuhiro Abe +Signed-off-by: rpm-build +Signed-off-by: WangYuli +--- + docs/formatdomain.rst | 43 ++++++++++++++++++++++++++++++++++ + src/conf/domain_capabilities.h | 6 +++++ + src/conf/domain_conf.c | 25 ++++++++++++++++++++ + src/conf/domain_conf.h | 9 +++++++ + src/conf/virconftypes.h | 2 ++ + src/qemu/qemu_capabilities.c | 6 +++++ + src/qemu/qemu_capabilities.h | 3 +++ + src/qemu/qemu_command.c | 28 ++++++++++++++++++++++ + src/qemu/qemu_firmware.c | 1 + + src/qemu/qemu_namespace.c | 2 ++ + src/qemu/qemu_process.c | 4 ++++ + src/qemu/qemu_validate.c | 4 ++++ + 12 files changed, 133 insertions(+) + +diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst +index 47d3e212..3b169a01 100644 +--- a/docs/formatdomain.rst ++++ b/docs/formatdomain.rst +@@ -9028,6 +9028,49 @@ The ```` element then accepts the following child elements: + blob to provide to the guest, as documented for the 'HOST_DATA' parameter of + the SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI. + ++The contents of the ```` element is used to create ++RealmVM using the Arm CCA feature (Confidential Compute Architecture). ++CCA :since:`Since 11.0.0` enhances the virtualization capabilities of the ++platform by separating the management of resources from access to those resources. ++This is achieved by extending the TrustZone of Cortex-A's Normal and Secure ++world concepts and adding the Realm world and the underlying Root world. ++The Secure Monitor runs in the root world and manages the transition between ++these security states. For more information see the Learn the architecture - ++Arm Confidential Compute Architecture software stack: ++``__ ++ ++:: ++ ++ ++ ... ++ ++ sha256 ++ ... ++ ++ ... ++ ++ ++The ```` element accepts the following attributes: ++ ++``measurement-algo`` ++ The optional ``measurement-algo`` element determines algorithm used to ++ describe blob hashes. ++ ++``personalization-value`` ++ The optional ``personalization-value`` element is used to configure ++ the Realm Personalization Value (RPV). The Realm Personalization ++ Value (RPV) is provided by the user to distinguish Realms that have ++ the same initial measurement. The personalization-value for libvirt ++ must be an 88-character string representing the Base64 encoding of ++ the 64-byte hexadecimal value defined in the RMM specification. ++ Ensure that you encode the 64-byte hex value from the RMM specification ++ using Base64 before providing it to libvirt. ++ ++``measurement-log`` ++ The optional ``measurement-log`` element provides a way to create ++ an event log in the format defined by the Trusted Computing Group ++ for TPM2. ++ + + Example configs + =============== +diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h +index 2a4596ac..01076c32 100644 +--- a/src/conf/domain_capabilities.h ++++ b/src/conf/domain_capabilities.h +@@ -239,6 +239,12 @@ struct _virSGXCapability { + virSGXSection *sgxSections; + }; + ++typedef struct _virCCACapability virCCACapability; ++struct _virCCACapability { ++ size_t nCcaMeasurementAlgo; ++ char **ccaMeasurementAlgo; ++}; ++ + STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_MODEL_LAST); + STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_TYPE_LAST); + STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_BACKEND_LAST); +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index cc2c606b..b90b766d 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -1515,6 +1515,7 @@ VIR_ENUM_IMPL(virDomainLaunchSecurity, + "sev", + "sev-snp", + "s390-pv", ++ "cca", + ); + + VIR_ENUM_IMPL(virDomainPstoreBackend, +@@ -3868,6 +3869,10 @@ virDomainSecDefFree(virDomainSecDef *def) + g_free(def->data.sev_snp.id_auth); + g_free(def->data.sev_snp.host_data); + break; ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ g_free(def->data.cca.measurement_algo); ++ g_free(def->data.cca.personalization_value); ++ break; + case VIR_DOMAIN_LAUNCH_SECURITY_PV: + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: +@@ -13791,6 +13796,21 @@ virDomainSEVSNPDefParseXML(virDomainSEVSNPDef *def, + } + + ++static int ++virDomainCCADefParseXML(virDomainCCADef *def, ++ xmlXPathContextPtr ctxt) ++{ ++ def->measurement_algo = virXPathString("string(./measurement-algo)", ctxt); ++ def->personalization_value = virXPathString("string(./personalization-value)", ctxt); ++ ++ if (virXMLPropTristateBool(ctxt->node, "measurement-log", VIR_XML_PROP_NONE, ++ &def->measurement_log) < 0) ++ return -1; ++ ++ return 0; ++} ++ ++ + static virDomainSecDef * + virDomainSecDefParseXML(xmlNodePtr lsecNode, + xmlXPathContextPtr ctxt) +@@ -13816,6 +13836,10 @@ virDomainSecDefParseXML(xmlNodePtr lsecNode, + break; + case VIR_DOMAIN_LAUNCH_SECURITY_PV: + break; ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ if (virDomainCCADefParseXML(&sec->data.cca, ctxt) < 0) ++ return NULL; ++ break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: + default: +@@ -26977,6 +27001,7 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec) + break; + + case VIR_DOMAIN_LAUNCH_SECURITY_PV: ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; + + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: +diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h +index 439429db..f16ffa0c 100644 +--- a/src/conf/domain_conf.h ++++ b/src/conf/domain_conf.h +@@ -2870,6 +2870,7 @@ typedef enum { + VIR_DOMAIN_LAUNCH_SECURITY_SEV, + VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP, + VIR_DOMAIN_LAUNCH_SECURITY_PV, ++ VIR_DOMAIN_LAUNCH_SECURITY_CCA, + + VIR_DOMAIN_LAUNCH_SECURITY_LAST, + } virDomainLaunchSecurity; +@@ -2907,11 +2908,19 @@ struct _virDomainSEVSNPDef { + }; + + ++struct _virDomainCCADef { ++ char *measurement_algo; ++ char *personalization_value; ++ virTristateBool measurement_log; ++}; ++ ++ + struct _virDomainSecDef { + virDomainLaunchSecurity sectype; + union { + virDomainSEVDef sev; + virDomainSEVSNPDef sev_snp; ++ virDomainCCADef cca; + } data; + }; + +diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h +index f18ebcca..76218f51 100644 +--- a/src/conf/virconftypes.h ++++ b/src/conf/virconftypes.h +@@ -216,6 +216,8 @@ typedef struct _virDomainSEVDef virDomainSEVDef; + + typedef struct _virDomainSEVSNPDef virDomainSEVSNPDef; + ++typedef struct _virDomainCCADef virDomainCCADef; ++ + typedef struct _virDomainSecDef virDomainSecDef; + + typedef struct _virDomainShmemDef virDomainShmemDef; +diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c +index 0da12800..d3bd015e 100644 +--- a/src/qemu/qemu_capabilities.c ++++ b/src/qemu/qemu_capabilities.c +@@ -715,6 +715,9 @@ VIR_ENUM_IMPL(virQEMUCaps, + "acpi-erst", /* QEMU_CAPS_DEVICE_ACPI_ERST */ + "intel-iommu.dma-translation", /* QEMU_CAPS_INTEL_IOMMU_DMA_TRANSLATION */ + "machine-i8042-opt", /* QEMU_CAPS_MACHINE_I8042_OPT */ ++ ++ /* 465 */ ++ "rme-guest", /* QEMU_CAPS_CCA_GUEST */ + ); + + +@@ -800,6 +803,8 @@ struct _virQEMUCaps { + + virSGXCapability *sgxCapabilities; + ++ virCCACapability *ccaCapabilities; ++ + virDomainCapsFeatureHyperv *hypervCapabilities; + + /* Capabilities which may differ depending on the accelerator. */ +@@ -1406,6 +1411,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = { + { "virtio-sound-device", QEMU_CAPS_DEVICE_VIRTIO_SOUND }, + { "sev-snp-guest", QEMU_CAPS_SEV_SNP_GUEST }, + { "acpi-erst", QEMU_CAPS_DEVICE_ACPI_ERST }, ++ { "rme-guest", QEMU_CAPS_CCA_GUEST }, + }; + + +diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h +index 5036d49a..1eb94f41 100644 +--- a/src/qemu/qemu_capabilities.h ++++ b/src/qemu/qemu_capabilities.h +@@ -695,6 +695,9 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */ + QEMU_CAPS_INTEL_IOMMU_DMA_TRANSLATION, /* intel-iommu.dma-translation */ + QEMU_CAPS_MACHINE_I8042_OPT, /* -machine xxx,i8042=on/off; use virQEMUCapsSupportsI8042Toggle() to query this capability */ + ++ /* 465 */ ++ QEMU_CAPS_CCA_GUEST, /* -object rme-guest */ ++ + QEMU_CAPS_LAST /* this must always be the last item */ + } virQEMUCapsFlags; + +diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c +index 8d4016a5..dee0b738 100644 +--- a/src/qemu/qemu_command.c ++++ b/src/qemu/qemu_command.c +@@ -7085,6 +7085,9 @@ qemuBuildMachineCommandLine(virCommand *cmd, + case VIR_DOMAIN_LAUNCH_SECURITY_PV: + virBufferAddLit(&buf, ",confidential-guest-support=lsec0"); + break; ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ virBufferAddLit(&buf, ",confidential-guest-support=rme0"); ++ break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: + virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype); +@@ -9849,6 +9852,29 @@ qemuBuildPVCommandLine(virDomainObj *vm, virCommand *cmd) + } + + ++static int ++qemuBuildCCACommandLine(virCommand *cmd, virDomainCCADef *cca, qemuDomainObjPrivate *priv) ++{ ++ g_autoptr(virJSONValue) props = NULL; ++ ++ VIR_DEBUG("measurement_algorithm=%s personalization_value=%s measurement_log=%d", ++ cca->measurement_algo, cca->personalization_value, ++ cca->measurement_log); ++ ++ if (qemuMonitorCreateObjectProps(&props, "rme-guest", "rme0", ++ "S:measurement-algorithm", cca->measurement_algo, ++ "S:personalization-value", cca->personalization_value, ++ "T:measurement-log", cca->measurement_log, ++ NULL) < 0) ++ return -1; ++ ++ if (qemuBuildObjectCommandlineFromJSON(cmd, props, priv->qemuCaps) < 0) ++ return -1; ++ ++ return 0; ++} ++ ++ + static int + qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd, + virDomainSecDef *sec) +@@ -9866,6 +9892,8 @@ qemuBuildSecCommandLine(virDomainObj *vm, virCommand *cmd, + case VIR_DOMAIN_LAUNCH_SECURITY_PV: + return qemuBuildPVCommandLine(vm, cmd); + break; ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ return qemuBuildCCACommandLine(cmd, &sec->data.cca, vm->privateData); + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: + virReportEnumRangeError(virDomainLaunchSecurity, sec->sectype); +diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c +index 914f8596..9bf57164 100644 +--- a/src/qemu/qemu_firmware.c ++++ b/src/qemu/qemu_firmware.c +@@ -1371,6 +1371,7 @@ qemuFirmwareMatchDomain(const virDomainDef *def, + } + break; + case VIR_DOMAIN_LAUNCH_SECURITY_PV: ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: + break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: +diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c +index bbe3d5a1..69295306 100644 +--- a/src/qemu/qemu_namespace.c ++++ b/src/qemu/qemu_namespace.c +@@ -660,6 +660,8 @@ qemuDomainSetupLaunchSecurity(virDomainObj *vm, + + VIR_DEBUG("Set up launch security for SEV"); + break; ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ break; + case VIR_DOMAIN_LAUNCH_SECURITY_PV: + break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: +diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c +index d29839c5..0f264f53 100644 +--- a/src/qemu/qemu_process.c ++++ b/src/qemu/qemu_process.c +@@ -6757,6 +6757,8 @@ qemuProcessPrepareDomain(virQEMUDriver *driver, + if (qemuProcessUpdateSEVInfo(vm) < 0) + return -1; + break; ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ break; + case VIR_DOMAIN_LAUNCH_SECURITY_PV: + break; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: +@@ -6839,6 +6841,8 @@ qemuProcessPrepareLaunchSecurityGuestInput(virDomainObj *vm) + return qemuProcessPrepareSEVGuestInput(vm); + case VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP: + break; ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ return 0; + case VIR_DOMAIN_LAUNCH_SECURITY_PV: + return 0; + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: +diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c +index 3c40f76c..b18573d5 100644 +--- a/src/qemu/qemu_validate.c ++++ b/src/qemu/qemu_validate.c +@@ -1365,6 +1365,10 @@ qemuValidateDomainDef(const virDomainDef *def, + return -1; + } + break; ++ ++ case VIR_DOMAIN_LAUNCH_SECURITY_CCA: ++ break; ++ + case VIR_DOMAIN_LAUNCH_SECURITY_NONE: + case VIR_DOMAIN_LAUNCH_SECURITY_LAST: + virReportEnumRangeError(virDomainLaunchSecurity, def->sec->sectype); +-- +2.51.0 + diff --git