External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-24 13:35:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Discard requires-smm firmware when loader.secure=no

Browse Source 
The requires-smm feature being present in a firmware descriptor
causes loader.secure=yes to be automatically chosen for the
domain, so we have to avoid this situation or the user's choice
will be silently subverted.

Note that we can't actually encounter loader.secure=no in this
function at the moment because of earlier checks, but that's
going to change soon.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Andrea Bolognani 2023-03-16 19:42:56 +01:00
parent 8b96a17019
commit 63859189e6
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/qemu/qemu_firmware.c
View File

@ -1196,6 +1196,11 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
"but firmware '%s' requires it to be enabled", path); "but firmware '%s' requires it to be enabled", path);
return false; return false;
} }
if (loader && loader->secure == VIR_TRISTATE_BOOL_NO) {
VIR_DEBUG("Domain doesn't restrict pflash programming to SMM, "
"but firmware '%s' requires use of SMM", path);
return false;
}
} else { } else {
if (loader && loader->secure == VIR_TRISTATE_BOOL_YES) { if (loader && loader->secure == VIR_TRISTATE_BOOL_YES) {
VIR_DEBUG("Domain restricts pflash programming to SMM, " VIR_DEBUG("Domain restricts pflash programming to SMM, "