The `-secure-boot on|off` command line option is implemented
to enable secure IPL.
By default, -secure-boot is set to false if not specified in
the command line.
Signed-off-by: Zhuoying Cai <zy...@linux.ibm.com>
---
qemu-options.hx | 8 ++++++++
system/vl.c | 21 +++++++++++++++++++++
2 files changed, 29 insertions(+)
diff --git a/qemu-options.hx b/qemu-options.hx
index b460c63490..02d2f4d513 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1262,6 +1262,14 @@ SRST
A colon may be used to delineate multiple paths.
ERST
+DEF("secure-boot", HAS_ARG, QEMU_OPTION_secure_boot,
+ "-secure-boot on|off\n"
+ " enable/disable secure boot\n", QEMU_ARCH_S390X)
+SRST
+``-secure-boot on|off``
+ Enable/disable secure boot. Default is off.
+ERST
+
DEFHEADING()
DEFHEADING(Block device options:)
diff --git a/system/vl.c b/system/vl.c
index bd6197c887..5bdc35516c 100644
--- a/system/vl.c
+++ b/system/vl.c
@@ -524,6 +524,19 @@ static QemuOptsList qemu_boot_certificates_opts = {
},
};
+static QemuOptsList qemu_secure_boot_opts = {
+ .name = "secure-boot",
+ .implied_opt_name = "secure-boot",
+ .head = QTAILQ_HEAD_INITIALIZER(qemu_secure_boot_opts.head),
+ .desc = {
+ {
+ .name = "secure-boot",
+ .type = QEMU_OPT_BOOL,
+ },
+ { /* end of list */ }
+ },
+};
+
const char *qemu_get_vm_name(void)
{
return qemu_name;
@@ -2894,6 +2907,7 @@ void qemu_init(int argc, char **argv)
qemu_add_opts(&qemu_fw_cfg_opts);
qemu_add_opts(&qemu_action_opts);
qemu_add_opts(&qemu_boot_certificates_opts);
+ qemu_add_opts(&qemu_secure_boot_opts);
qemu_add_run_with_opts();
module_call_init(MODULE_INIT_OPTS);
@@ -3046,6 +3060,13 @@ void qemu_init(int argc, char **argv)
exit(1);
}
break;
+ case QEMU_OPTION_secure_boot:
+ opts = qemu_opts_parse_noisily(qemu_find_opts("secure-boot"),
+ optarg, true);
+ if (!opts) {
+ exit(1);
+ }
+ break;
case QEMU_OPTION_fda:
case QEMU_OPTION_fdb:
drive_add(IF_FLOPPY, popt->index - QEMU_OPTION_fda,
--
2.49.0
