virt-install: add support for loader secure attribute

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
2024-10-26 08:55:13 +03:00 · 2017-01-26 16:11:31 +01:00 · 2017-01-26 16:11:31 +01:00 · 24f9d05329
commit 24f9d05329
parent f38c56c971
6 changed files with 51 additions and 2 deletions
--- a/man/virt-install.pod
+++ b/man/virt-install.pod
@ -519,13 +519,14 @@ correct UEFI parameters, libvirt needs to be advertising known UEFI binaries
 via domcapabilities XML, so this will likely only work if using properly
 configured distro packages.

-=item B<--boot loader=/.../OVMF_CODE.fd,loader_ro=yes,loader_type=pflash,nvram_template=/.../OVMF_VARS.fd>
+=item B<--boot loader=/.../OVMF_CODE.fd,loader_ro=yes,loader_type=pflash,nvram_template=/.../OVMF_VARS.fd,loader_secure=no>

 Specify that the virtual machine use the custom OVMF binary as boot firmware,
 mapped as a virtual flash chip. In addition, request that libvirt instantiate
 the VM-specific UEFI varstore from the custom "/.../OVMF_VARS.fd" varstore
 template. This is the recommended UEFI setup, and should be used if
--boot uefi doesn't know about your UEFI binaries.
+--boot uefi doesn't know about your UEFI binaries. If your UEFI firmware
+supports Secure boot feature you can enable it via loader_secure.

 =back

--- a/tests/cli-test-xml/compare/virt-install-boot-loader-secure.xml
+++ b/tests/cli-test-xml/compare/virt-install-boot-loader-secure.xml
@ -0,0 +1,29 @@
+<domain type="test">
+  <name>foobar</name>
+  <uuid>00000000-1111-2222-3333-444444444444</uuid>
+  <memory>65536</memory>
+  <currentMemory>65536</currentMemory>
+  <vcpu>1</vcpu>
+  <os>
+    <type arch="i686">hvm</type>
+    <loader secure="yes">/path/to/loader</loader>
+    <boot dev="hd"/>
+  </os>
+  <features>
+    <pae/>
+  </features>
+  <clock offset="utc"/>
+  <pm>
+    <suspend-to-mem enabled="no"/>
+    <suspend-to-disk enabled="no"/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/test-hv</emulator>
+    <controller type="usb" index="0" model="none"/>
+    <interface type="user">
+      <mac address="00:11:22:33:44:55"/>
+    </interface>
+    <input type="mouse" bus="ps2"/>
+    <console type="pty"/>
+  </devices>
+</domain>
--- a/tests/clitest.py
+++ b/tests/clitest.py
@ -561,6 +561,14 @@ c.add_compare("--features smm=on", "features-smm")
 c.add_invalid("--features smm=on --machine pc")


+########################
+# Boot install options #
+########################
+
+c = vinst.add_category("boot", "--nographics --noautoconsole --import --disk none --controller usb,model=none")
+c.add_compare("--boot loader=/path/to/loader,loader_secure=yes", "boot-loader-secure")
+
+
 ######################################
 # Memory hot(un)plug install options #
 ######################################
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@ -1587,6 +1587,13 @@ class ParserBoot(VirtCLIParser):
        inst.os.smbios_mode = val
        self.optdict["smbios_mode"] = val

+    def set_loader_secure_cb(self, inst, val, virtarg):
+        if not inst.conn.check_support(inst.conn.SUPPORT_DOMAIN_LOADER_SECURE):
+            raise RuntimeError("secure attribute for loader is not supported "
+                               "by libvirt.")
+        inst.os.loader_secure = val
+        return val
+
    def noset_cb(self, inst, val, virtarg):
        pass

@ -1623,6 +1630,8 @@ ParserBoot.add_arg("os.dtb", "dtb")
 ParserBoot.add_arg("os.loader", "loader")
 ParserBoot.add_arg("os.loader_ro", "loader_ro", is_onoff=True)
 ParserBoot.add_arg("os.loader_type", "loader_type")
+ParserBoot.add_arg("os.loader_secure", "loader_secure", is_onoff=True,
+                   cb=ParserBoot.set_loader_secure_cb)
 ParserBoot.add_arg("os.nvram", "nvram")
 ParserBoot.add_arg("os.nvram_template", "nvram_template")
 ParserBoot.add_arg("os.kernel_args", "kernel_args",
--- a/virtinst/osxml.py
+++ b/virtinst/osxml.py
@ -116,6 +116,7 @@ class OSXML(XMLBuilder):
    loader = XMLProperty("./loader")
    loader_ro = XMLProperty("./loader/@readonly", is_yesno=True)
    loader_type = XMLProperty("./loader/@type")
+    loader_secure = XMLProperty("./loader/@secure", is_yesno=True)
    smbios_mode = XMLProperty("./smbios/@mode")
    nvram = XMLProperty("./nvram")
    nvram_template = XMLProperty("./nvram/@template")
--- a/virtinst/support.py
+++ b/virtinst/support.py
@ -362,6 +362,7 @@ SUPPORT_DOMAIN_STATE = _make(function="virDomain.state", run_args=())
 SUPPORT_DOMAIN_OPEN_GRAPHICS = _make(function="virDomain.openGraphicsFD",
    version="1.2.8", hv_version={"qemu": 0})
 SUPPORT_DOMAIN_FEATURE_SMM = _make(version="2.1.0")
+SUPPORT_DOMAIN_LOADER_SECURE = _make(version="2.1.0")


 ###############