On 6/23/22 18:14, Andrea Bolognani wrote:
> The main motivation behind this series was making it as simple as
> possible ("one click") to enable Secure Boot for a VM.
>
> In the process I ended up fixing, improving and cleaning up various
> parts of the firmware selection interface.
>
> GitLab branch: https://gitlab.com/abologna/libvirt/-/commits/firmware
> Test pipeline: https://gitlab.com/abologna/libvirt/-/pipelines/571485540
>
> Andrea Bolognani (28):
> tests: Remove firmware bits from unrelated tests
> tests: Use firmware autoselection on aarch64
> tests: Drop bios-nvram-os-interleave test
> tests: Rename and reorganize firmware tests
> tests: Use minimal hardware for firmware tests
> tests: Don't set NVRAM path manually
> tests: Don't use loader.secure=no with firmware autoselection
> tests: Add more firmware tests
> conf: Move virDomainLoaderDefParseXML()
> conf: Rename virDomainLoaderDefParseXMLNvram()
> conf: Move setting type for NVRAM source
> conf: Move nvramTemplate parsing
> conf: Handle NVRAM in virDomainLoaderDefParseXML()
> conf: Rename virDomainLoaderDefParseXML() argument
> conf: Use nodes in virDomainLoaderDefParseXMLNvram()
> conf: Always parse NVRAM path if present
> conf: Enable secure-boot when enrolled-keys is enabled
> conf: Add return value to virDomainDefPostParseOs()
> conf: Reject enrolled-keys=yes with secure-boot=no
> conf: Always parse all firmware information
> conf: Refactor virDomainDefOSValidate()
> conf: Validate firmware configuration more thoroughly
> conf: Always parse firmware features
> conf: Reject features when using manual firmware selection
> qemu_firmware: Enable loader.secure when requires-smm
> qemu_firmware: enrolled-keys requires secure-boot
> docs: Add kbase page for Secure Boot
> NEWS: Document improvements to firmware autoselection
>
> 109 files changed, 708 insertions(+), 1282 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
