mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-05 04:41:20 +00:00
3030010fa9
Right now we're checking that firmware descriptor masking works as intended by creating an empty file matching 60-ovmf-sb.json in name. However, that firmware descriptors contains the details for a perfectly valid and quite common situation: Secure Boot being supported by the firmware build, but being effectively disabled by the lack of certificates in the NVRAM template. Unmask that firmware descriptor, and instead create a dummy one that has higher priority than all other OVMF builds and points to paths that are obviously incorrect, which should make it easy to notice it getting accidentally unmasked in the future. Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
39 lines
1.8 KiB
Plaintext
39 lines
1.8 KiB
Plaintext
LC_ALL=C \
|
|
PATH=/bin \
|
|
HOME=/var/lib/libvirt/qemu/domain--1-guest \
|
|
USER=test \
|
|
LOGNAME=test \
|
|
XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
|
|
XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
|
|
XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
|
|
/usr/bin/qemu-system-x86_64 \
|
|
-name guest=guest,debug-threads=on \
|
|
-S \
|
|
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
|
|
-blockdev '{"driver":"file","filename":"/usr/share/OVMF/OVMF_CODE.secboot.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \
|
|
-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \
|
|
-blockdev '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}' \
|
|
-blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \
|
|
-machine pc-q35-4.0,usb=off,smm=on,dump-guest-core=off,memory-backend=pc.ram,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format,acpi=on \
|
|
-accel kvm \
|
|
-cpu qemu64 \
|
|
-global driver=cfi.pflash01,property=secure,value=on \
|
|
-m 1024 \
|
|
-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
|
|
-overcommit mem-lock=off \
|
|
-smp 1,sockets=1,cores=1,threads=1 \
|
|
-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \
|
|
-display none \
|
|
-no-user-config \
|
|
-nodefaults \
|
|
-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
|
|
-mon chardev=charmonitor,id=monitor,mode=control \
|
|
-rtc base=utc \
|
|
-no-shutdown \
|
|
-boot strict=on \
|
|
-audiodev '{"id":"audio1","driver":"none"}' \
|
|
-global ICH9-LPC.noreboot=off \
|
|
-watchdog-action reset \
|
|
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
|
|
-msg timestamp=on
|