a/debian/patches/backport/0002-src-Add-ARM-CCA-support-in-domain-capabilities-comma.patch b/debian/patches/backport/0002-src-Add-ARM-CCA-support-in-domain-capabilities-comma.patch new file mode 100644 index 00000000..0161933f --- /dev/null +++ b/debian/patches/backport/0002-src-Add-ARM-CCA-support-in-domain-capabilities-comma.patch @@ -0,0 +1,1579 @@ +From 123b913175cd83b2acbd37d9f8d4b9fc3dff466b Mon Sep 17 00:00:00 2001 +From: WangYuli +Date: Fri, 5 Dec 2025 12:59:39 +0800 +Subject: [PATCH 2/3] src: Add ARM CCA support in domain capabilities command + +bugzilla:https://gitee.com/openeuler/libvirt/issues/ICU4UF?from=project-issue +reference:https://patchew.org/Libvirt/20250612071418.2926384-1-fj1078ii@aa.jp.fujitsu.com/ + +---------------------------------------- + +- Add ARM CCA support in domain capabilies XML schema. + +[Capability example] +- Execution results of 'virsh domcapability" on qemu + +... + + ... + + + + sha256 + sha512 + + + + ... + + + +Signed-off-by: Kazuhiro Abe +Signed-off-by: rpm-build +Signed-off-by: WangYuli +--- + docs/formatdomaincaps.rst | 21 +++- + src/conf/domain_capabilities.c | 48 +++++++++ + src/conf/domain_capabilities.h | 6 ++ + src/libvirt_private.syms | 1 + + src/qemu/qemu_capabilities.c | 28 ++++++ + src/qemu/qemu_monitor.c | 10 ++ + src/qemu/qemu_monitor.h | 3 + + src/qemu/qemu_monitor_json.c | 98 +++++++++++++++++++ + src/qemu/qemu_monitor_json.h | 4 + + tests/domaincapsdata/bhyve_basic.x86_64.xml | 1 + + tests/domaincapsdata/bhyve_fbuf.x86_64.xml | 1 + + tests/domaincapsdata/bhyve_uefi.x86_64.xml | 1 + + tests/domaincapsdata/empty.xml | 1 + + tests/domaincapsdata/libxl-xenfv.xml | 1 + + tests/domaincapsdata/libxl-xenpv.xml | 1 + + .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 1 + + .../qemu_4.2.0-virt.aarch64.xml | 1 + + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 1 + + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 1 + + .../qemu_5.0.0-tcg-virt.riscv64.xml | 1 + + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 1 + + .../qemu_5.0.0-virt.aarch64.xml | 1 + + .../qemu_5.0.0-virt.riscv64.xml | 1 + + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_5.1.0.sparc.xml | 1 + + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 1 + + .../qemu_5.2.0-tcg-virt.riscv64.xml | 1 + + .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 1 + + .../qemu_5.2.0-virt.aarch64.xml | 1 + + .../qemu_5.2.0-virt.riscv64.xml | 1 + + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_5.2.0.s390x.xml | 1 + + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 1 + + .../qemu_6.0.0-virt.aarch64.xml | 1 + + tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_6.0.0.s390x.xml | 1 + + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 1 + + .../qemu_6.2.0-virt.aarch64.xml | 1 + + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 1 + + .../qemu_7.0.0-hvf.aarch64+hvf.xml | 1 + + .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 1 + + .../qemu_7.0.0-virt.aarch64.xml | 1 + + tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_7.1.0.ppc64.xml | 1 + + tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 1 + + .../qemu_7.2.0-hvf.x86_64+hvf.xml | 1 + + .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 1 + + .../qemu_7.2.0-tcg.x86_64+hvf.xml | 1 + + .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_7.2.0.ppc.xml | 1 + + tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_8.0.0-q35.x86_64.xml | 1 + + .../qemu_8.0.0-tcg-virt.riscv64.xml | 1 + + .../domaincapsdata/qemu_8.0.0-tcg.x86_64.xml | 1 + + .../qemu_8.0.0-virt.riscv64.xml | 1 + + tests/domaincapsdata/qemu_8.0.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_8.1.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_8.1.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_8.1.0.s390x.xml | 1 + + tests/domaincapsdata/qemu_8.1.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_8.2.0-q35.x86_64.xml | 1 + + .../qemu_8.2.0-tcg-virt.loongarch64.xml | 1 + + .../domaincapsdata/qemu_8.2.0-tcg.x86_64.xml | 1 + + .../qemu_8.2.0-virt.aarch64.xml | 1 + + .../qemu_8.2.0-virt.loongarch64.xml | 1 + + tests/domaincapsdata/qemu_8.2.0.aarch64.xml | 1 + + tests/domaincapsdata/qemu_8.2.0.armv7l.xml | 1 + + tests/domaincapsdata/qemu_8.2.0.s390x.xml | 1 + + tests/domaincapsdata/qemu_8.2.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_9.0.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_9.0.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_9.0.0.sparc.xml | 1 + + tests/domaincapsdata/qemu_9.0.0.x86_64.xml | 1 + + .../domaincapsdata/qemu_9.1.0-q35.x86_64.xml | 1 + + .../domaincapsdata/qemu_9.1.0-tcg.x86_64.xml | 1 + + tests/domaincapsdata/qemu_9.1.0.x86_64.xml | 1 + + 100 files changed, 309 insertions(+), 1 deletion(-) + +diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst +index 712d8b44..935a81a3 100644 +--- a/docs/formatdomaincaps.rst ++++ b/docs/formatdomaincaps.rst +@@ -817,6 +817,24 @@ document store. In order to use SGX with libvirt have a look at `SGX in domain X + ``sections`` + The sections of the SGX enclave page cache (called EPC). + ++CCA capabilities ++^^^^^^^^^^^^^^^^ ++ ++Arm Confidential Compute Architecture (CCA) capabilities are exposed under the ++``cca`` element. ++ ++Arm CCA is a system solution comprised of hardware and software components that ++maximizes the security of data on devices and in the cloud. ++CCA enhances the virtualization capabilities of the platform by separating the ++management of resources from access to those resources. ++ ++For more details on the CCA feature, please follow resources in the CCA developer's ++document store. In order to use CCA with libvirt have a look at `CCA in domain ++XML `__ ++ ++``measurement-algo`` ++ Options for the ``measurement-algo`` used to describe blob hashes. ++ + + Hyper-V Enlightenments + ^^^^^^^^^^^^^^^^^^^^^^ +@@ -838,4 +856,5 @@ The ``sectype`` enum corresponds to ``type`` attribute of ```` + element as documented in `Launch Security + `__. :since:`(Since 10.5.0)` For additional + information on individual types, see sections above: `s390-pv capability`_ for +-S390 PV, `SEV capabilities`_ for AMD SEV and/or AMD SEV-SNP. ++S390 PV, `SEV capabilities`_ for AMD SEV and/or AMD SEV-SNP, `CCA capabilities`_ ++for Arm CCA. +diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c +index 30540de3..d104d6e8 100644 +--- a/src/conf/domain_capabilities.c ++++ b/src/conf/domain_capabilities.c +@@ -89,6 +89,25 @@ virSGXCapabilitiesFree(virSGXCapability *cap) + } + + ++void ++virCCACapabilitiesFree(virCCACapability *cap) ++{ ++ size_t i; ++ ++ if (!cap) ++ return; ++ ++ if (cap->nCcaMeasurementAlgo) ++ for (i = 0; i < cap->nCcaMeasurementAlgo; i++) ++ g_free(cap->ccaMeasurementAlgo[i]); ++ ++ if (cap->ccaMeasurementAlgo) ++ g_free(cap->ccaMeasurementAlgo); ++ ++ g_free(cap); ++} ++ ++ + static void + virDomainCapsDispose(void *obj) + { +@@ -102,6 +121,7 @@ virDomainCapsDispose(void *obj) + virCPUDefFree(caps->cpu.hostModel); + virSEVCapabilitiesFree(caps->sev); + virSGXCapabilitiesFree(caps->sgx); ++ virCCACapabilitiesFree(caps->cca); + g_free(caps->hyperv); + + values = &caps->os.loader.values; +@@ -706,6 +726,33 @@ virDomainCapsFeatureSGXFormat(virBuffer *buf, + virBufferAddLit(buf, "\n"); + } + ++static void ++virDomainCapsFeatureCCAFormat(virBuffer *buf, ++ const virCCACapability *cca) ++{ ++ size_t i; ++ ++ if (!cca) { ++ virBufferAddLit(buf, "\n"); ++ return; ++ } ++ ++ virBufferAddLit(buf, "\n"); ++ virBufferAdjustIndent(buf, 2); ++ ++ virBufferAddLit(buf, "\n"); ++ virBufferAdjustIndent(buf, 2); ++ for (i = 0; i < cca->nCcaMeasurementAlgo; i++) { ++ virBufferAsprintf(buf, "%s\n", ++ cca->ccaMeasurementAlgo[i]); ++ } ++ virBufferAdjustIndent(buf, -2); ++ virBufferAddLit(buf, "\n"); ++ ++ virBufferAdjustIndent(buf, -2); ++ virBufferAddLit(buf, "\n"); ++} ++ + static void + virDomainCapsFeatureHypervFormat(virBuffer *buf, + const virDomainCapsFeatureHyperv *hyperv) +@@ -753,6 +800,7 @@ virDomainCapsFormatFeatures(const virDomainCaps *caps, + + virDomainCapsFeatureSEVFormat(&childBuf, caps->sev); + virDomainCapsFeatureSGXFormat(&childBuf, caps->sgx); ++ virDomainCapsFeatureCCAFormat(&childBuf, caps->cca); + virDomainCapsFeatureHypervFormat(&childBuf, caps->hyperv); + virDomainCapsLaunchSecurityFormat(&childBuf, &caps->launchSecurity); + +diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h +index 01076c32..d880d367 100644 +--- a/src/conf/domain_capabilities.h ++++ b/src/conf/domain_capabilities.h +@@ -306,6 +306,7 @@ struct _virDomainCaps { + virDomainCapsFeatureGIC gic; + virSEVCapability *sev; + virSGXCapability *sgx; ++ virCCACapability *cca; + virDomainCapsFeatureHyperv *hyperv; + virDomainCapsLaunchSecurity launchSecurity; + /* add new domain features here */ +@@ -363,3 +364,8 @@ void + virSGXCapabilitiesFree(virSGXCapability *capabilities); + + G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSGXCapability, virSGXCapabilitiesFree); ++ ++void ++virCCACapabilitiesFree(virCCACapability *capabilities); ++ ++G_DEFINE_AUTOPTR_CLEANUP_FUNC(virCCACapability, virCCACapabilitiesFree); +diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms +index af40e5dc..07b75ca4 100644 +--- a/src/libvirt_private.syms ++++ b/src/libvirt_private.syms +@@ -208,6 +208,7 @@ virDomainAuditVcpu; + + + # conf/domain_capabilities.h ++virCCACapabilitiesFree; + virDomainCapsCPUModelsAdd; + virDomainCapsCPUModelsCopy; + virDomainCapsCPUModelsGet; +diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c +index d3bd015e..16adfa55 100644 +--- a/src/qemu/qemu_capabilities.c ++++ b/src/qemu/qemu_capabilities.c +@@ -3539,6 +3539,32 @@ virQEMUCapsProbeQMPSGXCapabilities(virQEMUCaps *qemuCaps, + } + + ++static int ++virQEMUCapsProbeQMPCCACapabilities(virQEMUCaps *qemuCaps, ++ qemuMonitor *mon) ++{ ++ int rc = -1; ++ virCCACapability *caps = NULL; ++ ++ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_CCA_GUEST)) ++ return 0; ++ ++ if ((rc = qemuMonitorGetCCACapabilities(mon, &caps)) < 0) ++ return -1; ++ ++ /* CCA isn't actually supported */ ++ if (rc == 0) { ++ virQEMUCapsClear(qemuCaps, QEMU_CAPS_CCA_GUEST); ++ return 0; ++ } ++ ++ virCCACapabilitiesFree(qemuCaps->ccaCapabilities); ++ qemuCaps->ccaCapabilities = caps; ++ return 0; ++} ++ ++ ++ + /* + * Filter for features which should never be passed to QEMU. Either because + * QEMU never supported them or they were dropped as they never did anything +@@ -5604,6 +5630,8 @@ virQEMUCapsInitQMPMonitor(virQEMUCaps *qemuCaps, + return -1; + if (virQEMUCapsProbeQMPSGXCapabilities(qemuCaps, mon) < 0) + return -1; ++ if (virQEMUCapsProbeQMPCCACapabilities(qemuCaps, mon) < 0) ++ return -1; + + virQEMUCapsInitProcessCaps(qemuCaps); + +diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c +index 7f65c237..ed26846f 100644 +--- a/src/qemu/qemu_monitor.c ++++ b/src/qemu/qemu_monitor.c +@@ -3442,6 +3442,16 @@ qemuMonitorGetSGXCapabilities(qemuMonitor *mon, + } + + ++int ++qemuMonitorGetCCACapabilities(qemuMonitor *mon, ++ virCCACapability **capabilities) ++{ ++ QEMU_CHECK_MONITOR(mon); ++ ++ return qemuMonitorJSONGetCCACapabilities(mon, capabilities); ++} ++ ++ + int + qemuMonitorNBDServerStart(qemuMonitor *mon, + const virStorageNetHostDef *server, +diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h +index 57d1b45b..86b6e516 100644 +--- a/src/qemu/qemu_monitor.h ++++ b/src/qemu/qemu_monitor.h +@@ -836,6 +836,9 @@ int qemuMonitorGetSEVCapabilities(qemuMonitor *mon, + int qemuMonitorGetSGXCapabilities(qemuMonitor *mon, + virSGXCapability **capabilities); + ++int qemuMonitorGetCCACapabilities(qemuMonitor *mon, ++ virCCACapability **capabilities); ++ + typedef enum { + QEMU_MONITOR_MIGRATE_RESUME = 1 << 0, /* resume failed post-copy migration */ + QEMU_MONITOR_MIGRATION_FLAGS_LAST +diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c +index 2db38c10..cb385298 100644 +--- a/src/qemu/qemu_monitor_json.c ++++ b/src/qemu/qemu_monitor_json.c +@@ -6133,6 +6133,104 @@ qemuMonitorJSONGetSGXCapabilities(qemuMonitor *mon, + } + + ++static int ++qemuMonitorJSONGetCCAMeasurementAlgo(qemuMonitor *mon, ++ size_t *numalgo, ++ char ***malgo) ++{ ++ g_autoptr(virJSONValue) cmd = NULL; ++ g_autoptr(virJSONValue) reply = NULL; ++ virJSONValue *caps; ++ virJSONValue *malgolist = NULL; ++ g_auto(GStrv) list = NULL; ++ size_t i; ++ size_t n = 0; ++ ++ if (!