domcapabilities: remove recommended CPU features from security features

These features are only recommended to be enabled since they improve
performance of the VMs if security features are enabled.

pcid is a very useful perf feature, but missing in some silicon
so not portable.

pdpe1gb lets the guest use 1 GB pages which is good for perf
but again not all silicon can do it.

amd-ssbd is a security feature which fixes the same SSBD flaws as the
virt-ssbd feature does. virt-ssbd is usable across all CPU models
affected by SSBD, while amd-ssbd is only available in very new silicon.
So virt-ssbd is the bette rchoice.

amd-no-ssb just indicates that the CPU is not affected by SSBD, so not
critical to expose. I expect a future named CPU model will include that
where appropriate.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

1 files changed, 0 insertions, 4 deletions

diff --git a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
index 0bc36089..08f9cbb7 100644
--- a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
+++ b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
@@ -94,8 +94,6 @@
     <model>foobar</model>
     <vendor>meee</vendor>
     <topology sockets="2" cores="2" threads="2"/>
-    <feature policy="require" name="pcid"/>
-    <feature policy="require" name="pdpe1gb"/>
     <feature policy="force" name="x2apic"/>
     <feature policy="force" name="x2apicagain"/>
     <feature policy="require" name="reqtest"/>
@@ -291,8 +289,6 @@
     <model>foobar</model>
     <vendor>meee</vendor>
     <topology sockets="2" cores="2" threads="2"/>
-    <feature policy="require" name="pcid"/>
-    <feature policy="require" name="pdpe1gb"/>
     <feature policy="force" name="x2apic"/>
     <feature policy="force" name="x2apicagain"/>
     <feature policy="require" name="reqtest"/>