External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-30 16:35:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
libvirt/docs/kbase
History
Andrea Bolognani 18249f278a kbase: Always explicitly enable secure-boot firmware feature 
It should be enough to enable or disable the enrolled-keys feature
to control whether Secure Boot is enforced, but there's a slight
complication: many distro packages for edk2 include, in addition
to general purpose firmware images, builds that are targeting the
Confidential Computing use case.

For those, the firmware descriptor will not advertise the
enrolled-keys feature, which will technically make them suitable
for satisfying a configuration such as

  <os firmware='efi'>
    <firmware>
      <feature state='off' name='enrolled-keys'/>
    </firmware>
  </os>

In practice, users will expect the general purpose build to be
used in this case. Explicitly asking for the secure-boot feature
to be enabled achieves that result at the cost of some slight
additional verbosity.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-08-04 14:39:11 +02:00
..
internals
docs: replace ARRAY_CARDINALITY with G_N_ELEMENTS
2022-07-13 12:18:06 +01:00
backing_chains.rst
docs: Convert 'formatdomaincaps' to rST
2022-04-07 17:15:52 +02:00
debuglogs.rst
kbase: debuglogs: Add a note about auto-shutdown of daemons
2022-07-07 14:35:30 +02:00
domainstatecapture.rst
docs: domainstatecapture: Fix broken links
2022-06-01 12:27:10 +02:00
index.rst
docs: Add kbase page for Secure Boot
2022-07-01 15:10:43 +02:00
kvm-realtime.rst
docs: kbase/kvm-realtime: Fix few links
2022-06-01 12:27:10 +02:00
launch_security_sev.rst
kbase: launch_security_sev: Break up overly long line
2022-06-13 16:09:32 +02:00
live_full_disk_backup.rst
docs: Fix some typos
2021-06-22 15:55:56 +02:00
locking-lockd.rst
docs: convert kbase/locking-lockd.html.in to RST
2019-12-04 16:10:28 +00:00
locking-sanlock.rst
docs: formatdomain: Remove 'elementsEvents' anchor
2022-06-01 12:27:09 +02:00
locking.rst
docs: convert kbase/locking.html.in to RST
2019-12-04 16:10:28 +00:00
memorydevices.rst
docs: formatdomain: Remove 'elementsMemory' anchor
2022-06-01 12:27:10 +02:00
merging_disk_image_chains.rst
docs: kbase: Add a doc on merging disk image chains
2021-05-11 11:23:57 +02:00
meson.build
docs: Add kbase page for Secure Boot
2022-07-01 15:10:43 +02:00
qemu-core-dump.rst
docs: Fix two spelling mistakes
2021-07-26 11:01:08 +02:00
qemu-passthrough-security.rst
docs: remove use of the term 'whitelist' from cgroup docs
2020-06-26 15:38:34 +01:00
rpm-deployment.rst
spec: Drop -bash-completion package
2021-04-22 11:01:27 +02:00
s390_protected_virt.rst
docs: formatdomain: Remove 'launchSecurity' anchor
2022-06-01 12:27:10 +02:00
secureboot.rst
kbase: Always explicitly enable secure-boot firmware feature
2022-08-04 14:39:11 +02:00
secureusage.rst
Prefer https: for libguestfs.org links
2020-09-01 21:58:46 +02:00
snapshots.rst
kbase: Introduce 'snapshots' page and describe the new 'manual' snapshot
2022-03-22 10:32:43 +01:00
systemtap.rst
kbase: Add knowledge base for libvirt systemtap
2020-08-21 11:34:23 +01:00
tlscerts.rst
docs: kbase/tlscerts: Fix links
2022-06-01 12:27:10 +02:00
virtiofs.rst
docs: virtiofs: remove extra slash
2021-09-09 17:53:18 +02:00