[libvirt PATCH 07/15] qemu: Discard requires-smm firmware when loader.secure=no
The requires-smm feature being present in a firmware descriptor
causes loader.secure=yes to be automatically chosen for the
domain, so we have to avoid this situation or the user's choice
will be silently subverted.
Note that we can't actually encounter loader.secure=no in this
function at the moment because of earlier checks, but that's
going to change soon.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/qemu/qemu_firmware.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index 172be05d06..f7d7f78578 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1196,6 +1196,11 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
"but firmware '%s' requires it to be enabled",
path);
return false;
}
+ if (loader && loader->secure == VIR_TRISTATE_BOOL_NO) {
+ VIR_DEBUG("Domain doesn't restrict pflash programming to SMM,
"
+ "but firmware '%s' requires use of SMM", path);
+ return false;
+ }
} else {
if (loader && loader->secure == VIR_TRISTATE_BOOL_YES) {
VIR_DEBUG("Domain restricts pflash programming to SMM, "
--
2.39.2