On Wed, Feb 27, 2019 at 11:04:32AM +0100, Michal Privoznik wrote:
Libvirt allows specifying firmware for domains for quite some time now. However, problem for mgmt applications is that they do not know which firmware to chose as all they see are their paths and from that it's impossible to tell whether one of them supports say secure boot.
This problem was addressed by qemu where Lazslo and Daniel created a document, specification which describes metadata for each individual firmware image. In the description (which itself is a JSON file for easy machine parsing) then it's specified whether the firmware it's describing supports secureboot, s3/s4 states, it it's bios or efi, and so on.
These patches take advantage of that, and even though the description files are not picked up by that many distributions yet, it allows users to not care about putting specific firmware path into their domain XML. It's as easy as:
<os firmware='efi'> <loader secure='yes'/> </os>
Nice, _much_ better than how certain management tools hard-code the path to firmware binaries :-) Thanks for working on this patch series. I'll give them a spin sometime this or early next week.
to have libvirt pick up OVMF image with secure enabled boot (and enabled System Management Mode at the same time).
The metadata specification lives under qemu.git/docs/interop/firmware.json and I highly recommend you go and read it before reviewing (unless you're Laszlo or Daniel in which case you already know what the document says).
As usual, you can find my patches at my github:
[...] -- /kashyap