[PATCH 0/5] conf: Add firmwareFeatures element for domaincaps
This is primarily intended to as a companion to my series that makes it possible to use Secure Boot on aarch64[1], but I'm posting it separately because it's independently useful and could be pushed before it. Depending on which one of the two series is merged first, some minor conflict resolution will need to be applied to the other. [1] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/WVWT3... Andrea Bolognani (5): schema: Add firmwareFeatures element for domaincaps conf: Add firmwareFeatures element for domaincaps qemu: Fill in firmwareFeature element for domaincaps docs: Document firmwareFeature element for domaincaps news: Mention firmwareFeatures element for domaincaps NEWS.rst | 7 +++ docs/formatdomaincaps.rst | 51 +++++++++++++++++++ src/conf/domain_capabilities.c | 15 ++++++ src/conf/domain_capabilities.h | 8 +++ src/conf/schemas/domaincaps.rng | 12 +++++ src/qemu/qemu_capabilities.c | 21 +++++++- src/qemu/qemu_firmware.c | 28 +++++++++- src/qemu/qemu_firmware.h | 2 + .../qemu_10.0.0-q35.x86_64+amdsev.xml | 10 ++++ .../domaincapsdata/qemu_10.0.0-q35.x86_64.xml | 10 ++++ .../qemu_10.0.0-tcg.x86_64+amdsev.xml | 8 +++ .../domaincapsdata/qemu_10.0.0-tcg.x86_64.xml | 8 +++ .../qemu_10.0.0-virt.aarch64.xml | 8 +++ tests/domaincapsdata/qemu_10.0.0.aarch64.xml | 8 +++ tests/domaincapsdata/qemu_10.0.0.ppc64.xml | 4 ++ tests/domaincapsdata/qemu_10.0.0.s390x.xml | 4 ++ .../qemu_10.0.0.x86_64+amdsev.xml | 8 +++ tests/domaincapsdata/qemu_10.0.0.x86_64.xml | 8 +++ .../qemu_10.1.0-q35.x86_64+inteltdx.xml | 10 ++++ .../domaincapsdata/qemu_10.1.0-q35.x86_64.xml | 10 ++++ .../qemu_10.1.0-tcg.x86_64+inteltdx.xml | 8 +++ .../domaincapsdata/qemu_10.1.0-tcg.x86_64.xml | 8 +++ tests/domaincapsdata/qemu_10.1.0.s390x.xml | 4 ++ .../qemu_10.1.0.x86_64+inteltdx.xml | 8 +++ tests/domaincapsdata/qemu_10.1.0.x86_64.xml | 8 +++ .../qemu_10.2.0-q35.x86_64+mshv.xml | 10 ++++ .../domaincapsdata/qemu_10.2.0-q35.x86_64.xml | 10 ++++ .../qemu_10.2.0-tcg.x86_64+mshv.xml | 8 +++ .../domaincapsdata/qemu_10.2.0-tcg.x86_64.xml | 8 +++ .../qemu_10.2.0-virt.aarch64.xml | 8 +++ tests/domaincapsdata/qemu_10.2.0.aarch64.xml | 8 +++ .../qemu_10.2.0.x86_64+mshv.xml | 8 +++ tests/domaincapsdata/qemu_10.2.0.x86_64.xml | 8 +++ .../domaincapsdata/qemu_11.0.0-q35.x86_64.xml | 10 ++++ .../domaincapsdata/qemu_11.0.0-tcg.x86_64.xml | 8 +++ .../qemu_11.0.0-virt.aarch64.xml | 8 +++ tests/domaincapsdata/qemu_11.0.0.aarch64.xml | 8 +++ tests/domaincapsdata/qemu_11.0.0.x86_64.xml | 8 +++ .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 10 ++++ .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 8 +++ tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 4 ++ tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 8 +++ .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 10 ++++ .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 8 +++ tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 4 ++ tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 8 +++ .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 10 ++++ .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 8 +++ tests/domaincapsdata/qemu_7.1.0.ppc64.xml | 4 ++ tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 8 +++ .../qemu_7.2.0-hvf.x86_64+hvf.xml | 8 +++ .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 10 ++++ .../qemu_7.2.0-tcg.x86_64+hvf.xml | 8 +++ .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 8 +++ tests/domaincapsdata/qemu_7.2.0.ppc.xml | 4 ++ tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 8 +++ .../domaincapsdata/qemu_8.0.0-q35.x86_64.xml | 10 ++++ .../domaincapsdata/qemu_8.0.0-tcg.x86_64.xml | 8 +++ tests/domaincapsdata/qemu_8.0.0.x86_64.xml | 8 +++ .../domaincapsdata/qemu_8.1.0-q35.x86_64.xml | 10 ++++ .../domaincapsdata/qemu_8.1.0-tcg.x86_64.xml | 8 +++ tests/domaincapsdata/qemu_8.1.0.s390x.xml | 4 ++ tests/domaincapsdata/qemu_8.1.0.x86_64.xml | 8 +++ .../domaincapsdata/qemu_8.2.0-q35.x86_64.xml | 10 ++++ .../qemu_8.2.0-tcg-virt.loongarch64.xml | 8 +++ .../domaincapsdata/qemu_8.2.0-tcg.x86_64.xml | 8 +++ .../qemu_8.2.0-virt.aarch64.xml | 8 +++ .../qemu_8.2.0-virt.loongarch64.xml | 8 +++ tests/domaincapsdata/qemu_8.2.0.aarch64.xml | 8 +++ tests/domaincapsdata/qemu_8.2.0.armv7l.xml | 4 ++ tests/domaincapsdata/qemu_8.2.0.s390x.xml | 4 ++ tests/domaincapsdata/qemu_8.2.0.x86_64.xml | 8 +++ .../domaincapsdata/qemu_9.0.0-q35.x86_64.xml | 10 ++++ .../domaincapsdata/qemu_9.0.0-tcg.x86_64.xml | 8 +++ tests/domaincapsdata/qemu_9.0.0.sparc.xml | 4 ++ tests/domaincapsdata/qemu_9.0.0.x86_64.xml | 8 +++ .../domaincapsdata/qemu_9.1.0-q35.x86_64.xml | 10 ++++ .../qemu_9.1.0-tcg-virt.riscv64.xml | 8 +++ .../domaincapsdata/qemu_9.1.0-tcg.x86_64.xml | 8 +++ .../qemu_9.1.0-virt.riscv64.xml | 8 +++ tests/domaincapsdata/qemu_9.1.0.s390x.xml | 4 ++ tests/domaincapsdata/qemu_9.1.0.x86_64.xml | 8 +++ .../qemu_9.2.0-hvf.aarch64+hvf.xml | 8 +++ .../qemu_9.2.0-q35.x86_64+amdsev.xml | 10 ++++ .../domaincapsdata/qemu_9.2.0-q35.x86_64.xml | 10 ++++ .../qemu_9.2.0-tcg.x86_64+amdsev.xml | 8 +++ .../domaincapsdata/qemu_9.2.0-tcg.x86_64.xml | 8 +++ tests/domaincapsdata/qemu_9.2.0.s390x.xml | 4 ++ .../qemu_9.2.0.x86_64+amdsev.xml | 8 +++ tests/domaincapsdata/qemu_9.2.0.x86_64.xml | 8 +++ tests/qemufirmwaretest.c | 7 ++- 91 files changed, 786 insertions(+), 5 deletions(-) -- 2.53.0
Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- NEWS.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 54f541cdbc..7a80116de3 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -17,6 +17,13 @@ v12.1.0 (unreleased) * **New features** + * qemu: Advertise firmware features in domain capabilities XML + + The contents of the ``<firmwareFeatures/>`` element can be used to determine + ahead of time whether a firmware matching certain characteristics, for + example Secure Boot support, is available for the selected architecture and + machine type. + * **Improvements** * **Bug fixes** -- 2.53.0
Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- docs/formatdomaincaps.rst | 51 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst index 8b4f0ecff3..618fcb642d 100644 --- a/docs/formatdomaincaps.rst +++ b/docs/formatdomaincaps.rst @@ -111,6 +111,16 @@ be passed to its children. <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/usr/share/OVMF/OVMF_CODE.fd</value> <enum name='type'> @@ -140,6 +150,47 @@ about a given BIOS or UEFI binary on the host, e.g. the firmware binary path, its architecture, supported machine types, NVRAM template, etc. This ensures that the reported values won't cause a failure on guest boot. +The ``<firmwareFeatures/>`` element :since:`(since 12.1.0)` contains one +enum for each of the features that can be used to fine-tune the firmware +autoselection process. For example: + +:: + + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> + +indicates that a domain XML such as: + +:: + + <os firmware='efi'> + <firmware> + <feature name='secure-boot' enabled='yes'/> + <feature name='enrolled-keys' enabled='no'/> + </firmware> + </os> + +can be used to allow unsigned operating system to run, whereas a domain XML +such as: + +:: + + <os firmware='efi'> + <firmware> + <feature name='secure-boot' enabled='no'/> + </firmware> + </os> + +would not work, since ``no`` is not one of the valid values advertised by +the ``secureBoot`` enum. + For the ``loader`` element, the following can occur: ``value`` -- 2.53.0
On architectures that support neither UEFI nor BIOS as firmware, such as ppc64 and s390x, the enums end up empty. This correctly indicates that filtering by firmware feature is not possible, and is consistent with the fact that the existing "firmware" enum is also empty in those cases, meaning that firmware autoselection itself is just not applicable. Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- src/qemu/qemu_capabilities.c | 21 ++++++++++++-- src/qemu/qemu_firmware.c | 28 +++++++++++++++++-- src/qemu/qemu_firmware.h | 2 ++ .../qemu_10.0.0-q35.x86_64+amdsev.xml | 10 +++++++ .../domaincapsdata/qemu_10.0.0-q35.x86_64.xml | 10 +++++++ .../qemu_10.0.0-tcg.x86_64+amdsev.xml | 8 ++++++ .../domaincapsdata/qemu_10.0.0-tcg.x86_64.xml | 8 ++++++ .../qemu_10.0.0-virt.aarch64.xml | 8 ++++++ tests/domaincapsdata/qemu_10.0.0.aarch64.xml | 8 ++++++ tests/domaincapsdata/qemu_10.0.0.ppc64.xml | 4 +++ tests/domaincapsdata/qemu_10.0.0.s390x.xml | 4 +++ .../qemu_10.0.0.x86_64+amdsev.xml | 8 ++++++ tests/domaincapsdata/qemu_10.0.0.x86_64.xml | 8 ++++++ .../qemu_10.1.0-q35.x86_64+inteltdx.xml | 10 +++++++ .../domaincapsdata/qemu_10.1.0-q35.x86_64.xml | 10 +++++++ .../qemu_10.1.0-tcg.x86_64+inteltdx.xml | 8 ++++++ .../domaincapsdata/qemu_10.1.0-tcg.x86_64.xml | 8 ++++++ tests/domaincapsdata/qemu_10.1.0.s390x.xml | 4 +++ .../qemu_10.1.0.x86_64+inteltdx.xml | 8 ++++++ tests/domaincapsdata/qemu_10.1.0.x86_64.xml | 8 ++++++ .../qemu_10.2.0-q35.x86_64+mshv.xml | 10 +++++++ .../domaincapsdata/qemu_10.2.0-q35.x86_64.xml | 10 +++++++ .../qemu_10.2.0-tcg.x86_64+mshv.xml | 8 ++++++ .../domaincapsdata/qemu_10.2.0-tcg.x86_64.xml | 8 ++++++ .../qemu_10.2.0-virt.aarch64.xml | 8 ++++++ tests/domaincapsdata/qemu_10.2.0.aarch64.xml | 8 ++++++ .../qemu_10.2.0.x86_64+mshv.xml | 8 ++++++ tests/domaincapsdata/qemu_10.2.0.x86_64.xml | 8 ++++++ .../domaincapsdata/qemu_11.0.0-q35.x86_64.xml | 10 +++++++ .../domaincapsdata/qemu_11.0.0-tcg.x86_64.xml | 8 ++++++ .../qemu_11.0.0-virt.aarch64.xml | 8 ++++++ tests/domaincapsdata/qemu_11.0.0.aarch64.xml | 8 ++++++ tests/domaincapsdata/qemu_11.0.0.x86_64.xml | 8 ++++++ .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 10 +++++++ .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 8 ++++++ tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 4 +++ tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 8 ++++++ .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 10 +++++++ .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 8 ++++++ tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 4 +++ tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 8 ++++++ .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 10 +++++++ .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 8 ++++++ tests/domaincapsdata/qemu_7.1.0.ppc64.xml | 4 +++ tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 8 ++++++ .../qemu_7.2.0-hvf.x86_64+hvf.xml | 8 ++++++ .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 10 +++++++ .../qemu_7.2.0-tcg.x86_64+hvf.xml | 8 ++++++ .