[libvirt-users] libvirt and UEFI/SecureBoot
Shmuel Melamud
smelamud at redhat.com
Sun Jul 15 18:22:35 UTC 2018
Hi!
I'm working currently on integration of UEFI/SecureBoot support into
oVirt. And I have several questions about UEFI/SecureBoot support in
libvirt. Can you please help me with them?
For UEFI I add the following to the XML:
<loader readonly="yes" secure="no" type="pflash">
/usr/share/OVMF/OVMF_CODE.secboot.fd
</loader>
<nvram template="/usr/share/OVMF/OVMF_VARS.fd">
/var/lib/libvirt/qemu/nvram/VM_UUID.fd
</nvram>
1. Are all paths mandatory or there are some defaults?
2. If nvram image file is absent, libvirt creates it?
3. Is nvram image file only read or is it also written?
4. If nvram image file is present, is it used? Or removed and created again?
5. Is nvram image file used only on VM startup, or it must be present
all the time the VM is running? Is it used on VM shutdown?
6. What happens if the VM is migrated at the moment when nvram image
file is used? Is this file migrated also?
7. Is it enough to set secure="yes" to boot the VM with SecureBoot? Or
I need to prepare the nvram somehow (install keys etc.)?
8. How to verify that the VM was indeed booted with UEFI? With SecureBoot?
Shmuel
More information about the libvirt-users
mailing list