On 03/07/19 10:29, Michal Privoznik wrote:
The firmware selection code will enable the feature if needed. There's no need to require SMM to be enabled in that case.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_domain.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index e9b2b8453b..32025ea010 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -4155,7 +4155,9 @@ qemuDomainDefValidate(const virDomainDef *def, goto cleanup; }
- if (def->features[VIR_DOMAIN_FEATURE_SMM] != VIR_TRISTATE_SWITCH_ON) { + /* SMM will be enabled by qemuFirmwareFillDomain() if needed. */ + if (def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_NONE && + def->features[VIR_DOMAIN_FEATURE_SMM] != VIR_TRISTATE_SWITCH_ON) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Secure boot requires SMM feature enabled")); goto cleanup;
OK. This makes sense. It restricts the check to the case when the new feature is not active. And the new feature does take care of it, in qemuFirmwareFillDomain() -> qemuFirmwareEnableFeatures(). Reviewed-by: Laszlo Ersek <lersek@redhat.com> Thanks Laszlo