On 6/23/22 18:14, Andrea Bolognani wrote:
The main motivation behind this series was making it as simple as possible ("one click") to enable Secure Boot for a VM.
In the process I ended up fixing, improving and cleaning up various parts of the firmware selection interface.
GitLab branch: https://gitlab.com/abologna/libvirt/-/commits/firmware Test pipeline: https://gitlab.com/abologna/libvirt/-/pipelines/571485540
Andrea Bolognani (28): tests: Remove firmware bits from unrelated tests tests: Use firmware autoselection on aarch64 tests: Drop bios-nvram-os-interleave test tests: Rename and reorganize firmware tests tests: Use minimal hardware for firmware tests tests: Don't set NVRAM path manually tests: Don't use loader.secure=no with firmware autoselection tests: Add more firmware tests conf: Move virDomainLoaderDefParseXML() conf: Rename virDomainLoaderDefParseXMLNvram() conf: Move setting type for NVRAM source conf: Move nvramTemplate parsing conf: Handle NVRAM in virDomainLoaderDefParseXML() conf: Rename virDomainLoaderDefParseXML() argument conf: Use nodes in virDomainLoaderDefParseXMLNvram() conf: Always parse NVRAM path if present conf: Enable secure-boot when enrolled-keys is enabled conf: Add return value to virDomainDefPostParseOs() conf: Reject enrolled-keys=yes with secure-boot=no conf: Always parse all firmware information conf: Refactor virDomainDefOSValidate() conf: Validate firmware configuration more thoroughly conf: Always parse firmware features conf: Reject features when using manual firmware selection qemu_firmware: Enable loader.secure when requires-smm qemu_firmware: enrolled-keys requires secure-boot docs: Add kbase page for Secure Boot NEWS: Document improvements to firmware autoselection
109 files changed, 708 insertions(+), 1282 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>