Zhuoying Cai <[email protected]> writes: > Introduce a new `boot-certs` machine type option for the s390-ccw-virtio > machine. This allows users to specify one or more certificate file paths > or directories to be used during secure boot. > > Each entry is specified using the syntax: > boot-certs.<index>.path=/path/to/cert.pem > > Multiple paths can be specify using array properties: > boot-certs.0.path=/path/to/cert.pem, > boot-certs.1.path=/path/to/cert-dir, > boot-certs.2.path=/path/to/another-dir...
Given we can specifiy a directory containing any number of certificate files, is the ability to specify multiple paths worth the additional complexity? > Signed-off-by: Zhuoying Cai <[email protected]> [...] > diff --git a/qapi/machine-s390x.json b/qapi/machine-s390x.json > index 966dbd61d2..51bf791fe6 100644 > --- a/qapi/machine-s390x.json > +++ b/qapi/machine-s390x.json > @@ -119,3 +119,25 @@ > { 'command': 'query-s390x-cpu-polarization', 'returns': > 'CpuPolarizationInfo', > 'features': [ 'unstable' ] > } > + > +## > +# @BootCertificate: > +# > +# Boot certificate for secure IPL. > +# > +# @path: path to an X.509 certificate file or a directory containing > certificate files. > +# > +# Since: 10.2 > +## > +{ 'struct': 'BootCertificate', > + 'data': {'path': 'str'} } I'd call this BootCertificates (plural), because it can pull in any number, not just than one. > + > +## > +# @DummyBootCertificates: > +# > +# Not used by QMP; hack to let us use BootCertificateList internally. > +# > +# Since: 10.2 > +## > +{ 'struct': 'DummyBootCertificates', > + 'data': {'unused-boot-certs': ['BootCertificate'] } } > diff --git a/qapi/pragma.json b/qapi/pragma.json > index 023a2ef7bc..66401837ad 100644 > --- a/qapi/pragma.json > +++ b/qapi/pragma.json > @@ -49,6 +49,7 @@ > 'DisplayProtocol', > 'DriveBackupWrapper', > 'DummyBlockCoreForceArrays', > + 'DummyBootCertificates', > 'DummyForceArrays', > 'DummyVirtioForceArrays', > 'HotKeyMod',
