git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Andrea Bolognani <abologna@redhat.com>
	Wed, 15 Jun 2022 09:30:48 +0000 (11:30 +0200)
committer	Andrea Bolognani <abologna@redhat.com>
	Fri, 1 Jul 2022 13:10:30 +0000 (15:10 +0200)
commit	161b31f9584eeba17cf29d38289c3a8a03e9e858
tree	a6a14dfef6db10b98b3775aba7eb12fc404d362e	tree
parent	c98910d0110850ffcf3e534b5ea70a3afabb53f9	commit \| diff

conf: Reject enrolled-keys=yes with secure-boot=no

This combination doesn't make sense and so the firmware
autoselection logic will not be able to find a suitable firmware,
but it's more user-friendly to report a detailed error upfront.

Note that this check would ideally happen in the validate phase,
but if we moved it there we would no longer be able to
automatically enable secure-boot when enrolled-keys=yes. Since
the combination never resulted in a working configuration, the
chances of this causing real-world VMs to disappear are
extremely low.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

src/conf/domain_conf.c		diff \| blob \| blame \| history
tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys-no-secboot.x86_64-latest.err	[new file with mode: 0644]	blob
tests/qemuxml2argvdata/firmware-auto-efi-enrolled-keys-no-secboot.xml	[new file with mode: 0644]	blob
tests/qemuxml2argvtest.c		diff \| blob \| blame \| history