Re: [libvirt PATCH 8/9] conf: introduce support for firmware auto-selection feature filtering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Mar 19, 2021 at 04:11:39PM +0100, Kashyap Chamarthy wrote:
> On Fri, Mar 19, 2021 at 11:59:11AM +0100, Pavel Hrdina wrote:
> > On Fri, Mar 19, 2021 at 11:10:05AM +0100, Kashyap Chamarthy wrote:
> > > On Thu, Mar 18, 2021 at 01:26:45PM +0100, Pavel Hrdina wrote:
> 
> [...]
> 
> > > Nit: I'd recast it as: "When using firmware auto-selection, different
> > > features are enabled in any given firmware binary."
> > 
> > Sounds a bit better but I've already pushed the patches.
> 
> Np; can be a follow-up.
> 
> [...]
> 
> > > Should we also list a couple of example features?  E.g.  "amd-sev" (on
> > > supported hardware), "acpi-s3", "secure-boot".
> > 
> > I was considering listing all features that the JSON files can have but
> > most of the other features are already controlled by different XML
> > elements. There is an explicit list of features later in the docs.
> 
> Ah, where's the explict list of features?  I don't see them under the
> "BIOS bootloader" section:
> https://libvirt.org/formatdomain.html#bios-bootloader

Under the 'firmware' element there is a description of 'feature' element
that lists mandatory attributes and for attribute 'name' there is a list
of possible features which includes 'enrolled-keys' and 'secure-boot'.

This is the part from formatdomain.rst file:


   ``feature``
      The list of mandatory attributes:

      - ``enabled`` (accepted values are ``yes`` and ``no``) is used to tell libvirt
        if the feature must be enabled or not in the automatically selected firmware

      - ``name`` the name of the feature, the list of the features:

        - ``enrolled-keys`` whether the selected nvram template has default
          certificate enrolled. Firmware with Secure Boot feature but without
          enrolled keys will successfully boot non-signed binaries as well.
          Valid only for firmwares with Secure Boot feature.

        - ``secure-boot`` whether the firmware implements UEFI Secure boot feature.


Pavel

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux