This element will control secure boot implemented by some
firmwares. If the firmware used in <loader/> does support the
feature we must tell it to the underlying hypervisor. However, we
can't know whether loader does support it or not just by looking
at the file. Therefore we have to have an attribute to the
element where users can tell us whether the firmware is secure
boot enabled or not.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
docs/formatdomain.html.in | 7 ++--
docs/schemas/domaincommon.rng | 8 +++++
src/conf/domain_conf.c | 14 ++++++++
src/conf/domain_conf.h | 1 +
.../qemuxml2argv-bios-nvram-secure.xml | 41 ++++++++++++++++++++++
5 files changed, 69 insertions(+), 2 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 3f67182..102ae55 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -102,7 +102,7 @@
...
<os>
<type>hvm</type>
- <loader readonly='yes'
type='rom'>/usr/lib/xen/boot/hvmloader</loader>
+ <loader readonly='yes' secure='no'
type='rom'>/usr/lib/xen/boot/hvmloader</loader>
<nvram
template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/nvram/guest_VARS.fd</nvram>
<boot dev='hd'/>
<boot dev='cdrom'/>
@@ -140,7 +140,10 @@
<code>pflash</code>. It tells the hypervisor where in the guest
memory the file should be mapped. For instance, if the loader
path points to an UEFI image, <code>type</code> should be
- <code>pflash</code>.</dd>
+ <code>pflash</code>. Moreover, some firmwares may
+ implement the Secure boot feature. Attribute
+ <code>secure</code> can be used then to control it.
+ <span class="since">Since 2.1.0</span></dd>
<dt><code>nvram</code></dt>
<dd>Some UEFI firmwares may want to use a non-volatile memory to store
some variables. In the host, this is represented as a file and the
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 39fcb7e..c5a263b 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -260,6 +260,14 @@
</attribute>
</optional>
<optional>
+ <attribute name="secure">
+ <choice>
+ <value>yes</value>
+ <value>no</value>
+ </choice>
+ </attribute>
+ </optional>
+ <optional>
<attribute name="type">
<choice>
<value>rom</value>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 3b6493e..e0ecca3 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -15327,9 +15327,11 @@ virDomainLoaderDefParseXML(xmlNodePtr node,
{
int ret = -1;
char *readonly_str = NULL;
+ char *secure_str = NULL;
char *type_str = NULL;
readonly_str = virXMLPropString(node, "readonly");
+ secure_str = virXMLPropString(node, "secure");
type_str = virXMLPropString(node, "type");
loader->path = (char *) xmlNodeGetContent(node);
@@ -15340,6 +15342,13 @@ virDomainLoaderDefParseXML(xmlNodePtr node,
goto cleanup;
}
+ if (secure_str &&
+ (loader->secure = virTristateBoolTypeFromString(secure_str)) <= 0) {
+ virReportError(VIR_ERR_XML_DETAIL,
+ _("unknown secure value: %s"), secure_str);
+ goto cleanup;
+ }
+
if (type_str) {
int type;
if ((type = virDomainLoaderTypeFromString(type_str)) < 0) {
@@ -15353,6 +15362,7 @@ virDomainLoaderDefParseXML(xmlNodePtr node,
ret = 0;
cleanup:
VIR_FREE(readonly_str);
+ VIR_FREE(secure_str);
VIR_FREE(type_str);
return ret;
}
@@ -22521,6 +22531,7 @@ virDomainLoaderDefFormat(virBufferPtr buf,
virDomainLoaderDefPtr loader)
{
const char *readonly = virTristateBoolTypeToString(loader->readonly);
+ const char *secure = virTristateBoolTypeToString(loader->secure);
const char *type = virDomainLoaderTypeToString(loader->type);
virBufferAddLit(buf, "<loader");
@@ -22528,6 +22539,9 @@ virDomainLoaderDefFormat(virBufferPtr buf,
if (loader->readonly)
virBufferAsprintf(buf, " readonly='%s'", readonly);
+ if (loader->secure)
+ virBufferAsprintf(buf, " secure='%s'", secure);
+
virBufferAsprintf(buf, " type='%s'>", type);
virBufferEscapeString(buf, "%s</loader>\n", loader->path);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 60b4be5..9c63257 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1733,6 +1733,7 @@ struct _virDomainLoaderDef {
char *path;
int readonly; /* enum virTristateBool */
virDomainLoader type;
+ int secure; /* enum virTristateBool */
char *nvram; /* path to non-volatile RAM */
char *templt; /* user override of path to master nvram */
};
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml
b/tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml
new file mode 100644
index 0000000..0ddddfe3
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-bios-nvram-secure.xml
@@ -0,0 +1,41 @@
+<domain type='qemu'>
+ <name>test-bios</name>
+ <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <currentMemory unit='KiB'>1048576</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc-q35-2.5'>hvm</type>
+ <loader readonly='yes' secure='yes'
type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
+ <nvram>/usr/share/OVMF/OVMF_VARS.fd</nvram>
+ <boot dev='hd'/>
+ <bootmenu enable='yes'/>
+ </os>
+ <features>
+ <acpi/>
+ <smm state='on'/>
+ </features>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>restart</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='sda' bus='scsi'/>
+ <address type='drive' controller='0' bus='0'
target='0' unit='0'/>
+ </disk>
+ <controller type='scsi' index='0'/>
+ <controller type='pci' index='0' model='pcie-root'/>
+ <serial type='pty'>
+ <target port='0'/>
+ </serial>
+ <console type='pty'>
+ <target type='serial' port='0'/>
+ </console>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
--
2.8.4