schema: Extend schema for TPM emulator profile node

Extend the schema for the TPM emulator profile node. Require that the
profile the user provides is described in a 'source' attribute. An optional
remove_disabled attribute is also supported for swtpm to automatically
remove algorithms from the 'custom' profile if they are disabled by FIPS
mode on the host.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 2ba94d1f028dbf5965729498c3211017694f05f7..91711470f1f1260143bf864031c1177c01398739 100644 (file)
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -5929,6 +5929,7 @@
             <ref name="tpm-backend-emulator-encryption"/>
             <ref name="tpm-backend-emulator-active-pcr-banks"/>
             <ref name="tpm-backend-emulator-source"/>
+            <ref name="tpm-backend-emulator-profile"/>
           </interleave>
           <optional>
             <attribute name="persistent_state">
@@ -6051,6 +6052,30 @@
     </optional>
   </define>
 
+  <define name="profileName">
+    <data type="string">
+      <param name="pattern">[A-Za-z0-9.\-:]+</param>
+    </data>
+  </define>
+
+  <define name="tpm-backend-emulator-profile">
+    <optional>
+      <element name="profile">
+        <attribute name="source">
+          <ref name="profileName"/>
+        </attribute>
+        <optional>
+          <attribute name="removeDisabled">
+            <choice>
+              <value>check</value>
+              <value>fips-host</value>
+            </choice>
+          </attribute>
+        </optional>
+      </element>
+    </optional>
+  </define>
+
   <define name="vsock">
     <element name="vsock">
       <optional>