mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-25 22:15:20 +00:00
qemu: Discard requires-smm firmware when loader.secure=no
The requires-smm feature being present in a firmware descriptor causes loader.secure=yes to be automatically chosen for the domain, so we have to avoid this situation or the user's choice will be silently subverted. Note that we can't actually encounter loader.secure=no in this function at the moment because of earlier checks, but that's going to change soon. Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
parent
8b96a17019
commit
63859189e6
@ -1196,6 +1196,11 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
|
|||||||
"but firmware '%s' requires it to be enabled", path);
|
"but firmware '%s' requires it to be enabled", path);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
if (loader && loader->secure == VIR_TRISTATE_BOOL_NO) {
|
||||||
|
VIR_DEBUG("Domain doesn't restrict pflash programming to SMM, "
|
||||||
|
"but firmware '%s' requires use of SMM", path);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
if (loader && loader->secure == VIR_TRISTATE_BOOL_YES) {
|
if (loader && loader->secure == VIR_TRISTATE_BOOL_YES) {
|
||||||
VIR_DEBUG("Domain restricts pflash programming to SMM, "
|
VIR_DEBUG("Domain restricts pflash programming to SMM, "
|
||||||
|
Loading…
x
Reference in New Issue
Block a user