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 8 ++++++ tests/domaincapsdata/qemu_7.2.0.ppc.xml | 4 +++ tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 8 ++++++ .../domaincapsdata/qemu_8.0.0-q35.x86_64.xml | 10 +++++++ .../domaincapsdata/qemu_8.0.0-tcg.x86_64.xml | 8 ++++++ tests/domaincapsdata/qemu_8.0.0.x86_64.xml | 8 ++++++ .../domaincapsdata/qemu_8.1.0-q35.x86_64.xml | 10 +++++++ .../domaincapsdata/qemu_8.1.0-tcg.x86_64.xml | 8 ++++++ tests/domaincapsdata/qemu_8.1.0.s390x.xml | 4 +++ tests/domaincapsdata/qemu_8.1.0.x86_64.xml | 8 ++++++ .../domaincapsdata/qemu_8.2.0-q35.x86_64.xml | 10 +++++++ .../qemu_8.2.0-tcg-virt.loongarch64.xml | 8 ++++++ .../domaincapsdata/qemu_8.2.0-tcg.x86_64.xml | 8 ++++++ .../qemu_8.2.0-virt.aarch64.xml | 8 ++++++ .../qemu_8.2.0-virt.loongarch64.xml | 8 ++++++ tests/domaincapsdata/qemu_8.2.0.aarch64.xml | 8 ++++++ tests/domaincapsdata/qemu_8.2.0.armv7l.xml | 4 +++ tests/domaincapsdata/qemu_8.2.0.s390x.xml | 4 +++ tests/domaincapsdata/qemu_8.2.0.x86_64.xml | 8 ++++++ .../domaincapsdata/qemu_9.0.0-q35.x86_64.xml | 10 +++++++ .../domaincapsdata/qemu_9.0.0-tcg.x86_64.xml | 8 ++++++ tests/domaincapsdata/qemu_9.0.0.sparc.xml | 4 +++ tests/domaincapsdata/qemu_9.0.0.x86_64.xml | 8 ++++++ .../domaincapsdata/qemu_9.1.0-q35.x86_64.xml | 10 +++++++ .../qemu_9.1.0-tcg-virt.riscv64.xml | 8 ++++++ .../domaincapsdata/qemu_9.1.0-tcg.x86_64.xml | 8 ++++++ .../qemu_9.1.0-virt.riscv64.xml | 8 ++++++ tests/domaincapsdata/qemu_9.1.0.s390x.xml | 4 +++ tests/domaincapsdata/qemu_9.1.0.x86_64.xml | 8 ++++++ .../qemu_9.2.0-hvf.aarch64+hvf.xml | 8 ++++++ .../qemu_9.2.0-q35.x86_64+amdsev.xml | 10 +++++++ .../domaincapsdata/qemu_9.2.0-q35.x86_64.xml | 10 +++++++ .../qemu_9.2.0-tcg.x86_64+amdsev.xml | 8 ++++++ .../domaincapsdata/qemu_9.2.0-tcg.x86_64.xml | 8 ++++++ tests/domaincapsdata/qemu_9.2.0.s390x.xml | 4 +++ .../qemu_9.2.0.x86_64+amdsev.xml | 8 ++++++ tests/domaincapsdata/qemu_9.2.0.x86_64.xml | 8 ++++++ tests/qemufirmwaretest.c | 7 ++++- 86 files changed, 693 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 0f533ac609..21dc7742d0 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -6516,8 +6516,11 @@ virQEMUCapsFillDomainOSCaps(virDomainCapsOS *os, virFirmware **firmwares, size_t nfirmwares) { + virDomainCapsFirmwareFeatures *firmwareFeatures = &os->firmwareFeatures; virDomainCapsLoader *capsLoader = &os->loader; uint64_t autoFirmwares = 0; + uint64_t featureSecureBoot = 0; + uint64_t featureEnrolledKeys = 0; bool secure = false; virFirmware **firmwaresAlt = NULL; size_t nfirmwaresAlt = 0; @@ -6526,8 +6529,9 @@ virQEMUCapsFillDomainOSCaps(virDomainCapsOS *os, os->supported = VIR_TRISTATE_BOOL_YES; os->firmware.report = true; - if (qemuFirmwareGetSupported(machine, arch, privileged, - &autoFirmwares, &secure, + if (qemuFirmwareGetSupported(machine, arch, privileged, &autoFirmwares, + &featureSecureBoot, &featureEnrolledKeys, + &secure, &firmwaresAlt, &nfirmwaresAlt) < 0) return -1; @@ -6536,6 +6540,19 @@ virQEMUCapsFillDomainOSCaps(virDomainCapsOS *os, if (autoFirmwares & (1ULL << VIR_DOMAIN_OS_DEF_FIRMWARE_EFI)) VIR_DOMAIN_CAPS_ENUM_SET(os->firmware, VIR_DOMAIN_OS_DEF_FIRMWARE_EFI); + firmwareFeatures->supported = VIR_TRISTATE_BOOL_YES; + firmwareFeatures->secureBoot.report = true; + firmwareFeatures->enrolledKeys.report = true; + + if (featureSecureBoot & (1ULL << VIR_TRISTATE_BOOL_YES)) + VIR_DOMAIN_CAPS_ENUM_SET(firmwareFeatures->secureBoot, VIR_TRISTATE_BOOL_YES); + if (featureSecureBoot & (1ULL << VIR_TRISTATE_BOOL_NO)) + VIR_DOMAIN_CAPS_ENUM_SET(firmwareFeatures->secureBoot, VIR_TRISTATE_BOOL_NO); + if (featureEnrolledKeys & (1ULL << VIR_TRISTATE_BOOL_YES)) + VIR_DOMAIN_CAPS_ENUM_SET(firmwareFeatures->enrolledKeys, VIR_TRISTATE_BOOL_YES); + if (featureEnrolledKeys & (1ULL << VIR_TRISTATE_BOOL_NO)) + VIR_DOMAIN_CAPS_ENUM_SET(firmwareFeatures->enrolledKeys, VIR_TRISTATE_BOOL_NO); + if (virQEMUCapsFillDomainLoaderCaps(capsLoader, secure, firmwaresAlt ? firmwaresAlt : firmwares, firmwaresAlt ? nfirmwaresAlt : nfirmwares) < 0) diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c index 52205b72f8..436b06c388 100644 --- a/src/qemu/qemu_firmware.c +++ b/src/qemu/qemu_firmware.c @@ -1972,6 +1972,8 @@ qemuFirmwareFillDomain(virQEMUDriver *driver, * @arch: architecture * @privileged: whether running as privileged user * @supported: returned bitmap of supported interfaces + * @featureSecureBoot: bitmap of virTristateBool values for secure-boot feature + * @featureEnrolledKeys: bitmap of virTristateBool values for enrolled-keys feature * @secure: true if at least one secure boot enabled FW was found * @fws: (optional) list of found firmwares * @nfws: (optional) number of members in @fws @@ -2001,6 +2003,8 @@ qemuFirmwareGetSupported(const char *machine, virArch arch, bool privileged, uint64_t *supported, + uint64_t *featureSecureBoot, + uint64_t *featureEnrolledKeys, bool *secure, virFirmware ***fws, size_t *nfws) @@ -2010,6 +2014,8 @@ qemuFirmwareGetSupported(const char *machine, size_t i; *supported = VIR_DOMAIN_OS_DEF_FIRMWARE_NONE; + *featureSecureBoot = VIR_TRISTATE_BOOL_ABSENT; + *featureEnrolledKeys = VIR_TRISTATE_BOOL_ABSENT; *secure = false; if (fws) { @@ -2027,6 +2033,8 @@ qemuFirmwareGetSupported(const char *machine, const qemuFirmwareMappingMemory *memory = &fw->mapping.data.memory; const