conf: Don't explicitly set the secure-boot feature

Now that we're adding information obtained from the firmware descriptor to the domain XML, this will happen automatically whenever a firmware that has the enrolled-keys feature ends up being selected. Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2024-07-12 21:05:48 +00:00 · 2023-03-15 20:23:58 +01:00 · 2023-03-15 20:23:58 +01:00 · 6d0d416f41
commit 6d0d416f41
parent 24ad99d76d
1 changed files with 0 additions and 6 deletions
--- a/src/conf/domain_postparse.c
+++ b/src/conf/domain_postparse.c
@ -101,12 +101,6 @@ virDomainDefPostParseOs(virDomainDef *def)
                           _("firmware feature 'enrolled-keys' cannot be enabled when firmware feature 'secure-boot' is disabled"));
            return -1;
        }
-
-        /* For all non-broken firmware builds, enrolled-keys implies
-         * secure-boot, and having the Secure Boot keys in the NVRAM file
-         * when the firmware doesn't support the Secure Boot feature doesn't
-         * make sense anyway. Reflect this fact explicitly in the XML */
-        def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] = VIR_TRISTATE_BOOL_YES;
    }

    if (!def->os.loader)