[libvirt PATCH 8/9] conf: introduce support for firmware auto-selection feature filtering

Pavel Hrdina phrdina at redhat.com
Fri Mar 19 16:10:44 UTC 2021 

On Fri, Mar 19, 2021 at 04:11:39PM +0100, Kashyap Chamarthy wrote:
> On Fri, Mar 19, 2021 at 11:59:11AM +0100, Pavel Hrdina wrote:
> > On Fri, Mar 19, 2021 at 11:10:05AM +0100, Kashyap Chamarthy wrote:
> > > On Thu, Mar 18, 2021 at 01:26:45PM +0100, Pavel Hrdina wrote:
> 
> [...]
> 
> > > Nit: I'd recast it as: "When using firmware auto-selection, different
> > > features are enabled in any given firmware binary."
> > 
> > Sounds a bit better but I've already pushed the patches.
> 
> Np; can be a follow-up.
> 
> [...]
> 
> > > Should we also list a couple of example features?  E.g.  "amd-sev" (on
> > > supported hardware), "acpi-s3", "secure-boot".
> > 
> > I was considering listing all features that the JSON files can have but
> > most of the other features are already controlled by different XML
> > elements. There is an explicit list of features later in the docs.
> 
> Ah, where's the explict list of features?  I don't see them under the
> "BIOS bootloader" section:
> https://libvirt.org/formatdomain.html#bios-bootloader

Under the 'firmware' element there is a description of 'feature' element
that lists mandatory attributes and for attribute 'name' there is a list
of possible features which includes 'enrolled-keys' and 'secure-boot'.

This is the part from formatdomain.rst file:


   ``feature``
      The list of mandatory attributes:

      - ``enabled`` (accepted values are ``yes`` and ``no``) is used to tell libvirt
        if the feature must be enabled or not in the automatically selected firmware

      - ``name`` the name of the feature, the list of the features:

        - ``enrolled-keys`` whether the selected nvram template has default
          certificate enrolled. Firmware with Secure Boot feature but without
          enrolled keys will successfully boot non-signed binaries as well.
          Valid only for firmwares with Secure Boot feature.

        - ``secure-boot`` whether the firmware implements UEFI Secure boot feature.


Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20210319/d89af738/attachment-0001.sig>

More information about the libvir-list mailing list