mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 13:45:38 +00:00
qemu: Filter firmware images by type
If the configuration explicitly requests a specific type of firmware image, be it pflash or ROM, we should ignore all images that are not of that type. If no specific type has been requested, of course, any type is considered a match and the selection will be based upon the other attributes. Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
b14c97e007
commit
f13b3f8098
@ -1280,6 +1280,12 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
|
||||
if (fw->mapping.device == QEMU_FIRMWARE_DEVICE_FLASH) {
|
||||
const qemuFirmwareMappingFlash *flash = &fw->mapping.data.flash;
|
||||
|
||||
if (loader && loader->type &&
|
||||
loader->type != VIR_DOMAIN_LOADER_TYPE_PFLASH) {
|
||||
VIR_DEBUG("Discarding flash loader");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (loader && loader->stateless == VIR_TRISTATE_BOOL_YES) {
|
||||
if (flash->mode != QEMU_FIRMWARE_FLASH_MODE_STATELESS) {
|
||||
VIR_DEBUG("Discarding loader without stateless flash");
|
||||
@ -1327,6 +1333,12 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
|
||||
return false;
|
||||
}
|
||||
}
|
||||
} else if (fw->mapping.device == QEMU_FIRMWARE_DEVICE_MEMORY) {
|
||||
if (loader && loader->type &&
|
||||
loader->type != VIR_DOMAIN_LOADER_TYPE_ROM) {
|
||||
VIR_DEBUG("Discarding rom loader");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (def->sec) {
|
||||
|
@ -1,34 +0,0 @@
|
||||
LC_ALL=C \
|
||||
PATH=/bin \
|
||||
HOME=/var/lib/libvirt/qemu/domain--1-guest \
|
||||
USER=test \
|
||||
LOGNAME=test \
|
||||
XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
|
||||
XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
|
||||
XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
|
||||
/usr/bin/qemu-system-x86_64 \
|
||||
-name guest=guest,debug-threads=on \
|
||||
-S \
|
||||
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
|
||||
-machine pc-q35-4.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,acpi=on \
|
||||
-accel kvm \
|
||||
-cpu qemu64 \
|
||||
-bios /usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd \
|
||||
-m size=1048576k \
|
||||
-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
|
||||
-overcommit mem-lock=off \
|
||||
-smp 1,sockets=1,cores=1,threads=1 \
|
||||
-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
|
||||
-display none \
|
||||
-no-user-config \
|
||||
-nodefaults \
|
||||
-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
|
||||
-mon chardev=charmonitor,id=monitor,mode=control \
|
||||
-rtc base=utc \
|
||||
-no-shutdown \
|
||||
-boot strict=on \
|
||||
-audiodev '{"id":"audio1","driver":"none"}' \
|
||||
-global ICH9-LPC.noreboot=off \
|
||||
-watchdog-action reset \
|
||||
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
|
||||
-msg timestamp=on
|
@ -0,0 +1 @@
|
||||
operation failed: Unable to find 'efi' firmware that is compatible with the current configuration
|
@ -6,11 +6,7 @@
|
||||
<vcpu placement='static'>1</vcpu>
|
||||
<os firmware='efi'>
|
||||
<type arch='x86_64' machine='pc-q35-4.0'>hvm</type>
|
||||
<firmware>
|
||||
<feature enabled='yes' name='enrolled-keys'/>
|
||||
<feature enabled='yes' name='secure-boot'/>
|
||||
</firmware>
|
||||
<loader readonly='no' type='rom'>/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd</loader>
|
||||
<loader readonly='no' type='pflash'/>
|
||||
<boot dev='hd'/>
|
||||
</os>
|
||||
<features>
|
||||
|
@ -1423,7 +1423,7 @@ mymain(void)
|
||||
DO_TEST_CAPS_LATEST_ABI_UPDATE("firmware-auto-efi");
|
||||
DO_TEST_CAPS_LATEST("firmware-auto-efi-stateless");
|
||||
DO_TEST_CAPS_LATEST("firmware-auto-efi-rw");
|
||||
DO_TEST_CAPS_LATEST("firmware-auto-efi-rw-pflash");
|
||||
DO_TEST_CAPS_LATEST_FAILURE("firmware-auto-efi-rw-pflash");
|
||||
DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-secure");
|
||||
DO_TEST_CAPS_LATEST_ABI_UPDATE("firmware-auto-efi-loader-secure");
|
||||
DO_TEST_CAPS_LATEST("firmware-auto-efi-loader-insecure");
|
||||
|
Loading…
Reference in New Issue
Block a user