kbase: More info on firmware change for existing VMs

The need to remove the <loader> and <nvram> elements in order
to make the firmware autoselection process kick in again is
not exactly intuitive, so document it explicitly.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Andrea Bolognani 2023-11-16 17:01:44 +01:00
parent 65bf8fc9cf
commit b31380c758

View File

@ -72,16 +72,36 @@ relevant documentation
Changing an existing VM Changing an existing VM
======================= =======================
Once the VM has been created, updating the XML configuration as When a VM is defined, libvirt will pick the firmware that best
described above is **not** enough to change the Secure Boot status: satisfies the provided criteria and record this information for use
the NVRAM file associated with the VM has to be regenerated from its on subsequent boots. The resulting XML configuration will look like
template as well. this:
::
<os firmware='efi'>
<firmware>
<feature enabled='yes' name='enrolled-keys'/>
<feature enabled='yes' name='secure-boot'/>
</firmware>
<loader readonly='yes' secure='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</loader>
<nvram template='/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'>/var/lib/libvirt/qemu/nvram/vm_VARS.fd</nvram>
</os>
In order to force libvirt to repeat the firmware autoselection
process, it's necessary to remove the ``<loader>`` and ``<nvram>``
elements. Failure to do so will likely result in an error.
Note that updating the XML configuration as described above is
**not** enough to change the Secure Boot status: the NVRAM file
associated with the VM has to be regenerated from its template as
well.
In order to do that, update the XML and then start the VM with In order to do that, update the XML and then start the VM with
:: ::
$ virsh start $vm --reset-nvram $ virsh start vm --reset-nvram
This option is only available starting with libvirt 8.1.0, so if your This option is only available starting with libvirt 8.1.0, so if your
version of libvirt is older than that you will have to delete the version of libvirt is older than that you will have to delete the