[libvirt-users] libvirt and UEFI/SecureBoot

Hi! I'm working currently on integration of UEFI/SecureBoot support into oVirt. And I have several questions about UEFI/SecureBoot support in libvirt. Can you please help me with them? For UEFI I add the following to the XML: <loader readonly="yes" secure="no" type="pflash"> /usr/share/OVMF/OVMF_CODE.secboot.fd </loader> <nvram template="/usr/share/OVMF/OVMF_VARS.fd"> /var/lib/libvirt/qemu/nvram/VM_UUID.fd </nvram> 1. Are all paths mandatory or there are some defaults? 2. If nvram image file is absent, libvirt creates it? 3. Is nvram image file only read or is it also written? 4. If nvram image file is present, is it used? Or removed and created again? 5. Is nvram image file used only on VM startup, or it must be present all the time the VM is running? Is it used on VM shutdown? 6. What happens if the VM is migrated at the moment when nvram image file is used? Is this file migrated also? 7. Is it enough to set secure="yes" to boot the VM with SecureBoot? Or I need to prepare the nvram somehow (install keys etc.)? 8. How to verify that the VM was indeed booted with UEFI? With SecureBoot? Shmuel