char *fwpath = NULL; const char *nvrampath = NULL; + bool secureBootFound = false; + bool enrolledKeysFound = false; size_t j; if (!qemuFirmwareMatchesMachineArch(fw, machine, arch)) @@ -2051,6 +2059,14 @@ qemuFirmwareGetSupported(const char *machine, for (j = 0; j < fw->nfeatures; j++) { switch (fw->features[j]) { + case QEMU_FIRMWARE_FEATURE_SECURE_BOOT: + *featureSecureBoot |= 1ULL << VIR_TRISTATE_BOOL_YES; + secureBootFound = true; + break; + case QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS: + *featureEnrolledKeys |= 1ULL << VIR_TRISTATE_BOOL_YES; + enrolledKeysFound = true; + break; case QEMU_FIRMWARE_FEATURE_REQUIRES_SMM: *secure = true; break; @@ -2061,8 +2077,6 @@ qemuFirmwareGetSupported(const char *machine, case QEMU_FIRMWARE_FEATURE_AMD_SEV_ES: case QEMU_FIRMWARE_FEATURE_AMD_SEV_SNP: case QEMU_FIRMWARE_FEATURE_INTEL_TDX: - case QEMU_FIRMWARE_FEATURE_ENROLLED_KEYS: - case QEMU_FIRMWARE_FEATURE_SECURE_BOOT: case QEMU_FIRMWARE_FEATURE_VERBOSE_DYNAMIC: case QEMU_FIRMWARE_FEATURE_VERBOSE_STATIC: case QEMU_FIRMWARE_FEATURE_LAST: @@ -2070,6 +2084,16 @@ qemuFirmwareGetSupported(const char *machine, } } + /* Do this here to ensure that we only advertise "no" as a + * value for each feature if we have actually found a + * suitable firmware that doesn't list it, as opposed to + * having found no matching firmware at all, which will + * instead result in an empty enum */ + if (!secureBootFound) + *featureSecureBoot |= 1ULL << VIR_TRISTATE_BOOL_NO; + if (!enrolledKeysFound) + *featureEnrolledKeys |= 1ULL << VIR_TRISTATE_BOOL_NO; + switch (fw->mapping.device) { case QEMU_FIRMWARE_DEVICE_FLASH: fwpath = flash->executable.filename; diff --git a/src/qemu/qemu_firmware.h b/src/qemu/qemu_firmware.h index 39572d979d..6789ec83f7 100644 --- a/src/qemu/qemu_firmware.h +++ b/src/qemu/qemu_firmware.h @@ -52,6 +52,8 @@ qemuFirmwareGetSupported(const char *machine, virArch arch, bool privileged, uint64_t *supported, + uint64_t *featureSecureBoot, + uint64_t *featureEnrolledKeys, bool *secure, virFirmware ***fws, size_t *nfws); diff --git a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml index 8cb51d795c..3aa880de33 100644 --- a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml +++ b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64+amdsev.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml index 56192354ac..70c0ad124b 100644 --- a/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_10.0.0-q35.x86_64.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.0.0-tcg.x86_64+amdsev.xml b/tests/domaincapsdata/qemu_10.0.0-tcg.x86_64+amdsev.xml index 4242f2fe9c..2336940bed 100644 --- a/tests/domaincapsdata/qemu_10.0.0-tcg.x86_64+amdsev.xml +++ b/tests/domaincapsdata/qemu_10.0.0-tcg.x86_64+amdsev.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_10.0.0-tcg.x86_64.xml index 76d5fdd0d9..8bfbc8250f 100644 --- a/tests/domaincapsdata/qemu_10.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_10.0.0-tcg.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml index 30863d3d6b..c13cc82b54 100644 --- a/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_10.0.0-virt.aarch64.xml @@ -9,6 +9,14 @@ <enum name='firmware'> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.0.0.aarch64.xml b/tests/domaincapsdata/qemu_10.0.0.aarch64.xml index 30863d3d6b..c13cc82b54 100644 --- a/tests/domaincapsdata/qemu_10.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_10.0.0.aarch64.xml @@ -9,6 +9,14 @@ <enum name='firmware'> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.0.0.ppc64.xml b/tests/domaincapsdata/qemu_10.0.0.ppc64.xml index 5136e7a20d..146a6d07f3 100644 --- a/tests/domaincapsdata/qemu_10.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_10.0.0.ppc64.xml @@ -7,6 +7,10 @@ <iothreads supported='yes'/> <os supported='yes'> <enum name='firmware'/> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'/> + <enum name='enrolledKeys'/> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.0.0.s390x.xml b/tests/domaincapsdata/qemu_10.0.0.s390x.xml index 3bbdbd68d0..9ca03b765a 100644 --- a/tests/domaincapsdata/qemu_10.0.0.s390x.xml +++ b/tests/domaincapsdata/qemu_10.0.0.s390x.xml @@ -7,6 +7,10 @@ <iothreads supported='yes'/> <os supported='yes'> <enum name='firmware'/> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'/> + <enum name='enrolledKeys'/> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.0.0.x86_64+amdsev.xml b/tests/domaincapsdata/qemu_10.0.0.x86_64+amdsev.xml index 8b02db8802..57717eb847 100644 --- a/tests/domaincapsdata/qemu_10.0.0.x86_64+amdsev.xml +++ b/tests/domaincapsdata/qemu_10.0.0.x86_64+amdsev.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.0.0.x86_64.xml b/tests/domaincapsdata/qemu_10.0.0.x86_64.xml index 6dac17808c..7d72f886a1 100644 --- a/tests/domaincapsdata/qemu_10.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_10.0.0.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml index 31d4fab043..a0d35a432f 100644 --- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml +++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64+inteltdx.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml index 6213908152..d01267c46f 100644 --- a/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_10.1.0-q35.x86_64.