Now that we're adding information obtained from the firmware descriptor to the domain XML, this will happen automatically whenever a firmware that has the enrolled-keys feature ends up being selected. Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx> --- src/conf/domain_postparse.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/conf/domain_postparse.c b/src/conf/domain_postparse.c index 22eb603b3b..79862a72cd 100644 --- a/src/conf/domain_postparse.c +++ b/src/conf/domain_postparse.c @@ -101,12 +101,6 @@ virDomainDefPostParseOs(virDomainDef *def) _("firmware feature 'enrolled-keys' cannot be enabled when firmware feature 'secure-boot' is disabled")); return -1; } - - /* For all non-broken firmware builds, enrolled-keys implies - * secure-boot, and having the Secure Boot keys in the NVRAM file - * when the firmware doesn't support the Secure Boot feature doesn't - * make sense anyway. Reflect this fact explicitly in the XML */ - def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] = VIR_TRISTATE_BOOL_YES; } if (!def->os.loader) -- 2.39.2