diff options
| author | Cole Robinson <crobinso@redhat.com> | 2022-02-28 08:36:52 -0500 |
|---|---|---|
| committer | Cole Robinson <crobinso@redhat.com> | 2022-02-28 08:45:18 -0500 |
| commit | e0c5d74e82eca646ed46055d224d32eab3a49e17 (patch) | |
| tree | a04580452e632013ae79bdcbcdad0728746817e7 /virtinst/domain | |
| parent | 1aaa28e26a379a9b5559d61aadf05c41d72aa8cf (diff) | |
| download | virt-manager-e0c5d74e82eca646ed46055d224d32eab3a49e17.tar.gz | |
domain: launch_security: simplify defaults and validation
* libvirt fills in cbitpos and reducedPhysBits for us
* libvirt errors if type is missing
* libvirt errors if host/qemu doesn't support sev
So drop it all. This simplifies testing because we don't need
sev domcaps in place just to generate the XML
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Diffstat (limited to 'virtinst/domain')
| -rw-r--r-- | virtinst/domain/launch_security.py | 24 |
1 files changed, 1 insertions, 23 deletions
diff --git a/virtinst/domain/launch_security.py b/virtinst/domain/launch_security.py index 03c03dfe..7af71811 100644 --- a/virtinst/domain/launch_security.py +++ b/virtinst/domain/launch_security.py @@ -18,27 +18,10 @@ class DomainLaunchSecurity(XMLBuilder): dhCert = XMLProperty("./dhCert") kernelHashes = XMLProperty("./@kernelHashes", is_yesno=True) - def is_sev(self): - return self.type == "sev" - - def validate(self): - if not self.type: - raise RuntimeError(_("Missing mandatory attribute 'type'")) - def _set_defaults_sev(self, guest): - # SeaBIOS doesn't have support for SEV. Q35 defaults to virtio 1.0, - # which we need so let's not go through the 'virtio-transitional' - # exercise for pc-i440fx to make SEV work, AMD recommends Q35 anyway - # NOTE: at some point both of these platform checks should be put in - # validate(), once that accepts the 'guest' instance if not guest.os.is_q35() or not guest.is_uefi(): raise RuntimeError(_("SEV launch security requires a Q35 UEFI machine")) - # libvirt or QEMU might not support SEV - domcaps = guest.lookup_domcaps() - if not domcaps.supports_sev_launch_security(): - raise RuntimeError(_("SEV launch security is not supported on this platform")) - # 'policy' is a mandatory 4-byte argument for the SEV firmware, # if missing, let's use 0x03 which, according to the table at # https://libvirt.org/formatdomain.html#launchSecurity: @@ -47,11 +30,6 @@ class DomainLaunchSecurity(XMLBuilder): if self.policy is None: self.policy = "0x03" - if self.cbitpos is None: - self.cbitpos = domcaps.features.sev.cbitpos - if self.reducedPhysBits is None: - self.reducedPhysBits = domcaps.features.sev.reducedPhysBits - def set_defaults(self, guest): - if self.is_sev(): + if self.type == "sev": return self._set_defaults_sev(guest) |