mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-10 05:17:59 +03:00
kbase: More info on firmware change for existing VMs
The need to remove the <loader> and <nvram> elements in order to make the firmware autoselection process kick in again is not exactly intuitive, so document it explicitly. Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
65bf8fc9cf
commit
b31380c758
@ -72,16 +72,36 @@ relevant documentation
|
||||
Changing an existing VM
|
||||
=======================
|
||||
|
||||
Once the VM has been created, updating the XML configuration as
|
||||
described above is **not** enough to change the Secure Boot status:
|
||||
the NVRAM file associated with the VM has to be regenerated from its
|
||||
template as well.
|
||||
When a VM is defined, libvirt will pick the firmware that best
|
||||
satisfies the provided criteria and record this information for use
|
||||
on subsequent boots. The resulting XML configuration will look like
|
||||
this:
|
||||
|
||||
::
|
||||
|
||||
<os firmware='efi'>
|
||||
<firmware>
|
||||
<feature enabled='yes' name='enrolled-keys'/>
|
||||
<feature enabled='yes' name='secure-boot'/>
|
||||
</firmware>
|
||||
<loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
|
||||
<nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/vm_VARS.fd</nvram>
|
||||
</os>
|
||||
|
||||
In order to force libvirt to repeat the firmware autoselection
|
||||
process, it's necessary to remove the ``<loader>`` and ``<nvram>``
|
||||
elements. Failure to do so will likely result in an error.
|
||||
|
||||
Note that updating the XML configuration as described above is
|
||||
**not** enough to change the Secure Boot status: the NVRAM file
|
||||
associated with the VM has to be regenerated from its template as
|
||||
well.
|
||||
|
||||
In order to do that, update the XML and then start the VM with
|
||||
|
||||
::
|
||||
|
||||
$ virsh start $vm --reset-nvram
|
||||
$ virsh start vm --reset-nvram
|
||||
|
||||
This option is only available starting with libvirt 8.1.0, so if your
|
||||
version of libvirt is older than that you will have to delete the
|
||||
|
Loading…
Reference in New Issue
Block a user