(cmd = qemuMonitorJSONMakeCommand("query-cca-capabilities", ++ NULL))) ++ return -1; ++ ++ if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) ++ return -1; ++ ++ /* If the 'query-cca-capabilities' QMP command was not available ++ * we simply successfully return zero capabilities. ++ * This is the current QEMU (=9.1.91) and all non-ARM architectures */ ++ if (qemuMonitorJSONHasError(reply, "CommandNotFound")) ++ return 0; ++ ++ if (qemuMonitorJSONCheckError(cmd, reply) < 0) ++ return -1; ++ ++ caps = virJSONValueObjectGetObject(reply, "return"); ++ ++ if (!(caps = qemuMonitorJSONGetReply(cmd, reply, VIR_JSON_TYPE_OBJECT))) ++ return -1; ++ ++ if ((malgolist = virJSONValueObjectGetArray(caps, "sections"))) { ++ n = virJSONValueArraySize(malgolist); ++ ++ /* If the received array is empty, an error is returned. */ ++ if (n == 0) ++ return -1; ++ ++ list = g_new0(char *, n + 1); ++ ++ for (i = 0; i < n; i++) { ++ virJSONValue *cap = virJSONValueArrayGet(malgolist, i); ++ const char *measurement_algo = NULL; ++ ++ if (!cap || virJSONValueGetType(cap) != VIR_JSON_TYPE_OBJECT) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", ++ _("missing entry in CCA capabilities list")); ++ return -1; ++ } ++ ++ if (!(measurement_algo = virJSONValueObjectGetString(cap, "measurement-algo"))) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", ++ _("query-cca-capabilities reply was missing 'measurement-algo' field")); ++ return -1; ++ } ++ ++ list[i] = g_strdup(measurement_algo); ++ } ++ } ++ ++ *numalgo = n; ++ *malgo = g_steal_pointer(&list); ++ return 1; ++} ++ ++ ++/** ++ * qemuMonitorJSONGetCCACapabilities: ++ * @mon: qemu monitor object ++ * @capabilities: pointer to pointer to a CCA capability structure to be filled ++ * ++ * Returns -1 on error, 0 if CCA is not supported, and 1 if CCA is supported on ++ * the platform. ++ */ ++int ++qemuMonitorJSONGetCCACapabilities(qemuMonitor *mon, ++ virCCACapability **capabilities) ++{ ++ g_autoptr(virCCACapability) capability = NULL; ++ int ret = 0; ++ ++ *capabilities = NULL; ++ capability = g_new0(virCCACapability, 1); ++ ++ ret = qemuMonitorJSONGetCCAMeasurementAlgo(mon, ++ &capability->nCcaMeasurementAlgo, ++ &capability->ccaMeasurementAlgo); ++ ++ if (ret > 0) ++ *capabilities = g_steal_pointer(&capability); ++ ++ return ret; ++} ++ ++ + static virJSONValue * + qemuMonitorJSONBuildInetSocketAddress(const char *host, + const char *port) +diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h +index 921dd34e..a522beb2 100644 +--- a/src/qemu/qemu_monitor_json.h ++++ b/src/qemu/qemu_monitor_json.h +@@ -168,6 +168,10 @@ int + qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon, + virSEVCapability **capabilities); + ++int ++qemuMonitorJSONGetCCACapabilities(qemuMonitor *mon, ++ virCCACapability **capabilities); ++ + int + qemuMonitorJSONMigrate(qemuMonitor *mon, + unsigned int flags, +diff --git a/tests/domaincapsdata/bhyve_basic.x86_64.xml b/tests/domaincapsdata/bhyve_basic.x86_64.xml +index dd054577..415c10ea 100644 +--- a/tests/domaincapsdata/bhyve_basic.x86_64.xml ++++ b/tests/domaincapsdata/bhyve_basic.x86_64.xml +@@ -34,5 +34,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml +index 0b1d9c17..68bfd71f 100644 +--- a/tests/domaincapsdata/bhyve_fbuf.x86_64.xml ++++ b/tests/domaincapsdata/bhyve_fbuf.x86_64.xml +@@ -51,5 +51,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/bhyve_uefi.x86_64.xml b/tests/domaincapsdata/bhyve_uefi.x86_64.xml +index 69fff197..42be6674 100644 +--- a/tests/domaincapsdata/bhyve_uefi.x86_64.xml ++++ b/tests/domaincapsdata/bhyve_uefi.x86_64.xml +@@ -43,5 +43,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/empty.xml b/tests/domaincapsdata/empty.xml +index 97752ca0..5157d684 100644 +--- a/tests/domaincapsdata/empty.xml ++++ b/tests/domaincapsdata/empty.xml +@@ -14,5 +14,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/libxl-xenfv.xml b/tests/domaincapsdata/libxl-xenfv.xml +index c71d7595..e27f2372 100644 +--- a/tests/domaincapsdata/libxl-xenfv.xml ++++ b/tests/domaincapsdata/libxl-xenfv.xml +@@ -77,5 +77,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/libxl-xenpv.xml b/tests/domaincapsdata/libxl-xenpv.xml +index 8ae2370b..8b138c16 100644 +--- a/tests/domaincapsdata/libxl-xenpv.xml ++++ b/tests/domaincapsdata/libxl-xenpv.xml +@@ -67,5 +67,6 @@ + + + ++ + + +diff --git a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml +index e5ffe393..912897ec 100644 +--- a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml +@@ -324,6 +324,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml +index a849e8f1..63996a5a 100644 +--- a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml +@@ -269,6 +269,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml +index a7c2e0ba..727294ce 100644 +--- a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml +@@ -201,6 +201,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml +index a7c2e0ba..727294ce 100644 +--- a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml +@@ -201,6 +201,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml +index 2c41777e..b42fd490 100644 +--- a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml +@@ -169,6 +169,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_4.2.0.s390x.xml b/tests/domaincapsdata/qemu_4.2.0.s390x.xml +index 809ce9c9..51f47657 100644 +--- a/tests/domaincapsdata/qemu_4.2.0.s390x.xml ++++ b/tests/domaincapsdata/qemu_4.2.0.s390x.xml +@@ -275,6 +275,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml +index 32ba46eb..2c78cb81 100644 +--- a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml +@@ -324,6 +324,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml +index 70bd7bc4..7cc17456 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml +@@ -326,6 +326,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml b/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml +index c487d467..ce4f0f9f 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-tcg-virt.riscv64.xml +@@ -154,6 +154,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml +index d69ea76a..5bc87668 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml +@@ -271,6 +271,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml +index 2466dda7..a7955432 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml +@@ -214,6 +214,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml b/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml +index b0e4aafc..09617e26 100644 +--- a/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0-virt.riscv64.xml +@@ -157,6 +157,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml +index 2466dda7..a7955432 100644 +--- a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml +@@ -214,6 +214,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml +index c66d0645..84928251 100644 +--- a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml +@@ -176,6 +176,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml +index c57d4f32..ca788d3c 100644 +--- a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml +@@ -326,6 +326,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml +index f276f0b7..2b8efb9e 100644 +--- a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml +@@ -258,6 +258,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml +index eea710a0..6b49c06d 100644 +--- a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml +@@ -271,6 +271,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.1.0.sparc.xml b/tests/domaincapsdata/qemu_5.1.0.sparc.xml +index a471a937..7e5eb5df 100644 +--- a/tests/domaincapsdata/qemu_5.1.0.sparc.xml ++++ b/tests/domaincapsdata/qemu_5.1.0.sparc.xml +@@ -140,6 +140,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml +index 56e30cc3..17576e30 100644 +--- a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml +@@ -258,6 +258,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml +index 35bc747d..c653d765 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml +@@ -259,6 +259,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml b/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml +index eaed71b4..c309a3c2 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-tcg-virt.riscv64.xml +@@ -157,6 +157,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml +index 33b55317..f61cdce6 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml +@@ -272,6 +272,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml +index a35dd78c..c093dde9 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml +@@ -215,6 +215,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml b/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml +index 14d936ea..4839e7f0 100644 +--- a/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0-virt.riscv64.xml +@@ -160,6 +160,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml +index a35dd78c..c093dde9 100644 +--- a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml +@@ -215,6 +215,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml +index a6fcc39c..bd1e3bfd 100644 +--- a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml +@@ -177,6 +177,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0.s390x.xml b/tests/domaincapsdata/qemu_5.2.0.s390x.xml +index 084a221f..ca78cb76 100644 +--- a/tests/domaincapsdata/qemu_5.2.0.s390x.xml ++++ b/tests/domaincapsdata/qemu_5.2.0.s390x.xml +@@ -278,6 +278,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml +index 2889fce1..c960d52b 100644 +--- a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml +@@ -259,6 +259,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml +index 5bc2bdd1..a4367817 100644 +--- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml +@@ -266,6 +266,7 @@ + 450 + + ++ + + + sev +diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml +index a39f777e..3d414601 100644 +--- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml +@@ -280,6 +280,7 @@ + 450 + + ++ + + + sev +diff --git a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml +index 780436ce..152682fe 100644 +--- a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml +@@ -217,6 +217,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml +index 780436ce..152682fe 100644 +--- a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml +@@ -217,6 +217,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.0.0.s390x.xml b/tests/domaincapsdata/qemu_6.0.0.s390x.xml +index 2bc02dd4..ef712c09 100644 +--- a/tests/domaincapsdata/qemu_6.0.0.s390x.xml ++++ b/tests/domaincapsdata/qemu_6.0.0.s390x.xml +@@ -279,6 +279,7 @@ + + + ++ + + + s390-pv +diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml +index 0c322b11..1d27c012 100644 +--- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml +@@ -266,6 +266,7 @@ + 450 + + ++ + + + sev +diff --git a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml +index b5f488d5..5f64467a 100644 +--- a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml +@@ -262,6 +262,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml +index 3137894a..ab50f631 100644 +--- a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml +@@ -275,6 +275,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml +index a99dccf8..49f13ed4 100644 +--- a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml +@@ -262,6 +262,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml +index 2326871d..fd0bdefc 100644 +--- a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml +@@ -262,6 +262,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml +index 4270ba0b..820e7c08 100644 +--- a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml +@@ -277,6 +277,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml +index