diff --git a/src/vmx/vmx.c b/src/vmx/vmx.c
index 132e54e15f..23a8a35360 100644
--- a/src/vmx/vmx.c
+++ b/src/vmx/vmx.c
@@ -1387,6 +1387,7 @@ virVMXParseConfig(virVMXContext *ctx,
char *sched_cpu_shares = NULL;
char *guestOS = NULL;
bool smbios_reflecthost = false;
+ bool uefi_secureboot = false;
int controller;
int bus;
int port;
@@ -1963,6 +1964,27 @@ virVMXParseConfig(virVMXContext *ctx,
}
}
+ /* vmx:uefi.secureBoot.enabled */
+ if (virVMXGetConfigBoolean(conf, "uefi.secureBoot.enabled",
+ &uefi_secureboot, false, true) < 0) {
+ goto cleanup;
+ }
+ if (uefi_secureboot &&
+ def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) {
+ int *features = def->os.firmwareFeatures;
+
+ if (!features) {
+ features = g_new0(int, VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_LAST);
+ def->os.firmwareFeatures = features;
+ }
+ /* Just set both to true, as VMware doesn't have any concept
+ * of the two features separately.
+ */
+ features[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] =
+ features[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS] =
+ VIR_TRISTATE_BOOL_YES;
+ }
+
if (virDomainDefPostParse(def, VIR_DOMAIN_DEF_PARSE_ABI_UPDATE,
xmlopt, NULL) < 0)
goto cleanup;
diff --git a/tests/vmx2xmldata/esx-in-the-wild-12.xml b/tests/vmx2xmldata/esx-in-the-wild-12.xml
index 42184501d0..c5aad90677 100644
--- a/tests/vmx2xmldata/esx-in-the-wild-12.xml
+++ b/tests/vmx2xmldata/esx-in-the-wild-12.xml
@@ -9,6 +9,10 @@
hvm
+
+
+
+
destroy