If the '<loader>' type attribute is set, then use this to filter
the available firmware files. This allows forcing use of a firmware
with or without NVRAM, where both options are available. This will
be used for AMD SEV when doing a measured boot, where NVRAM must
be forbidden.
Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
src/qemu/qemu_firmware.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index 84c80eaacb..2c3b28ae13 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1070,6 +1070,31 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
return false;
}
+ if (def->os.loader) {
+ VIR_DEBUG("Check loader type '%s' match for device '%s'",
+ virDomainLoaderTypeToString(def->os.loader->type),
+ qemuFirmwareDeviceTypeToString(fw->mapping.device));
+ switch (def->os.loader->type) {
+ case VIR_DOMAIN_LOADER_TYPE_NONE:
+ break;
+
+ case VIR_DOMAIN_LOADER_TYPE_ROM:
+ if (fw->mapping.device != QEMU_FIRMWARE_DEVICE_MEMORY)
+ return false;
+ break;
+
+ case VIR_DOMAIN_LOADER_TYPE_PFLASH:
+ if (fw->mapping.device != QEMU_FIRMWARE_DEVICE_FLASH)
+ return false;
+ break;
+
+ case VIR_DOMAIN_LOADER_TYPE_LAST:
+ break;
+ }
+ } else {
+ VIR_DEBUG("Skip loader type match");
+ }
+
if (def->sec) {
switch ((virDomainLaunchSecurity) def->sec->sectype) {
case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
--
2.33.1