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml b/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml index cace9f109a..3f58a7fb07 100644 --- a/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml +++ b/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64+inteltdx.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64.xml index 804848b8a7..3175bc763b 100644 --- a/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_10.1.0-tcg.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.1.0.s390x.xml b/tests/domaincapsdata/qemu_10.1.0.s390x.xml index 9d773385c4..1f1f8013b6 100644 --- a/tests/domaincapsdata/qemu_10.1.0.s390x.xml +++ b/tests/domaincapsdata/qemu_10.1.0.s390x.xml @@ -7,6 +7,10 @@ <iothreads supported='yes'/> <os supported='yes'> <enum name='firmware'/> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'/> + <enum name='enrolledKeys'/> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml b/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml index 6320200c20..691b2a03f0 100644 --- a/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml +++ b/tests/domaincapsdata/qemu_10.1.0.x86_64+inteltdx.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.1.0.x86_64.xml b/tests/domaincapsdata/qemu_10.1.0.x86_64.xml index 35c9b8c6d3..b99545be6d 100644 --- a/tests/domaincapsdata/qemu_10.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_10.1.0.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml index ebba8fd49f..0a38b805d9 100644 --- a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml +++ b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64+mshv.xml @@ -9,6 +9,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml index 5ce911d62f..042191c849 100644 --- a/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_10.2.0-q35.x86_64.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.2.0-tcg.x86_64+mshv.xml b/tests/domaincapsdata/qemu_10.2.0-tcg.x86_64+mshv.xml index 6c6f1e84c3..ec9e389495 100644 --- a/tests/domaincapsdata/qemu_10.2.0-tcg.x86_64+mshv.xml +++ b/tests/domaincapsdata/qemu_10.2.0-tcg.x86_64+mshv.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_10.2.0-tcg.x86_64.xml index 14e8e30f1c..8ba9bc8cfc 100644 --- a/tests/domaincapsdata/qemu_10.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_10.2.0-tcg.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml index 84d3022006..5702b2c99e 100644 --- a/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_10.2.0-virt.aarch64.xml @@ -9,6 +9,14 @@ <enum name='firmware'> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.2.0.aarch64.xml b/tests/domaincapsdata/qemu_10.2.0.aarch64.xml index 84d3022006..5702b2c99e 100644 --- a/tests/domaincapsdata/qemu_10.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_10.2.0.aarch64.xml @@ -9,6 +9,14 @@ <enum name='firmware'> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.2.0.x86_64+mshv.xml b/tests/domaincapsdata/qemu_10.2.0.x86_64+mshv.xml index c8f2585d7d..a4e359ef26 100644 --- a/tests/domaincapsdata/qemu_10.2.0.x86_64+mshv.xml +++ b/tests/domaincapsdata/qemu_10.2.0.x86_64+mshv.xml @@ -9,6 +9,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_10.2.0.x86_64.xml b/tests/domaincapsdata/qemu_10.2.0.x86_64.xml index 333bbaa698..016cb926a8 100644 --- a/tests/domaincapsdata/qemu_10.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_10.2.0.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml index be89b0a4f2..9b2581b186 100644 --- a/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_11.0.0-q35.x86_64.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_11.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_11.0.0-tcg.x86_64.xml index bb611142b3..ed535c64c0 100644 --- a/tests/domaincapsdata/qemu_11.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_11.0.0-tcg.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml index 906e3c1e68..3a841a29d2 100644 --- a/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_11.0.0-virt.aarch64.xml @@ -9,6 +9,14 @@ <enum name='firmware'> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_11.0.0.aarch64.xml b/tests/domaincapsdata/qemu_11.0.0.aarch64.xml index 906e3c1e68..3a841a29d2 100644 --- a/tests/domaincapsdata/qemu_11.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_11.0.0.aarch64.xml @@ -9,6 +9,14 @@ <enum name='firmware'> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_11.0.0.x86_64.xml b/tests/domaincapsdata/qemu_11.0.0.x86_64.xml index 956d59f877..39d2fbe97f 100644 --- a/tests/domaincapsdata/qemu_11.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_11.0.0.