When getting the xml description of a guest, check if secure boot is enabled and set firmware features accordingly. Also support firmware autoselection and honor the secure boot setting when defining new vms from xml. Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> --- src/hyperv/hyperv_driver.c | 33 ++++++++++++++++++++++++++++++++- src/hyperv/hyperv_driver.h | 3 +++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/src/hyperv/hyperv_driver.c b/src/hyperv/hyperv_driver.c index eb28093028..ae9502404c 100644 --- a/src/hyperv/hyperv_driver.c +++ b/src/hyperv/hyperv_driver.c @@ -2743,6 +2743,22 @@ hypervDomainGetXMLDesc(virDomainPtr domain, unsigned int flags) def->os.type = VIR_DOMAIN_OSTYPE_HVM; + /* Generation 2 VMs use UEFI firmware */ + if (STREQ_NULLABLE(virtualSystemSettingData->data->VirtualSystemSubType, HYPERV_VM_GEN2)) { + def->os.firmware = VIR_DOMAIN_OS_DEF_FIRMWARE_EFI; + + if (virtualSystemSettingData->data->SecureBootEnabled) { + int *features = g_new0(int, VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_LAST); + + /* Hyper-V doesn't distinguish between secure-boot and enrolled-keys, + * so set both when SecureBootEnabled is true */ + features[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] = VIR_TRISTATE_BOOL_YES; + features[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS] = VIR_TRISTATE_BOOL_YES; + + def->os.firmwareFeatures = features; + } + } + /* Allocate space for all potential devices */ /* 256 scsi drives + 4 ide drives */ @@ -2948,6 +2964,20 @@ hypervDomainDefineXML(virConnectPtr conn, const char *xml) if (hypervSetEmbeddedProperty(defineSystemParam, "ElementName", def->name) < 0) goto error; + /* Set firmware settings */ + if (def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) { + /* Generation 2 VM (UEFI) */ + if (hypervSetEmbeddedProperty(defineSystemParam, "VirtualSystemSubType", HYPERV_VM_GEN2) < 0) + goto error; + + if (def->os.firmwareFeatures && + (def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] == VIR_TRISTATE_BOOL_YES || + def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS] == VIR_TRISTATE_BOOL_YES)) { + if (hypervSetEmbeddedProperty(defineSystemParam, "SecureBootEnabled", "true") < 0) + goto error; + } + } + if (hypervAddEmbeddedParam(params, "SystemSettings", &defineSystemParam, Msvm_VirtualSystemSettingData_WmiInfo) < 0) goto error; @@ -3889,7 +3919,8 @@ static virHypervisorDriver hypervHypervisorDriver = { virDomainDefParserConfig hypervDomainDefParserConfig = { - .features = VIR_DOMAIN_DEF_FEATURE_MEMORY_HOTPLUG, + .features = VIR_DOMAIN_DEF_FEATURE_MEMORY_HOTPLUG | + VIR_DOMAIN_DEF_FEATURE_FW_AUTOSELECT, }; diff --git a/src/hyperv/hyperv_driver.h b/src/hyperv/hyperv_driver.h index 3764844494..aa2a820830 100644 --- a/src/hyperv/hyperv_driver.h +++ b/src/hyperv/hyperv_driver.h @@ -27,4 +27,7 @@ #define HYPERV_MAX_IDE_CHANNELS 2 #define HYPERV_MAX_DRIVES_PER_IDE_CHANNEL 2 +#define HYPERV_VM_GEN1 "Microsoft:Hyper-V:SubType:1" +#define HYPERV_VM_GEN2 "Microsoft:Hyper-V:SubType:2" + int hypervRegister(void); -- 2.53.0