mirror of
https://github.com/virt-manager/virt-manager.git
synced 2024-10-26 17:25:22 +03:00
virt-install: add support for loader secure attribute
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
This commit is contained in:
parent
f38c56c971
commit
24f9d05329
@ -519,13 +519,14 @@ correct UEFI parameters, libvirt needs to be advertising known UEFI binaries
|
||||
via domcapabilities XML, so this will likely only work if using properly
|
||||
configured distro packages.
|
||||
|
||||
=item B<--boot loader=/.../OVMF_CODE.fd,loader_ro=yes,loader_type=pflash,nvram_template=/.../OVMF_VARS.fd>
|
||||
=item B<--boot loader=/.../OVMF_CODE.fd,loader_ro=yes,loader_type=pflash,nvram_template=/.../OVMF_VARS.fd,loader_secure=no>
|
||||
|
||||
Specify that the virtual machine use the custom OVMF binary as boot firmware,
|
||||
mapped as a virtual flash chip. In addition, request that libvirt instantiate
|
||||
the VM-specific UEFI varstore from the custom "/.../OVMF_VARS.fd" varstore
|
||||
template. This is the recommended UEFI setup, and should be used if
|
||||
--boot uefi doesn't know about your UEFI binaries.
|
||||
--boot uefi doesn't know about your UEFI binaries. If your UEFI firmware
|
||||
supports Secure boot feature you can enable it via loader_secure.
|
||||
|
||||
=back
|
||||
|
||||
|
@ -0,0 +1,29 @@
|
||||
<domain type="test">
|
||||
<name>foobar</name>
|
||||
<uuid>00000000-1111-2222-3333-444444444444</uuid>
|
||||
<memory>65536</memory>
|
||||
<currentMemory>65536</currentMemory>
|
||||
<vcpu>1</vcpu>
|
||||
<os>
|
||||
<type arch="i686">hvm</type>
|
||||
<loader secure="yes">/path/to/loader</loader>
|
||||
<boot dev="hd"/>
|
||||
</os>
|
||||
<features>
|
||||
<pae/>
|
||||
</features>
|
||||
<clock offset="utc"/>
|
||||
<pm>
|
||||
<suspend-to-mem enabled="no"/>
|
||||
<suspend-to-disk enabled="no"/>
|
||||
</pm>
|
||||
<devices>
|
||||
<emulator>/usr/bin/test-hv</emulator>
|
||||
<controller type="usb" index="0" model="none"/>
|
||||
<interface type="user">
|
||||
<mac address="00:11:22:33:44:55"/>
|
||||
</interface>
|
||||
<input type="mouse" bus="ps2"/>
|
||||
<console type="pty"/>
|
||||
</devices>
|
||||
</domain>
|
@ -561,6 +561,14 @@ c.add_compare("--features smm=on", "features-smm")
|
||||
c.add_invalid("--features smm=on --machine pc")
|
||||
|
||||
|
||||
########################
|
||||
# Boot install options #
|
||||
########################
|
||||
|
||||
c = vinst.add_category("boot", "--nographics --noautoconsole --import --disk none --controller usb,model=none")
|
||||
c.add_compare("--boot loader=/path/to/loader,loader_secure=yes", "boot-loader-secure")
|
||||
|
||||
|
||||
######################################
|
||||
# Memory hot(un)plug install options #
|
||||
######################################
|
||||
|
@ -1587,6 +1587,13 @@ class ParserBoot(VirtCLIParser):
|
||||
inst.os.smbios_mode = val
|
||||
self.optdict["smbios_mode"] = val
|
||||
|
||||
def set_loader_secure_cb(self, inst, val, virtarg):
|
||||
if not inst.conn.check_support(inst.conn.SUPPORT_DOMAIN_LOADER_SECURE):
|
||||
raise RuntimeError("secure attribute for loader is not supported "
|
||||
"by libvirt.")
|
||||
inst.os.loader_secure = val
|
||||
return val
|
||||
|
||||
def noset_cb(self, inst, val, virtarg):
|
||||
pass
|
||||
|
||||
@ -1623,6 +1630,8 @@ ParserBoot.add_arg("os.dtb", "dtb")
|
||||
ParserBoot.add_arg("os.loader", "loader")
|
||||
ParserBoot.add_arg("os.loader_ro", "loader_ro", is_onoff=True)
|
||||
ParserBoot.add_arg("os.loader_type", "loader_type")
|
||||
ParserBoot.add_arg("os.loader_secure", "loader_secure", is_onoff=True,
|
||||
cb=ParserBoot.set_loader_secure_cb)
|
||||
ParserBoot.add_arg("os.nvram", "nvram")
|
||||
ParserBoot.add_arg("os.nvram_template", "nvram_template")
|
||||
ParserBoot.add_arg("os.kernel_args", "kernel_args",
|
||||
|
@ -116,6 +116,7 @@ class OSXML(XMLBuilder):
|
||||
loader = XMLProperty("./loader")
|
||||
loader_ro = XMLProperty("./loader/@readonly", is_yesno=True)
|
||||
loader_type = XMLProperty("./loader/@type")
|
||||
loader_secure = XMLProperty("./loader/@secure", is_yesno=True)
|
||||
smbios_mode = XMLProperty("./smbios/@mode")
|
||||
nvram = XMLProperty("./nvram")
|
||||
nvram_template = XMLProperty("./nvram/@template")
|
||||
|
@ -362,6 +362,7 @@ SUPPORT_DOMAIN_STATE = _make(function="virDomain.state", run_args=())
|
||||
SUPPORT_DOMAIN_OPEN_GRAPHICS = _make(function="virDomain.openGraphicsFD",
|
||||
version="1.2.8", hv_version={"qemu": 0})
|
||||
SUPPORT_DOMAIN_FEATURE_SMM = _make(version="2.1.0")
|
||||
SUPPORT_DOMAIN_LOADER_SECURE = _make(version="2.1.0")
|
||||
|
||||
|
||||
###############
|
||||
|
Loading…
Reference in New Issue
Block a user