On 03/07/19 10:29, Michal Privoznik wrote:
> The firmware selection code will enable the feature if needed.
> There's no need to require SMM to be enabled in that case.
>
> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
> ---
> src/qemu/qemu_domain.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index e9b2b8453b..32025ea010 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c
> @@ -4155,7 +4155,9 @@ qemuDomainDefValidate(const virDomainDef *def,
> goto cleanup;
> }
>
> - if (def->features[VIR_DOMAIN_FEATURE_SMM] != VIR_TRISTATE_SWITCH_ON) {
> + /* SMM will be enabled by qemuFirmwareFillDomain() if needed. */
> + if (def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_NONE &&
> + def->features[VIR_DOMAIN_FEATURE_SMM] != VIR_TRISTATE_SWITCH_ON) {
> virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> _("Secure boot requires SMM feature enabled"));
> goto cleanup;
>
OK. This makes sense. It restricts the check to the case when the new
feature is not active.
And the new feature does take care of it, in qemuFirmwareFillDomain() ->
qemuFirmwareEnableFeatures().
Reviewed-by: Laszlo Ersek <lersek@xxxxxxxxxx>
Thanks
Laszlo
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
