[PATCH 2/3] libxl: Forbid domain definition with secure boot enabled
Xen+ovmf does not support secure boot. Fail domain def validation
if secure boot is enabled.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
src/libxl/libxl_domain.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index 9630f12568..14d000511a 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -446,6 +446,16 @@ libxlDomainDefValidate(const virDomainDef *def,
def->virtType))
return -1;
+ /* Xen+ovmf does not support secure boot */
+ if (virDomainDefHasOldStyleUEFI(def)) {
+ if (def->os.loader &&
+ def->os.loader->secure == VIR_TRISTATE_BOOL_YES) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Secure boot is not supported on Xen"));
+ return -1;
+ }
+ }
+
return 0;
}
--
2.31.1