On Wed, Feb 27, 2019 at 11:04:32AM +0100, Michal Privoznik wrote: > Libvirt allows specifying firmware for domains for quite some time now. > However, problem for mgmt applications is that they do not know which > firmware to chose as all they see are their paths and from that it's > impossible to tell whether one of them supports say secure boot. > > This problem was addressed by qemu where Lazslo and Daniel created a > document, specification which describes metadata for each individual > firmware image. In the description (which itself is a JSON file for easy > machine parsing) then it's specified whether the firmware it's > describing supports secureboot, s3/s4 states, it it's bios or efi, and > so on. > > These patches take advantage of that, and even though the description > files are not picked up by that many distributions yet, it allows users > to not care about putting specific firmware path into their domain XML. > It's as easy as: > > <os firmware='efi'> > <loader secure='yes'/> > </os> Nice, _much_ better than how certain management tools hard-code the path to firmware binaries :-) Thanks for working on this patch series. I'll give them a spin sometime this or early next week. > to have libvirt pick up OVMF image with secure enabled boot (and enabled > System Management Mode at the same time). > > The metadata specification lives under > qemu.git/docs/interop/firmware.json and I highly recommend you go and > read it before reviewing (unless you're Laszlo or Daniel in which case > you already know what the document says). > > As usual, you can find my patches at my github: > > https://github.com/zippy2/libvirt/commits/firmware_v1 [...] -- /kashyap -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
