mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-05 04:25:19 +00:00
9567f3ba1f
Currently, firmware selection is performed as part of the domain startup process. This mostly works fine, but there's a significant downside to this approach: since the process is affected by factors outside of libvirt's control, specifically the contents of the various JSON firmware descriptors and their names, it's pretty much impossible to guarantee that the outcome is always going to be the same. It would only take an edk2 update, or a change made by the local admin, to render a domain unbootable or downgrade its boot security. To avoid this, move firmware selection to the postparse phase. This way it will only be performed once, when the domain is first defined; subsequent boots will not need to go through the process again, as all the paths that were picked during firmware selection are recorded in the domain XML. Care is taken to ensure that existing domains are handled correctly, even if their firmware configuration can't be successfully resolved. Failure to complete the firmware selection process is only considered fatal when defining a new domain; in all other cases the error will be reported during startup, as is already the case today. Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
106 lines
4.2 KiB
XML
106 lines
4.2 KiB
XML
<domain type='qemu'>
|
|
<name>guest</name>
|
|
<uuid>1ccfd97d-5eb4-478a-bbe6-88d254c16db7</uuid>
|
|
<metadata>
|
|
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
|
|
<libosinfo:os id="http://fedoraproject.org/fedora/29"/>
|
|
</libosinfo:libosinfo>
|
|
</metadata>
|
|
<memory unit='KiB'>4194304</memory>
|
|
<currentMemory unit='KiB'>4194304</currentMemory>
|
|
<vcpu placement='static'>4</vcpu>
|
|
<os>
|
|
<type arch='aarch64' machine='virt'>hvm</type>
|
|
<loader readonly='yes' type='pflash'>/usr/share/AAVMF/AAVMF_CODE.fd</loader>
|
|
<nvram template='/usr/share/AAVMF/AAVMF_VARS.fd'>/some/user/nvram/path/guest_VARS.fd</nvram>
|
|
<boot dev='hd'/>
|
|
</os>
|
|
<features>
|
|
<acpi/>
|
|
<gic version='2'/>
|
|
</features>
|
|
<cpu mode='custom' match='exact' check='none'>
|
|
<model fallback='forbid'>cortex-a15</model>
|
|
</cpu>
|
|
<clock offset='utc'/>
|
|
<on_poweroff>destroy</on_poweroff>
|
|
<on_reboot>restart</on_reboot>
|
|
<on_crash>destroy</on_crash>
|
|
<devices>
|
|
<emulator>/usr/bin/qemu-system-aarch64</emulator>
|
|
<disk type='file' device='disk'>
|
|
<driver name='qemu' type='qcow2'/>
|
|
<source file='/var/lib/libvirt/images/guest.qcow2'/>
|
|
<target dev='vda' bus='virtio'/>
|
|
<address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
|
|
</disk>
|
|
<controller type='usb' index='0' model='qemu-xhci' ports='15'>
|
|
<address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
|
|
</controller>
|
|
<controller type='pci' index='0' model='pcie-root'/>
|
|
<controller type='virtio-serial' index='0'>
|
|
<address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
|
|
</controller>
|
|
<controller type='pci' index='1' model='pcie-root-port'>
|
|
<model name='pcie-root-port'/>
|
|
<target chassis='1' port='0x8'/>
|
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/>
|
|
</controller>
|
|
<controller type='pci' index='2' model='pcie-root-port'>
|
|
<model name='pcie-root-port'/>
|
|
<target chassis='2' port='0x9'/>
|
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
|
|
</controller>
|
|
<controller type='pci' index='3' model='pcie-root-port'>
|
|
<model name='pcie-root-port'/>
|
|
<target chassis='3' port='0xa'/>
|
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
|
|
</controller>
|
|
<controller type='pci' index='4' model='pcie-root-port'>
|
|
<model name='pcie-root-port'/>
|
|
<target chassis='4' port='0xb'/>
|
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x3'/>
|
|
</controller>
|
|
<controller type='pci' index='5' model='pcie-root-port'>
|
|
<model name='pcie-root-port'/>
|
|
<target chassis='5' port='0xc'/>
|
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x4'/>
|
|
</controller>
|
|
<controller type='pci' index='6' model='pcie-root-port'>
|
|
<model name='pcie-root-port'/>
|
|
<target chassis='6' port='0xd'/>
|
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x5'/>
|
|
</controller>
|
|
<controller type='pci' index='7' model='pcie-root-port'>
|
|
<model name='pcie-root-port'/>
|
|
<target chassis='7' port='0xe'/>
|
|
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x6'/>
|
|
</controller>
|
|
<interface type='user'>
|
|
<mac address='52:54:00:09:a4:37'/>
|
|
<model type='virtio'/>
|
|
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
|
|
</interface>
|
|
<serial type='pty'>
|
|
<target type='system-serial' port='0'>
|
|
<model name='pl011'/>
|
|
</target>
|
|
</serial>
|
|
<console type='pty'>
|
|
<target type='serial' port='0'/>
|
|
</console>
|
|
<channel type='unix'>
|
|
<target type='virtio' name='org.qemu.guest_agent.0'/>
|
|
<address type='virtio-serial' controller='0' bus='0' port='1'/>
|
|
</channel>
|
|
<audio id='1' type='none'/>
|
|
<memballoon model='virtio'>
|
|
<address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
|
|
</memballoon>
|
|
<rng model='virtio'>
|
|
<backend model='random'>/dev/urandom</backend>
|
|
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
|
|
</rng>
|
|
</devices>
|
|
</domain>
|