Signed-off-by: Pavel Hrdina <phrdina@xxxxxxxxxx>
---
man/virt-install.pod | 5 ++--
.../compare/virt-install-boot-loader-secure.xml | 29 ++++++++++++++++++++++
tests/clitest.py | 8 ++++++
virtinst/cli.py | 9 +++++++
virtinst/osxml.py | 1 +
virtinst/support.py | 1 +
6 files changed, 51 insertions(+), 2 deletions(-)
create mode 100644 tests/cli-test-xml/compare/virt-install-boot-loader-secure.xml
diff --git a/man/virt-install.pod b/man/virt-install.pod
index fa88fbda..73990f2b 100644
--- a/man/virt-install.pod
+++ b/man/virt-install.pod
@@ -519,13 +519,14 @@ correct UEFI parameters, libvirt needs to be advertising known UEFI binaries
via domcapabilities XML, so this will likely only work if using properly
configured distro packages.
-=item B<--boot loader=/.../OVMF_CODE.fd,loader_ro=yes,loader_type=pflash,nvram_template=/.../OVMF_VARS.fd>
+=item B<--boot loader=/.../OVMF_CODE.fd,loader_ro=yes,loader_type=pflash,nvram_template=/.../OVMF_VARS.fd,loader_secure=no>
Specify that the virtual machine use the custom OVMF binary as boot firmware,
mapped as a virtual flash chip. In addition, request that libvirt instantiate
the VM-specific UEFI varstore from the custom "/.../OVMF_VARS.fd" varstore
template. This is the recommended UEFI setup, and should be used if
---boot uefi doesn't know about your UEFI binaries.
+--boot uefi doesn't know about your UEFI binaries. If your UEFI firmware
+supports Secure boot feature you can enable it via loader_secure.
=back
diff --git a/tests/cli-test-xml/compare/virt-install-boot-loader-secure.xml b/tests/cli-test-xml/compare/virt-install-boot-loader-secure.xml
new file mode 100644
index 00000000..67053c19
--- /dev/null
+++ b/tests/cli-test-xml/compare/virt-install-boot-loader-secure.xml
@@ -0,0 +1,29 @@
+<domain type="test">
+ <name>foobar</name>
+ <uuid>00000000-1111-2222-3333-444444444444</uuid>
+ <memory>65536</memory>
+ <currentMemory>65536</currentMemory>
+ <vcpu>1</vcpu>
+ <os>
+ <type arch="i686">hvm</type>
+ <loader secure="yes">/path/to/loader</loader>
+ <boot dev="hd"/>
+ </os>
+ <features>
+ <pae/>
+ </features>
+ <clock offset="utc"/>
+ <pm>
+ <suspend-to-mem enabled="no"/>
+ <suspend-to-disk enabled="no"/>
+ </pm>
+ <devices>
+ <emulator>/usr/bin/test-hv</emulator>
+ <controller type="usb" index="0" model="none"/>
+ <interface type="user">
+ <mac address="00:11:22:33:44:55"/>
+ </interface>
+ <input type="mouse" bus="ps2"/>
+ <console type="pty"/>
+ </devices>
+</domain>
diff --git a/tests/clitest.py b/tests/clitest.py
index 04438ea3..ae330538 100644
--- a/tests/clitest.py
+++ b/tests/clitest.py
@@ -561,6 +561,14 @@ c.add_compare("--features smm=on", "features-smm")
c.add_invalid("--features smm=on --machine pc")
+########################
+# Boot install options #
+########################
+
+c = vinst.add_category("boot", "--nographics --noautoconsole --import --disk none --controller usb,model=none")
+c.add_compare("--boot loader=/path/to/loader,loader_secure=yes", "boot-loader-secure")
+
+
######################################
# Memory hot(un)plug install options #
######################################
diff --git a/virtinst/cli.py b/virtinst/cli.py
index 57e6404d..6faef2b0 100644
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -1587,6 +1587,13 @@ class ParserBoot(VirtCLIParser):
inst.os.smbios_mode = val
self.optdict["smbios_mode"] = val
+ def set_loader_secure_cb(self, inst, val, virtarg):
+ if not inst.conn.check_support(inst.conn.SUPPORT_DOMAIN_LOADER_SECURE):
+ raise RuntimeError("secure attribute for loader is not supported "
+ "by libvirt.")
+ inst.os.loader_secure = val
+ return val
+
def noset_cb(self, inst, val, virtarg):
pass
@@ -1623,6 +1630,8 @@ ParserBoot.add_arg("os.dtb", "dtb")
ParserBoot.add_arg("os.loader", "loader")
ParserBoot.add_arg("os.loader_ro", "loader_ro", is_onoff=True)
ParserBoot.add_arg("os.loader_type", "loader_type")
+ParserBoot.add_arg("os.loader_secure", "loader_secure", is_onoff=True,
+ cb=ParserBoot.set_loader_secure_cb)
ParserBoot.add_arg("os.nvram", "nvram")
ParserBoot.add_arg("os.nvram_template", "nvram_template")
ParserBoot.add_arg("os.kernel_args", "kernel_args",
diff --git a/virtinst/osxml.py b/virtinst/osxml.py
index 54e118b4..368ef57a 100644
--- a/virtinst/osxml.py
+++ b/virtinst/osxml.py
@@ -116,6 +116,7 @@ class OSXML(XMLBuilder):
loader = XMLProperty("./loader")
loader_ro = XMLProperty("./loader/@readonly", is_yesno=True)
loader_type = XMLProperty("./loader/@type")
+ loader_secure = XMLProperty("./loader/@secure", is_yesno=True)
smbios_mode = XMLProperty("./smbios/@mode")
nvram = XMLProperty("./nvram")
nvram_template = XMLProperty("./nvram/@template")
diff --git a/virtinst/support.py b/virtinst/support.py
index 9d81a03f..958080be 100644
--- a/virtinst/support.py
+++ b/virtinst/support.py
@@ -362,6 +362,7 @@ SUPPORT_DOMAIN_STATE = _make(function="virDomain.state", run_args=())
SUPPORT_DOMAIN_OPEN_GRAPHICS = _make(function="virDomain.openGraphicsFD",
version="1.2.8", hv_version={"qemu": 0})
SUPPORT_DOMAIN_FEATURE_SMM = _make(version="2.1.0")
+SUPPORT_DOMAIN_LOADER_SECURE = _make(version="2.1.0")
###############
--
2.13.0
_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list