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml index b14cbddc59..b91adffda0 100644 --- a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml index 51547bf505..ada310a476 100644 --- a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml index 411925ad66..1d627c757b 100644 --- a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml @@ -7,6 +7,10 @@ <iothreads supported='yes'/> <os supported='yes'> <enum name='firmware'/> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'/> + <enum name='enrolledKeys'/> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml index ab387c862e..b9fab6a2dc 100644 --- a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml index 4bbcb516ec..ebd2fb6ac6 100644 --- a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml index 839f0600c2..80ce709c36 100644 --- a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml index 147d1bf7fb..2f8088e991 100644 --- a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml @@ -7,6 +7,10 @@ <iothreads supported='yes'/> <os supported='yes'> <enum name='firmware'/> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'/> + <enum name='enrolledKeys'/> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml index 612b5a44cc..2bec7f19cc 100644 --- a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml index a031b673dd..17147b153f 100644 --- a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml index 9360f8fadf..d8ecea921a 100644 --- a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml index f3a2dfe6ff..e85357a9be 100644 --- a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml @@ -7,6 +7,10 @@ <iothreads supported='yes'/> <os supported='yes'> <enum name='firmware'/> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'/> + <enum name='enrolledKeys'/> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml index 6738d8f852..58c4bc28b4 100644 --- a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml b/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml index b338bcc470..7e2e838a56 100644 --- a/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml +++ b/tests/domaincapsdata/qemu_7.2.0-hvf.x86_64+hvf.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml index 39eb10dc7a..25737f04ff 100644 --- a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml index 77fce0eb95..cab13a0331 100644 --- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml +++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64+hvf.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml index 77fce0eb95..cab13a0331 100644 --- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_7.2.0.ppc.xml b/tests/domaincapsdata/qemu_7.2.0.ppc.xml index 8bda6af431..b9a92e7378 100644 --- a/tests/domaincapsdata/qemu_7.2.0.ppc.xml +++ b/tests/domaincapsdata/qemu_7.2.0.ppc.xml @@ -6,6 +6,10 @@ <iothreads supported='yes'/> <os supported='yes'> <enum name='firmware'/> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'/> + <enum name='enrolledKeys'/> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml index 16708c3d85..e3e49269f5 100644 --- a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml index 4acd9b76b2..5527105721 100644 --- a/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_8.0.0-q35.x86_64.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml index c8efc8f183..3338819f48 100644 --- a/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_8.0.0-tcg.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.0.0.x86_64.xml b/tests/domaincapsdata/qemu_8.0.0.x86_64.xml index cfa00f3150..716b18adef 100644 --- a/tests/domaincapsdata/qemu_8.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_8.0.0.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml index 83a703da52..228c35c6e5 100644 --- a/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml index 725002966d..6f275c3763 100644 --- a/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.1.0.s390x.xml b/tests/domaincapsdata/qemu_8.1.0.s390x.xml index 0872931dd7..0fae70976b 100644 --- a/tests/domaincapsdata/qemu_8.1.0.s390x.xml +++ b/tests/domaincapsdata/qemu_8.1.0.s390x.xml @@ -7,6 +7,10 @@ <iothreads supported='yes'/> <os supported='yes'> <enum name='firmware'/> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'/> + <enum name='enrolledKeys'/> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.1.0.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0.x86_64.xml index 6a3cb84342..86169fbc41 100644 --- a/tests/domaincapsdata/qemu_8.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_8.1.0.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml index a25cf01799..b2837acd7f 100644 --- a/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_8.2.0-q35.x86_64.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.2.0-tcg-virt.loongarch64.xml b/tests/domaincapsdata/qemu_8.2.0-tcg-virt.loongarch64.xml index eead5ff076..a095471b2e 100644 --- a/tests/domaincapsdata/qemu_8.2.0-tcg-virt.loongarch64.xml +++ b/tests/domaincapsdata/qemu_8.2.0-tcg-virt.loongarch64.xml @@ -9,6 +9,14 @@ <enum name='firmware'> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml index 3b986eb386..37263f94c3 100644 --- a/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_8.2.0-tcg.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml index bb563d6e6c..3ca5d61806 100644 --- a/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_8.2.0-virt.aarch64.xml @@ -9,6 +9,14 @@ <enum name='firmware'> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.2.0-virt.loongarch64.xml b/tests/domaincapsdata/qemu_8.2.0-virt.loongarch64.xml index 4d441289a4..5b0cffe80e 100644 --- a/tests/domaincapsdata/qemu_8.2.0-virt.loongarch64.xml +++ b/tests/domaincapsdata/qemu_8.2.0-virt.loongarch64.xml @@ -9,6 +9,14 @@ <enum name='firmware'> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml b/tests/domaincapsdata/qemu_8.2.0.aarch64.xml index bb563d6e6c..3ca5d61806 100644 --- a/tests/domaincapsdata/qemu_8.