diff --git a/src/vmx/vmx.c b/src/vmx/vmx.c index 132e54e15f..23a8a35360 100644 --- a/src/vmx/vmx.c +++ b/src/vmx/vmx.c @@ -1387,6 +1387,7 @@ virVMXParseConfig(virVMXContext *ctx, char *sched_cpu_shares = NULL; char *guestOS = NULL; bool smbios_reflecthost = false; + bool uefi_secureboot = false; int controller; int bus; int port; @@ -1963,6 +1964,27 @@ virVMXParseConfig(virVMXContext *ctx, } } + /* vmx:uefi.secureBoot.enabled */ + if (virVMXGetConfigBoolean(conf, "uefi.secureBoot.enabled", + &uefi_secureboot, false, true) < 0) { + goto cleanup; + } + if (uefi_secureboot && + def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) { + int *features = def->os.firmwareFeatures; + + if (!features) { + features = g_new0(int, VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_LAST); + def->os.firmwareFeatures = features; + } + /* Just set both to true, as VMware doesn't have any concept + * of the two features separately. + */ + features[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] = + features[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS] = + VIR_TRISTATE_BOOL_YES; + } + if (virDomainDefPostParse(def, VIR_DOMAIN_DEF_PARSE_ABI_UPDATE, xmlopt, NULL) < 0) goto cleanup; diff --git a/tests/vmx2xmldata/esx-in-the-wild-12.xml b/tests/vmx2xmldata/esx-in-the-wild-12.xml index 42184501d0..c5aad90677 100644 --- a/tests/vmx2xmldata/esx-in-the-wild-12.xml +++ b/tests/vmx2xmldata/esx-in-the-wild-12.xml @@ -9,6 +9,10 @@ hvm + + + + destroy