...
<os>
<type>hvm</type>
- <loader readonly='yes' type='rom'>/usr/lib/xen/boot/hvmloader</loader>
+ <loader readonly='yes' secure='no' type='rom'>/usr/lib/xen/boot/hvmloader</loader>
<nvram template='/usr/share/OVMF/OVMF_VARS.fd'>/var/lib/libvirt/nvram/guest_VARS.fd</nvram>
<boot dev='hd'/>
<boot dev='cdrom'/>
<code>pflash</code>. It tells the hypervisor where in the guest
memory the file should be mapped. For instance, if the loader
path points to an UEFI image, <code>type</code> should be
- <code>pflash</code>.</dd>
+ <code>pflash</code>. Moreover, some firmwares may
+ implement the Secure boot feature. Attribute
+ <code>secure</code> can be used then to control it.
+ <span class="since">Since 2.1.0</span></dd>
<dt><code>nvram</code></dt>
<dd>Some UEFI firmwares may want to use a non-volatile memory to store
some variables. In the host, this is represented as a file and the
</choice>
</attribute>
</optional>
+ <optional>
+ <attribute name="secure">
+ <choice>
+ <value>yes</value>
+ <value>no</value>
+ </choice>
+ </attribute>
+ </optional>
<optional>
<attribute name="type">
<choice>
{
int ret = -1;
char *readonly_str = NULL;
+ char *secure_str = NULL;
char *type_str = NULL;
readonly_str = virXMLPropString(node, "readonly");
+ secure_str = virXMLPropString(node, "secure");
type_str = virXMLPropString(node, "type");
loader->path = (char *) xmlNodeGetContent(node);
goto cleanup;
}
+ if (secure_str &&
+ (loader->secure = virTristateBoolTypeFromString(secure_str)) <= 0) {
+ virReportError(VIR_ERR_XML_DETAIL,
+ _("unknown secure value: %s"), secure_str);
+ goto cleanup;
+ }
+
if (type_str) {
int type;
if ((type = virDomainLoaderTypeFromString(type_str)) < 0) {
ret = 0;
cleanup:
VIR_FREE(readonly_str);
+ VIR_FREE(secure_str);
VIR_FREE(type_str);
return ret;
}
virDomainLoaderDefPtr loader)
{
const char *readonly = virTristateBoolTypeToString(loader->readonly);
+ const char *secure = virTristateBoolTypeToString(loader->secure);
const char *type = virDomainLoaderTypeToString(loader->type);
virBufferAddLit(buf, "<loader");
if (loader->readonly)
virBufferAsprintf(buf, " readonly='%s'", readonly);
+ if (loader->secure)
+ virBufferAsprintf(buf, " secure='%s'", secure);
+
virBufferAsprintf(buf, " type='%s'>", type);
virBufferEscapeString(buf, "%s</loader>\n", loader->path);
char *path;
int readonly; /* enum virTristateBool */
virDomainLoader type;
+ int secure; /* enum virTristateBool */
char *nvram; /* path to non-volatile RAM */
char *templt; /* user override of path to master nvram */
};
--- /dev/null
+<domain type='qemu'>
+ <name>test-bios</name>
+ <uuid>362d1fc1-df7d-193e-5c18-49a71bd1da66</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <currentMemory unit='KiB'>1048576</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc-q35-2.5'>hvm</type>
+ <loader readonly='yes' secure='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.secboot.fd</loader>
+ <nvram>/usr/share/OVMF/OVMF_VARS.fd</nvram>
+ <boot dev='hd'/>
+ <bootmenu enable='yes'/>
+ </os>
+ <features>
+ <acpi/>
+ <smm state='on'/>
+ </features>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>restart</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <disk type='block' device='disk'>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='sda' bus='scsi'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='scsi' index='0'/>
+ <controller type='pci' index='0' model='pcie-root'/>
+ <serial type='pty'>
+ <target port='0'/>
+ </serial>
+ <console type='pty'>
+ <target type='serial' port='0'/>
+ </console>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='virtio'/>
+ </devices>
+</domain>
projects / libvirt.git / commitdiff