[libvirt PATCH 8/9] conf: introduce support for firmware auto-selection feature filtering
Pavel Hrdina
phrdina at redhat.com
Fri Mar 19 16:10:44 UTC 2021
On Fri, Mar 19, 2021 at 04:11:39PM +0100, Kashyap Chamarthy wrote:
> On Fri, Mar 19, 2021 at 11:59:11AM +0100, Pavel Hrdina wrote:
> > On Fri, Mar 19, 2021 at 11:10:05AM +0100, Kashyap Chamarthy wrote:
> > > On Thu, Mar 18, 2021 at 01:26:45PM +0100, Pavel Hrdina wrote:
>
> [...]
>
> > > Nit: I'd recast it as: "When using firmware auto-selection, different
> > > features are enabled in any given firmware binary."
> >
> > Sounds a bit better but I've already pushed the patches.
>
> Np; can be a follow-up.
>
> [...]
>
> > > Should we also list a couple of example features? E.g. "amd-sev" (on
> > > supported hardware), "acpi-s3", "secure-boot".
> >
> > I was considering listing all features that the JSON files can have but
> > most of the other features are already controlled by different XML
> > elements. There is an explicit list of features later in the docs.
>
> Ah, where's the explict list of features? I don't see them under the
> "BIOS bootloader" section:
> https://libvirt.org/formatdomain.html#bios-bootloader
Under the 'firmware' element there is a description of 'feature' element
that lists mandatory attributes and for attribute 'name' there is a list
of possible features which includes 'enrolled-keys' and 'secure-boot'.
This is the part from formatdomain.rst file:
``feature``
The list of mandatory attributes:
- ``enabled`` (accepted values are ``yes`` and ``no``) is used to tell libvirt
if the feature must be enabled or not in the automatically selected firmware
- ``name`` the name of the feature, the list of the features:
- ``enrolled-keys`` whether the selected nvram template has default
certificate enrolled. Firmware with Secure Boot feature but without
enrolled keys will successfully boot non-signed binaries as well.
Valid only for firmwares with Secure Boot feature.
- ``secure-boot`` whether the firmware implements UEFI Secure boot feature.
Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20210319/d89af738/attachment-0001.sig>
More information about the libvir-list
mailing list