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_8.2.0.aarch64.xml @@ -9,6 +9,14 @@ <enum name='firmware'> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.2.0.armv7l.xml b/tests/domaincapsdata/qemu_8.2.0.armv7l.xml index 5c467d4a14..30294fa8b5 100644 --- a/tests/domaincapsdata/qemu_8.2.0.armv7l.xml +++ b/tests/domaincapsdata/qemu_8.2.0.armv7l.xml @@ -6,6 +6,10 @@ <iothreads supported='yes'/> <os supported='yes'> <enum name='firmware'/> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'/> + <enum name='enrolledKeys'/> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.2.0.s390x.xml b/tests/domaincapsdata/qemu_8.2.0.s390x.xml index 5126dd4d00..85cc9834fa 100644 --- a/tests/domaincapsdata/qemu_8.2.0.s390x.xml +++ b/tests/domaincapsdata/qemu_8.2.0.s390x.xml @@ -7,6 +7,10 @@ <iothreads supported='yes'/> <os supported='yes'> <enum name='firmware'/> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'/> + <enum name='enrolledKeys'/> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_8.2.0.x86_64.xml b/tests/domaincapsdata/qemu_8.2.0.x86_64.xml index 57cd4d63de..b740eb8526 100644 --- a/tests/domaincapsdata/qemu_8.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_8.2.0.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_9.0.0-q35.x86_64.xml index c7932014ad..a0364579e2 100644 --- a/tests/domaincapsdata/qemu_9.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_9.0.0-q35.x86_64.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_9.0.0-tcg.x86_64.xml index 3593d70166..d570c438ba 100644 --- a/tests/domaincapsdata/qemu_9.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_9.0.0-tcg.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.0.0.sparc.xml b/tests/domaincapsdata/qemu_9.0.0.sparc.xml index 6b4dd3c3b5..902a12f900 100644 --- a/tests/domaincapsdata/qemu_9.0.0.sparc.xml +++ b/tests/domaincapsdata/qemu_9.0.0.sparc.xml @@ -6,6 +6,10 @@ <iothreads supported='yes'/> <os supported='yes'> <enum name='firmware'/> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'/> + <enum name='enrolledKeys'/> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.0.0.x86_64.xml b/tests/domaincapsdata/qemu_9.0.0.x86_64.xml index 96303a31cd..67767ced9c 100644 --- a/tests/domaincapsdata/qemu_9.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_9.0.0.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_9.1.0-q35.x86_64.xml index 518a6811fe..97ad0a7ba5 100644 --- a/tests/domaincapsdata/qemu_9.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_9.1.0-q35.x86_64.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.1.0-tcg-virt.riscv64.xml b/tests/domaincapsdata/qemu_9.1.0-tcg-virt.riscv64.xml index ce7fe71141..69f262b2af 100644 --- a/tests/domaincapsdata/qemu_9.1.0-tcg-virt.riscv64.xml +++ b/tests/domaincapsdata/qemu_9.1.0-tcg-virt.riscv64.xml @@ -9,6 +9,14 @@ <enum name='firmware'> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_9.1.0-tcg.x86_64.xml index 70928471b3..9733ae00fc 100644 --- a/tests/domaincapsdata/qemu_9.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_9.1.0-tcg.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.1.0-virt.riscv64.xml b/tests/domaincapsdata/qemu_9.1.0-virt.riscv64.xml index fabb09bf72..cfffdb0e10 100644 --- a/tests/domaincapsdata/qemu_9.1.0-virt.riscv64.xml +++ b/tests/domaincapsdata/qemu_9.1.0-virt.riscv64.xml @@ -8,6 +8,14 @@ <enum name='firmware'> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.1.0.s390x.xml b/tests/domaincapsdata/qemu_9.1.0.s390x.xml index d4649de513..a9297de721 100644 --- a/tests/domaincapsdata/qemu_9.1.0.s390x.xml +++ b/tests/domaincapsdata/qemu_9.1.0.s390x.xml @@ -7,6 +7,10 @@ <iothreads supported='yes'/> <os supported='yes'> <enum name='firmware'/> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'/> + <enum name='enrolledKeys'/> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.1.0.x86_64.xml b/tests/domaincapsdata/qemu_9.1.0.x86_64.xml index ee101364cc..8ea6f823fc 100644 --- a/tests/domaincapsdata/qemu_9.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_9.1.0.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml b/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml index ae657c7f72..ba7bc35102 100644 --- a/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml +++ b/tests/domaincapsdata/qemu_9.2.0-hvf.aarch64+hvf.xml @@ -9,6 +9,14 @@ <enum name='firmware'> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.2.0-q35.x86_64+amdsev.xml b/tests/domaincapsdata/qemu_9.2.0-q35.x86_64+amdsev.xml index 35dc5785bc..a7d29ba08b 100644 --- a/tests/domaincapsdata/qemu_9.2.0-q35.x86_64+amdsev.xml +++ b/tests/domaincapsdata/qemu_9.2.0-q35.x86_64+amdsev.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_9.2.0-q35.x86_64.xml index baaaf4f91c..22ab26a61c 100644 --- a/tests/domaincapsdata/qemu_9.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_9.2.0-q35.x86_64.xml @@ -10,6 +10,16 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>yes</value> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>yes</value> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.2.0-tcg.x86_64+amdsev.xml b/tests/domaincapsdata/qemu_9.2.0-tcg.x86_64+amdsev.xml index 033004a1f4..0c37810757 100644 --- a/tests/domaincapsdata/qemu_9.2.0-tcg.x86_64+amdsev.xml +++ b/tests/domaincapsdata/qemu_9.2.0-tcg.x86_64+amdsev.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_9.2.0-tcg.x86_64.xml index f20fe882c6..12d3191f2c 100644 --- a/tests/domaincapsdata/qemu_9.