On Wed, Apr 18, 2018 at 12:40:54AM +0200, Laszlo Ersek wrote:
Add a schema that describes the different uses and properties of virtual machine firmware.
Looks good to me overall.
+{ 'enum' : 'FirmwareType', + 'data' : [ 'bios', 'slof', 'uboot', 'uefi' ] }
openbios missing.
+{ 'enum' : 'FirmwareArchitecture', + 'data' : [ 'aarch64', 'arm', 'i386', 'x86_64' ] }
ppc(64) missing (but you have slof above ;) ... s390 too.
+# @machines: Lists the machine types (known by the emulator that is specified +# through @architecture) that can execute the firmware. Elements of +# @machines are not supposed to be versioned; if a machine type is +# versioned in QEMU (e.g. "pc-i440fx-2.12"), then its unversioned +# variant, which typically refers to the latest version (e.g. "pc"), +# should be listed in @machines. On the QEMU command line, "-machine +# type=..." specifies the requested machine type.
Hmm, I'd tend to ignore the aliases here (pc, q35, virt) and use wildcards instead (pc-i440fx-*, pc-q35-*, virt-*). I think that will be easier for libvirt to work with because it always resolves aliases to actual machine types when storing them in the domain xml.
+# @secure-boot: The firmware implements the software interfaces for UEFI Secure +# Boot, as defined in the UEFI specification. Note that without +# @requires-smm, guest code running with kernel privileges can +# undermine the security of Secure Boot. +# +# @secure-boot-enrolled-keys: The variable store (NVRAM) template associated
I think "enrolled-keys" should better be a separate feature. cheers, Gerd