On Fri, Mar 19, 2021 at 04:11:39PM +0100, Kashyap Chamarthy wrote: > On Fri, Mar 19, 2021 at 11:59:11AM +0100, Pavel Hrdina wrote: > > On Fri, Mar 19, 2021 at 11:10:05AM +0100, Kashyap Chamarthy wrote: > > > On Thu, Mar 18, 2021 at 01:26:45PM +0100, Pavel Hrdina wrote: > > [...] > > > > Nit: I'd recast it as: "When using firmware auto-selection, different > > > features are enabled in any given firmware binary." > > > > Sounds a bit better but I've already pushed the patches. > > Np; can be a follow-up. > > [...] > > > > Should we also list a couple of example features? E.g. "amd-sev" (on > > > supported hardware), "acpi-s3", "secure-boot". > > > > I was considering listing all features that the JSON files can have but > > most of the other features are already controlled by different XML > > elements. There is an explicit list of features later in the docs. > > Ah, where's the explict list of features? I don't see them under the > "BIOS bootloader" section: > https://libvirt.org/formatdomain.html#bios-bootloader
Under the 'firmware' element there is a description of 'feature' element
that lists mandatory attributes and for attribute 'name' there is a list
of possible features which includes 'enrolled-keys' and 'secure-boot'.
This is the part from formatdomain.rst file:
``feature``
The list of mandatory attributes:
- ``enabled`` (accepted values are ``yes`` and ``no``) is used to tell
libvirt
if the feature must be enabled or not in the automatically selected
firmware
- ``name`` the name of the feature, the list of the features:
- ``enrolled-keys`` whether the selected nvram template has default
certificate enrolled. Firmware with Secure Boot feature but without
enrolled keys will successfully boot non-signed binaries as well.
Valid only for firmwares with Secure Boot feature.
- ``secure-boot`` whether the firmware implements UEFI Secure boot
feature.
Pavel
signature.asc
Description: PGP signature