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_9.2.0-tcg.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.2.0.s390x.xml b/tests/domaincapsdata/qemu_9.2.0.s390x.xml index 21a1b4f5a9..213338923d 100644 --- a/tests/domaincapsdata/qemu_9.2.0.s390x.xml +++ b/tests/domaincapsdata/qemu_9.2.0.s390x.xml @@ -7,6 +7,10 @@ <iothreads supported='yes'/> <os supported='yes'> <enum name='firmware'/> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'/> + <enum name='enrolledKeys'/> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.2.0.x86_64+amdsev.xml b/tests/domaincapsdata/qemu_9.2.0.x86_64+amdsev.xml index 39390d2ab6..27a613e59f 100644 --- a/tests/domaincapsdata/qemu_9.2.0.x86_64+amdsev.xml +++ b/tests/domaincapsdata/qemu_9.2.0.x86_64+amdsev.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/domaincapsdata/qemu_9.2.0.x86_64.xml b/tests/domaincapsdata/qemu_9.2.0.x86_64.xml index c477a1d2c4..fb074637a9 100644 --- a/tests/domaincapsdata/qemu_9.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_9.2.0.x86_64.xml @@ -10,6 +10,14 @@ <value>bios</value> <value>efi</value> </enum> + <firmwareFeatures supported='yes'> + <enum name='secureBoot'> + <value>no</value> + </enum> + <enum name='enrolledKeys'> + <value>no</value> + </enum> + </firmwareFeatures> <loader supported='yes'> <value>/obviously/fake/firmware1.fd</value> <value>/obviously/fake/firmware2.fd</value> diff --git a/tests/qemufirmwaretest.c b/tests/qemufirmwaretest.c index a4fb5c9b9c..2eb9d8e701 100644 --- a/tests/qemufirmwaretest.c +++ b/tests/qemufirmwaretest.c @@ -155,6 +155,8 @@ testSupportedFW(const void *opaque) const struct supportedData *data = opaque; uint64_t actualInterfaces; uint64_t expectedInterfaces = 0; + uint64_t actualFeatureSecureBoot; + uint64_t actualFeatureEnrolledKeys; bool actualSecure; virFirmware **expFWs = NULL; size_t nexpFWs = 0; @@ -182,7 +184,10 @@ testSupportedFW(const void *opaque) } if (qemuFirmwareGetSupported(data->machine, data->arch, false, - &actualInterfaces, &actualSecure, &actFWs, &nactFWs) < 0) { + &actualInterfaces, + &actualFeatureSecureBoot, + &actualFeatureEnrolledKeys, + &actualSecure, &actFWs, &nactFWs) < 0) { fprintf(stderr, "Unable to get list of supported interfaces\n"); goto cleanup; } -- 2.53.0
Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- src/conf/schemas/domaincaps.rng | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.rng index 8d0380951d..3b24caeca6 100644 --- a/src/conf/schemas/domaincaps.rng +++ b/src/conf/schemas/domaincaps.rng @@ -68,6 +68,15 @@ </element> </define> + <define name="firmwareFeatures"> + <element name="firmwareFeatures"> + <ref name="supported"/> + <optional> + <ref name="enum"/> + </optional> + </element> + </define> + <define name="loader"> <element name="loader"> <ref name="supported"/> @@ -83,6 +92,9 @@ <interleave> <ref name="supported"/> <ref name="enum"/> + <optional> + <ref name="firmwareFeatures"/> + </optional> <optional> <ref name="loader"/> </optional> -- 2.53.0
Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- src/conf/domain_capabilities.c | 15 +++++++++++++++ src/conf/domain_capabilities.h | 8 ++++++++ 2 files changed, 23 insertions(+) diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index f843124695..5e747dcf9b 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -422,6 +422,19 @@ virDomainCapsFeatureFormatSimple(virBuffer *buf, } +static void +virDomainCapsFirmwareFeaturesFormat(virBuffer *buf, + const virDomainCapsFirmwareFeatures *firmwareFeatures) +{ + FORMAT_PROLOGUE(firmwareFeatures); + + ENUM_PROCESS(firmwareFeatures, secureBoot, virTristateBoolTypeToString); + ENUM_PROCESS(firmwareFeatures, enrolledKeys, virTristateBoolTypeToString); + + FORMAT_EPILOGUE(firmwareFeatures); +} + + static void virDomainCapsLoaderFormat(virBuffer *buf, const virDomainCapsLoader *loader) @@ -440,12 +453,14 @@ static void virDomainCapsOSFormat(virBuffer *buf, const virDomainCapsOS *os) { + const virDomainCapsFirmwareFeatures *firmwareFeatures = &os->firmwareFeatures; const virDomainCapsLoader *loader = &os->loader; FORMAT_PROLOGUE(os); ENUM_PROCESS(os, firmware, virDomainOsDefFirmwareTypeToString); + virDomainCapsFirmwareFeaturesFormat(&childBuf, firmwareFeatures); virDomainCapsLoaderFormat(&childBuf, loader); FORMAT_EPILOGUE(os); diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 437981c711..68bd2506e1 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -43,6 +43,13 @@ struct _virDomainCapsStringValues { size_t nvalues; /* number of strings */ }; +typedef struct _virDomainCapsFirmwareFeatures virDomainCapsFirmwareFeatures; +struct _virDomainCapsFirmwareFeatures { + virTristateBool supported; + virDomainCapsEnum secureBoot; + virDomainCapsEnum enrolledKeys; +}; + STATIC_ASSERT_ENUM(VIR_DOMAIN_LOADER_TYPE_LAST); STATIC_ASSERT_ENUM(VIR_TRISTATE_BOOL_LAST); typedef struct _virDomainCapsLoader virDomainCapsLoader; @@ -59,6 +66,7 @@ typedef struct _virDomainCapsOS virDomainCapsOS; struct _virDomainCapsOS { virTristateBool supported; virDomainCapsEnum firmware; /* Info about virDomainOsDefFirmware */ + virDomainCapsFirmwareFeatures firmwareFeatures; virDomainCapsLoader loader; /* Info about virDomainLoaderDef */ }; -- 2.53.0
participants (1)
-
Andrea Bolognani