On Fri, Mar 19, 2021 at 04:11:39PM +0100, Kashyap Chamarthy wrote: > On Fri, Mar 19, 2021 at 11:59:11AM +0100, Pavel Hrdina wrote: > > On Fri, Mar 19, 2021 at 11:10:05AM +0100, Kashyap Chamarthy wrote: > > > On Thu, Mar 18, 2021 at 01:26:45PM +0100, Pavel Hrdina wrote: > > [...] > > > > Nit: I'd recast it as: "When using firmware auto-selection, different > > > features are enabled in any given firmware binary." > > > > Sounds a bit better but I've already pushed the patches. > > Np; can be a follow-up. > > [...] > > > > Should we also list a couple of example features? E.g. "amd-sev" (on > > > supported hardware), "acpi-s3", "secure-boot". > > > > I was considering listing all features that the JSON files can have but > > most of the other features are already controlled by different XML > > elements. There is an explicit list of features later in the docs. > > Ah, where's the explict list of features? I don't see them under the > "BIOS bootloader" section: > https://libvirt.org/formatdomain.html#bios-bootloader Under the 'firmware' element there is a description of 'feature' element that lists mandatory attributes and for attribute 'name' there is a list of possible features which includes 'enrolled-keys' and 'secure-boot'. This is the part from formatdomain.rst file: ``feature`` The list of mandatory attributes: - ``enabled`` (accepted values are ``yes`` and ``no``) is used to tell libvirt if the feature must be enabled or not in the automatically selected firmware - ``name`` the name of the feature, the list of the features: - ``enrolled-keys`` whether the selected nvram template has default certificate enrolled. Firmware with Secure Boot feature but without enrolled keys will successfully boot non-signed binaries as well. Valid only for firmwares with Secure Boot feature. - ``secure-boot`` whether the firmware implements UEFI Secure boot feature. Pavel
Attachment:
signature.asc
Description: PGP signature