d0903aac..44868113 100644 +--- a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml +@@ -224,6 +224,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml +index d0903aac..44868113 100644 +--- a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml +@@ -224,6 +224,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml +index fe62364d..7a2f6b5e 100644 +--- a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml +@@ -176,6 +176,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml +index 63ddcaec..3357dc26 100644 +--- a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml +@@ -262,6 +262,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml b/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml +index 32eee7ea..d4b5ef30 100644 +--- a/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml ++++ b/tests/domaincapsdata/qemu_7.0.0-hvf.aarch64+hvf.xml +@@ -178,6 +178,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml +index 83c62a11..5aa10bed 100644 +--- a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml +@@ -272,6 +272,7 @@ +
+ + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml +index 00adacd1..6b00d2a2 100644 +--- a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml +@@ -287,6 +287,7 @@ +
+ + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml +index 216e3999..661c8160 100644 +--- a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml +@@ -223,6 +223,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml +index 216e3999..661c8160 100644 +--- a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml +@@ -223,6 +223,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml +index e0fda8fc..544662cb 100644 +--- a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml +@@ -181,6 +181,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml +index 97e38888..d24320a9 100644 +--- a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml +@@ -272,6 +272,7 @@ +
+ + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml +index 1b55b9b4..8cbc94b5 100644 +--- a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml +@@ -262,6 +262,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml +index 37697928..64d7433c 100644 +--- a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml +@@ -276,6 +276,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml +index bbdf8a60..5e770f07 100644 +--- a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml ++++ b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml +@@ -174,6 +174,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml +index 9d5ff18c..d839197d 100644 +--- a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml +@@ -262,6 +262,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml b/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml +index 091735d8..13385e46 100644 +--- a/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml ++++ b/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml +@@ -186,6 +186,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml +index 73475e49..2d407c92 100644 +--- a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml +@@ -269,6 +269,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml +index 38fedd6c..a8d7816d 100644 +--- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml ++++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml +@@ -267,6 +267,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml +index 38fedd6c..a8d7816d 100644 +--- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml +@@ -267,6 +267,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.2.0.ppc.xml b/tests/domaincapsdata/qemu_7.2.0.ppc.xml +index 416ebc6f..b4908ce2 100644 +--- a/tests/domaincapsdata/qemu_7.2.0.ppc.xml ++++ b/tests/domaincapsdata/qemu_7.2.0.ppc.xml +@@ -161,6 +161,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml +index b8b2aada..58f333fc 100644 +--- a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml +@@ -269,6 +269,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml +index c7c118d5..d70e32c0 100644 +--- a/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml +@@ -270,6 +270,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml b/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml +index af787b8b..7da008be 100644 +--- a/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0-tcg-virt.riscv64.xml +@@ -164,6 +164,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml +index ab81714c..2e8f86bc 100644 +--- a/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml +@@ -272,6 +272,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml b/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml +index 0e3e9b81..81a2855c 100644 +--- a/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0-virt.riscv64.xml +@@ -167,6 +167,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_8.0.0.x86_64.xml b/tests/domaincapsdata/qemu_8.0.0.x86_64.xml +index ad9eaf54..895fb133 100644 +--- a/tests/domaincapsdata/qemu_8.0.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.0.0.x86_64.xml +@@ -270,6 +270,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml +index aa01168a..9f3fdcae 100644 +--- a/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml +@@ -273,6 +273,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml +index 8e33506a..c4c1e3d1 100644 +--- a/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml +@@ -274,6 +274,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.1.0.s390x.xml b/tests/domaincapsdata/qemu_8.1.0.s390x.xml +index 92fa89f0..e70e75e2 100644 +--- a/tests/domaincapsdata/qemu_8.1.0.s390x.xml ++++ b/tests/domaincapsdata/qemu_8.1.0.s390x.xml +@@ -275,6 +275,7 @@ + + + ++ + + + s390-pv +diff --git a/tests/domaincapsdata/qemu_8.1.0.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0.x86_64.xml +index 532a9b2d..57b7eea8 100644 +--- a/tests/domaincapsdata/qemu_8.1.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.1.0.x86_64.xml +@@ -273,6 +273,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml +index cebc4e01..cce8fcaf 100644 +--- a/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml +@@ -275,6 +275,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.2.0-tcg-virt.loongarch64.xml b/tests/domaincapsdata/qemu_8.2.0-tcg-virt.loongarch64.xml +index 3917ce61..728ed3f9 100644 +--- a/tests/domaincapsdata/qemu_8.2.0-tcg-virt.loongarch64.xml ++++ b/tests/domaincapsdata/qemu_8.2.0-tcg-virt.loongarch64.xml +@@ -168,6 +168,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml +index a68b8a6f..16dddea1 100644 +--- a/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml +@@ -274,6 +274,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml +index 2f661b7e..9013e527 100644 +--- a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml ++++ b/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml +@@ -230,6 +230,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_8.2.0-virt.loongarch64.xml b/tests/domaincapsdata/qemu_8.2.0-virt.loongarch64.xml +index edddb6d8..55468c65 100644 +--- a/tests/domaincapsdata/qemu_8.2.0-virt.loongarch64.xml ++++ b/tests/domaincapsdata/qemu_8.2.0-virt.loongarch64.xml +@@ -172,6 +172,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml b/tests/domaincapsdata/qemu_8.2.0.aarch64.xml +index 2f661b7e..9013e527 100644 +--- a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml ++++ b/tests/domaincapsdata/qemu_8.2.0.aarch64.xml +@@ -230,6 +230,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_8.2.0.armv7l.xml b/tests/domaincapsdata/qemu_8.2.0.armv7l.xml +index fb0f7665..862ea3b4 100644 +--- a/tests/domaincapsdata/qemu_8.2.0.armv7l.xml ++++ b/tests/domaincapsdata/qemu_8.2.0.armv7l.xml +@@ -178,6 +178,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_8.2.0.s390x.xml b/tests/domaincapsdata/qemu_8.2.0.s390x.xml +index cc8bbec0..0d1d54f8 100644 +--- a/tests/domaincapsdata/qemu_8.2.0.s390x.xml ++++ b/tests/domaincapsdata/qemu_8.2.0.s390x.xml +@@ -275,6 +275,7 @@ + + + ++ + + + s390-pv +diff --git a/tests/domaincapsdata/qemu_8.2.0.x86_64.xml b/tests/domaincapsdata/qemu_8.2.0.x86_64.xml +index 0bd89504..2918526e 100644 +--- a/tests/domaincapsdata/qemu_8.2.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_8.2.0.x86_64.xml +@@ -275,6 +275,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_9.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_9.0.0-q35.x86_64.xml +index b9a21549..b614b6b7 100644 +--- a/tests/domaincapsdata/qemu_9.0.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_9.0.0-q35.x86_64.xml +@@ -275,6 +275,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_9.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_9.0.0-tcg.x86_64.xml +index 25bf1d84..f917b160 100644 +--- a/tests/domaincapsdata/qemu_9.0.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_9.0.0-tcg.x86_64.xml +@@ -276,6 +276,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_9.0.0.sparc.xml b/tests/domaincapsdata/qemu_9.0.0.sparc.xml +index ab5c3dc4..0cca40dd 100644 +--- a/tests/domaincapsdata/qemu_9.0.0.sparc.xml ++++ b/tests/domaincapsdata/qemu_9.0.0.sparc.xml +@@ -140,6 +140,7 @@ + + + ++ + + + +diff --git a/tests/domaincapsdata/qemu_9.0.0.x86_64.xml b/tests/domaincapsdata/qemu_9.0.0.x86_64.xml +index f785e83f..e0d0220c 100644 +--- a/tests/domaincapsdata/qemu_9.0.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_9.0.0.x86_64.xml +@@ -275,6 +275,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_9.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_9.1.0-q35.x86_64.xml +index ef364621..14f6898c 100644 +--- a/tests/domaincapsdata/qemu_9.1.0-q35.x86_64.xml ++++ b/tests/domaincapsdata/qemu_9.1.0-q35.x86_64.xml +@@ -279,6 +279,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_9.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_9.1.0-tcg.x86_64.xml +index 2415f76f..be36933a 100644 +--- a/tests/domaincapsdata/qemu_9.1.0-tcg.x86_64.xml ++++ b/tests/domaincapsdata/qemu_9.1.0-tcg.x86_64.xml +@@ -275,6 +275,7 @@ + + + ++ + + + relaxed +diff --git a/tests/domaincapsdata/qemu_9.1.0.x86_64.xml b/tests/domaincapsdata/qemu_9.1.0.x86_64.xml +index 8cba35fb..9c669143 100644 +--- a/tests/domaincapsdata/qemu_9.1.0.x86_64.xml ++++ b/tests/domaincapsdata/qemu_9.1.0.x86_64.xml +@@ -279,6 +279,7 @@ + + + ++ + + + relaxed +-- +2.51.0 + diff --git a/debian/patches/backport/0003-src-Add-ARM-CCA-support-in-domain-schema.patch b/debian/patches/backport/0003-src-Add-ARM-CCA-support-in-domain-schema.patch new file mode 100644 index 00000000..0e7de41c --- /dev/null +++ b/debian/patches/backport/0003-src-Add-ARM-CCA-support-in-domain-schema.patch @@ -0,0 +1,324 @@ +From 8127449254052bc2509a58d4e3be3b7223dbb694 Mon Sep 17 00:00:00 2001 +From: WangYuli +Date: Fri, 5 Dec 2025 13:05:21 +0800 +Subject: [PATCH 3/3] src: Add ARM CCA support in domain schema + +bugzilla:https://gitee.com/openeuler/libvirt/issues/ICU4UF?from=project-issue +reference:https://patchew.org/Libvirt/20250612071418.2926384-1-fj1078ii@aa.jp.fujitsu.com/ + +-------------------------------- + +- Add ARM CCA support in domain schema files. + +Signed-off-by: Kazuhiro Abe +Signed-off-by: rpm-build +Signed-off-by: WangYuli +--- + src/conf/schemas/domaincaps.rng | 36 ++++++++++ + src/conf/schemas/domaincommon.rng | 26 +++++++ + src/qemu/qemu_capabilities.c | 113 ++++++++++++++++++++++++++++++ + src/qemu/qemu_capabilities.h | 3 + + 4 files changed, 178 insertions(+) + +diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.rng +index f9b87c8a..be6f0820 100644 +--- a/src/conf/schemas/domaincaps.rng ++++ b/src/conf/schemas/domaincaps.rng +@@ -334,6 +334,9 @@ + + + ++ ++ ++ + + + +@@ -452,6 +455,39 @@ + + + ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ measurement-algo ++ ++ ++ ++ sha256 ++ ++ ++ sha512 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng +index efb5f00d..b4c86cfe 100644 +--- a/src/conf/schemas/domaincommon.rng ++++ b/src/conf/schemas/domaincommon.rng +@@ -523,6 +523,9 @@ + s390-pv + + ++ ++ ++ + + + +@@ -618,6 +621,29 @@ + + + ++ ++ ++ ++ cca ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +