conf: Move validation check out of postparse

The reason why it was in postparse in the first place was so
that we could could automatically enable the secure-boot feature
in some cases, but that no longer happens so we can finally move
it to the proper location.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Andrea Bolognani 2023-03-17 12:00:39 +01:00
parent 6d0d416f41
commit e493a2ed73
2 changed files with 8 additions and 10 deletions

View File

@ -93,16 +93,6 @@ virDomainDefPostParseMemory(virDomainDef *def,
static int
virDomainDefPostParseOs(virDomainDef *def)
{
if (def->os.firmwareFeatures &&
def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS] == VIR_TRISTATE_BOOL_YES) {
if (def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] == VIR_TRISTATE_BOOL_NO) {
virReportError(VIR_ERR_XML_DETAIL, "%s",
_("firmware feature 'enrolled-keys' cannot be enabled when firmware feature 'secure-boot' is disabled"));
return -1;
}
}
if (!def->os.loader)
return 0;

View File

@ -1606,6 +1606,14 @@ virDomainDefOSValidate(const virDomainDef *def,
return -1;
}
if (def->os.firmwareFeatures &&
def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS] == VIR_TRISTATE_BOOL_YES &&
def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] == VIR_TRISTATE_BOOL_NO) {
virReportError(VIR_ERR_XML_DETAIL, "%s",
_("firmware feature 'enrolled-keys' cannot be enabled when firmware feature 'secure-boot' is disabled"));
return -1;
}
if (!loader)
return 0;