"pvpanic", /* QEMU_CAPS_DEVICE_PANIC */
/* 160 */
- "enable-fips", /* QEMU_CAPS_ENABLE_FIPS */
+ "enable-fips", /* X_QEMU_CAPS_ENABLE_FIPS */
"spice-file-xfer-disable", /* X_QEMU_CAPS_SPICE_FILE_XFER_DISABLE */
"spiceport", /* X_QEMU_CAPS_CHARDEV_SPICEPORT */
"usb-kbd", /* QEMU_CAPS_DEVICE_USB_KBD */
QEMU_CAPS_DEVICE_PANIC, /* -device pvpanic */
/* 160 */
- QEMU_CAPS_ENABLE_FIPS, /* -enable-fips */
+ X_QEMU_CAPS_ENABLE_FIPS, /* -enable-fips */
X_QEMU_CAPS_SPICE_FILE_XFER_DISABLE, /* -spice disable-agent-file-xfer */
X_QEMU_CAPS_CHARDEV_SPICEPORT, /* -chardev spiceport */
QEMU_CAPS_DEVICE_USB_KBD, /* -device usb-kbd */
if (qemuBuildPflashBlockdevCommandLine(cmd, vm) < 0)
return NULL;
- /* QEMU 1.2 and later have a binary flag -enable-fips that must be
- * used for VNC auth to obey FIPS settings; but the flag only
- * exists on Linux, and with no way to probe for it via QMP. Our
- * solution: if FIPS mode is required, then unconditionally use the flag.
- *
- * In QEMU 5.2.0, use of -enable-fips was deprecated. In scenarios
- * where FIPS is required, QEMU must be built against libgcrypt
- * which automatically enforces FIPS compliance.
- *
- * Note this is the only use of driver->hostFips.
- */
- if (driver->hostFips &&
- virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_ENABLE_FIPS))
- virCommandAddArg(cmd, "-enable-fips");
-
if (qemuBuildMachineCommandLine(cmd, cfg, def, qemuCaps, priv) < 0)
return NULL;
projects / libvirt.git / commitdiff