mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-10 14:57:42 +00:00
3030010fa9
Right now we're checking that firmware descriptor masking works as intended by creating an empty file matching 60-ovmf-sb.json in name. However, that firmware descriptors contains the details for a perfectly valid and quite common situation: Secure Boot being supported by the firmware build, but being effectively disabled by the lack of certificates in the NVRAM template. Unmask that firmware descriptor, and instead create a dummy one that has higher priority than all other OVMF builds and points to paths that are obviously incorrect, which should make it easy to notice it getting accidentally unmasked in the future. Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
38 lines
797 B
JSON
38 lines
797 B
JSON
{
|
|
"description": "bad firmware used to test descriptor masking",
|
|
"interface-types": [
|
|
"uefi"
|
|
],
|
|
"mapping": {
|
|
"device": "flash",
|
|
"mode": "split",
|
|
"executable": {
|
|
"filename": "/bad/executable/should/have/been/masked.fd",
|
|
"format": "raw"
|
|
},
|
|
"nvram-template": {
|
|
"filename": "/bad/nvram/template/should/have/been/masked.fd",
|
|
"format": "raw"
|
|
}
|
|
},
|
|
"targets": [
|
|
{
|
|
"architecture": "x86_64",
|
|
"machines": [
|
|
"pc-*",
|
|
"pc-q35-*"
|
|
]
|
|
}
|
|
],
|
|
"features": [
|
|
"acpi-s3",
|
|
"amd-sev",
|
|
"requires-smm",
|
|
"secure-boot",
|
|
"verbose-dynamic"
|
|
],
|
|
"tags": [
|
|
|
|
]
|
|
}
|