pool/virt-manager
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
virt-manager/24f9d053-add-support-for-loader-secure-attribute.patch
Charles Arnold 0c6c31977f - bsc#1027942 - virt-manager: Missing upstream bug fixes 
f38c56c9-add-support-for-SMM-feature.patch
  24f9d053-add-support-for-loader-secure-attribute.patch
  4f8e795c-if-required-by-UEFI-enable-SMM-feature-and-set-q35-machine-type.patch

- bsc#1027942 - virt-manager: Missing upstream bug fixes
  93085d2b-reset-guest-domain-to-none-on-domain-creation-error.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/virt-manager?expand=0&rev=352
2017-06-05 17:55:06 +00:00

135 lines
5.4 KiB
Diff
Raw Blame History

References: rbz#1387479
Subject: virt-install: add support for loader secure attribute
From: Pavel Hrdina phrdina@redhat.com Thu Jan 26 16:11:31 2017 +0100
Date: Thu Jun 1 09:58:46 2017 +0200:
Git: 24f9d05329a485c21325fc2e93a283b832359d05
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Index: virt-manager-1.4.1/man/virt-install.pod
===================================================================
--- virt-manager-1.4.1.orig/man/virt-install.pod
+++ virt-manager-1.4.1/man/virt-install.pod
@@ -514,13 +514,14 @@ correct UEFI parameters, libvirt needs t
via domcapabilities XML, so this will likely only work if using properly
configured distro packages.
-=item B<--boot loader=/.../OVMF_CODE.fd,loader_ro=yes,loader_type=pflash,nvram_template=/.../OVMF_VARS.fd>
+=item B<--boot loader=/.../OVMF_CODE.fd,loader_ro=yes,loader_type=pflash,nvram_template=/.../OVMF_VARS.fd,loader_secure=no>
Specify that the virtual machine use the custom OVMF binary as boot firmware,
mapped as a virtual flash chip. In addition, request that libvirt instantiate
the VM-specific UEFI varstore from the custom "/.../OVMF_VARS.fd" varstore
template. This is the recommended UEFI setup, and should be used if
---boot uefi doesn't know about your UEFI binaries.
+--boot uefi doesn't know about your UEFI binaries. If your UEFI firmware
+supports Secure boot feature you can enable it via loader_secure.
=back
Index: virt-manager-1.4.1/tests/cli-test-xml/compare/virt-install-boot-loader-secure.xml
===================================================================
--- /dev/null
+++ virt-manager-1.4.1/tests/cli-test-xml/compare/virt-install-boot-loader-secure.xml
@@ -0,0 +1,29 @@
+<domain type="test">
+ <name>foobar</name>
+ <uuid>00000000-1111-2222-3333-444444444444</uuid>
+ <memory>65536</memory>
+ <currentMemory>65536</currentMemory>
+ <vcpu>1</vcpu>
+ <os>
+ <type arch="i686">hvm</type>
+ <loader secure="yes">/path/to/loader</loader>
+ <boot dev="hd"/>
+ </os>
+ <features>
+ <pae/>
+ </features>
+ <clock offset="utc"/>
+ <pm>
+ <suspend-to-mem enabled="no"/>
+ <suspend-to-disk enabled="no"/>
+ </pm>
+ <devices>
+ <emulator>/usr/bin/test-hv</emulator>
+ <controller type="usb" index="0" model="none"/>
+ <interface type="user">
+ <mac address="00:11:22:33:44:55"/>
+ </interface>
+ <input type="mouse" bus="ps2"/>
+ <console type="pty"/>
+ </devices>
+</domain>
Index: virt-manager-1.4.1/tests/clitest.py
===================================================================
--- virt-manager-1.4.1.orig/tests/clitest.py
+++ virt-manager-1.4.1/tests/clitest.py
@@ -561,6 +561,14 @@ c.add_compare("--features smm=on", "feat
c.add_invalid("--features smm=on --machine pc")
+########################
+# Boot install options #
+########################
+
+c = vinst.add_category("boot", "--nographics --noautoconsole --import --disk none --controller usb,model=none")
+c.add_compare("--boot loader=/path/to/loader,loader_secure=yes", "boot-loader-secure")
+
+
####################################################
# CPU/RAM/numa and other singleton VM config tests #
####################################################
Index: virt-manager-1.4.1/virtinst/cli.py
===================================================================
--- virt-manager-1.4.1.orig/virtinst/cli.py
+++ virt-manager-1.4.1/virtinst/cli.py
@@ -1573,6 +1573,13 @@ class ParserBoot(VirtCLIParser):
inst.os.smbios_mode = val
self.optdict["smbios_mode"] = val
+ def set_loader_secure_cb(self, inst, val, virtarg):
+ if not inst.conn.check_support(inst.conn.SUPPORT_DOMAIN_LOADER_SECURE):
+ raise RuntimeError("secure attribute for loader is not supported "
+ "by libvirt.")
+ inst.os.loader_secure = val
+ return val
+
def noset_cb(self, inst, val, virtarg):
pass
@@ -1609,6 +1616,8 @@ ParserBoot.add_arg("os.dtb", "dtb")
ParserBoot.add_arg("os.loader", "loader")
ParserBoot.add_arg("os.loader_ro", "loader_ro", is_onoff=True)
ParserBoot.add_arg("os.loader_type", "loader_type")
+ParserBoot.add_arg("os.loader_secure", "loader_secure", is_onoff=True,
+ cb=ParserBoot.set_loader_secure_cb)
ParserBoot.add_arg("os.nvram", "nvram")
ParserBoot.add_arg("os.nvram_template", "nvram_template")
ParserBoot.add_arg("os.kernel_args", "kernel_args",
Index: virt-manager-1.4.1/virtinst/osxml.py
===================================================================
--- virt-manager-1.4.1.orig/virtinst/osxml.py
+++ virt-manager-1.4.1/virtinst/osxml.py
@@ -116,6 +116,7 @@ class OSXML(XMLBuilder):
loader = XMLProperty("./loader")
loader_ro = XMLProperty("./loader/@readonly", is_yesno=True)
loader_type = XMLProperty("./loader/@type")
+ loader_secure = XMLProperty("./loader/@secure", is_yesno=True)
smbios_mode = XMLProperty("./smbios/@mode")
nvram = XMLProperty("./nvram")
nvram_template = XMLProperty("./nvram/@template")
Index: virt-manager-1.4.1/virtinst/support.py
===================================================================
--- virt-manager-1.4.1.orig/virtinst/support.py
+++ virt-manager-1.4.1/virtinst/support.py
@@ -362,6 +362,7 @@ SUPPORT_DOMAIN_STATE = _make(function="v
SUPPORT_DOMAIN_OPEN_GRAPHICS = _make(function="virDomain.openGraphicsFD",
version="1.2.8", hv_version={"qemu": 0})
SUPPORT_DOMAIN_FEATURE_SMM = _make(version="2.1.0")
+SUPPORT_DOMAIN_LOADER_SECURE = _make(version="2.1.0")
###############
Reference in New Issue View Git Blame Copy Permalink