Both default to 'false' to maintain the historical behaviour. If 'require-secure' is set to 'yes', then types which explicitly declare themselves as secure are required.
If 'prohibit-insecure' is set to 'yes', then types which explicitly declare themselves as insecure are forbidden. Signed-off-by: Daniel P. Berrangé <[email protected]> --- hw/core/machine.c | 60 +++++++++++++++++++++++++++++++++++++++++++++ include/hw/boards.h | 5 ++++ 2 files changed, 65 insertions(+) diff --git a/hw/core/machine.c b/hw/core/machine.c index 38c949c4f2..b43c315bab 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -440,6 +440,34 @@ static void machine_set_dump_guest_core(Object *obj, bool value, Error **errp) ms->dump_guest_core = value; } +static bool machine_get_require_secure(Object *obj, Error **errp) +{ + MachineState *ms = MACHINE(obj); + + return ms->require_secure; +} + +static void machine_set_require_secure(Object *obj, bool value, Error **errp) +{ + MachineState *ms = MACHINE(obj); + + ms->require_secure = value; +} + +static bool machine_get_prohibit_insecure(Object *obj, Error **errp) +{ + MachineState *ms = MACHINE(obj); + + return ms->prohibit_insecure; +} + +static void machine_set_prohibit_insecure(Object *obj, bool value, Error **errp) +{ + MachineState *ms = MACHINE(obj); + + ms->prohibit_insecure = value; +} + static bool machine_get_mem_merge(Object *obj, Error **errp) { MachineState *ms = MACHINE(obj); @@ -1245,6 +1273,17 @@ static void machine_class_init(ObjectClass *oc, const void *data) NULL, NULL); object_class_property_set_description(oc, "memory", "Memory size configuration"); + + object_class_property_add_bool(oc, "require-secure", + machine_get_require_secure, machine_set_require_secure); + object_class_property_set_description(oc, "require-secure", + "Define whether explicitly secure impls are required"); + + object_class_property_add_bool(oc, "prohibit-insecure", + machine_get_prohibit_insecure, machine_set_prohibit_insecure); + object_class_property_set_description(oc, "prohibit-insecure", + "Define whether explicitly insecure impls are prohibited"); + } static void machine_class_base_init(ObjectClass *oc, const void *data) @@ -1269,6 +1308,8 @@ static void machine_initfn(Object *obj) MachineClass *mc = MACHINE_GET_CLASS(obj); ms->dump_guest_core = true; + ms->require_secure = false; + ms->prohibit_insecure = false; ms->mem_merge = (QEMU_MADV_MERGEABLE != QEMU_MADV_INVALID); ms->enable_graphics = true; ms->kernel_cmdline = g_strdup(""); @@ -1362,6 +1403,25 @@ bool machine_dump_guest_core(MachineState *machine) return machine->dump_guest_core; } +bool machine_check_security(MachineState *machine, + ObjectClass *cls, + Error **errp) +{ + if (machine->require_secure && + !object_class_is_secure(cls)) { + error_setg(errp, "Type '%s' is not declared as secure", + object_class_get_name(cls)); + return false; + } + if (machine->prohibit_insecure && + object_class_is_insecure(cls)) { + error_setg(errp, "Type '%s' is declared as insecure", + object_class_get_name(cls)); + return false; + } + return true; +} + bool machine_mem_merge(MachineState *machine) { return machine->mem_merge; diff --git a/include/hw/boards.h b/include/hw/boards.h index 665b620121..61f6942016 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -36,6 +36,9 @@ void machine_run_board_init(MachineState *machine, const char *mem_path, Error * bool machine_usb(MachineState *machine); int machine_phandle_start(MachineState *machine); bool machine_dump_guest_core(MachineState *machine); +bool machine_check_security(MachineState *machine, + ObjectClass *cls, + Error **errp); bool machine_mem_merge(MachineState *machine); bool machine_require_guest_memfd(MachineState *machine); HotpluggableCPUList *machine_query_hotpluggable_cpus(MachineState *machine); @@ -403,6 +406,8 @@ struct MachineState { int phandle_start; char *dt_compatible; bool dump_guest_core; + bool require_secure; + bool prohibit_insecure; bool mem_merge; bool usb; bool usb_disabled; -- 2.50.1
