From 66ce6f3c986c0e2122989ce9519153ac8aec9745 Mon Sep 17 00:00:00 2001 From: Ricardo Diaz Date: Fri, 17 Sep 2021 14:14:20 +0200 Subject: [PATCH] B #-: No tag secure when using UEFI loader (#1462) --- src/vmm/LibVirtDriverKVM.cc | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/src/vmm/LibVirtDriverKVM.cc b/src/vmm/LibVirtDriverKVM.cc index 5e131acac3..00590abdde 100644 --- a/src/vmm/LibVirtDriverKVM.cc +++ b/src/vmm/LibVirtDriverKVM.cc @@ -417,7 +417,7 @@ int LibVirtDriver::validate_template(const VirtualMachine* vm, int hid, string firmware; - get_attribute(vm, host, cluster, "OS", "FIRMWARE", firmware); + get_attribute(vm, nullptr, nullptr, "OS", "FIRMWARE", firmware); if ( !firmware.empty() && !one_util::icasecmp(firmware, "BIOS") ) { @@ -798,11 +798,24 @@ int LibVirtDriver::deployment_description_kvm( << "\n"; } + bool boot_secure = false; + string firmware; - get_attribute(vm, host, cluster, "OS", "FIRMWARE", firmware); + + get_attribute(vm, nullptr, nullptr, "OS", "FIRMWARE", firmware); + if ( !firmware.empty() && !one_util::icasecmp(firmware, "BIOS") ) { - file << "\t\t" + string firmware_secure = "no"; + + if ( get_attribute(vm, nullptr, nullptr, "OS", "FIRMWARE_SECURE", boot_secure) && + boot_secure) + { + firmware_secure = "yes"; + } + + file << "\t\t" << firmware << "\n"; file << "\t\t" @@ -1830,7 +1843,7 @@ int LibVirtDriver::deployment_description_kvm( get_attribute(vm, host, cluster, "FEATURES", "GUEST_AGENT", guest_agent); get_attribute(vm, host, cluster, "FEATURES", "VIRTIO_SCSI_QUEUES", virtio_scsi_queues); - if ( acpi || pae || apic || hyperv ) + if ( acpi || pae || apic || hyperv || boot_secure) { file << "\t" << endl; @@ -1858,6 +1871,11 @@ int LibVirtDriver::deployment_description_kvm( file << "\t\t" << endl; } + if ( boot_secure ) + { + file << "\t\t" << endl; + } + file << "\t" << endl; }