From: Andrea Bolognani <abologna@redhat.com>
Date: Thu, 16 Mar 2023 18:42:56 +0000 (+0100)
Subject: qemu: Discard requires-smm firmware when loader.secure=no
X-Git-Tag: v9.2.0-rc1~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=63859189e66b1191e892afc763b3c48c98496614;p=thirdparty%2Flibvirt.git

qemu: Discard requires-smm firmware when loader.secure=no

The requires-smm feature being present in a firmware descriptor
causes loader.secure=yes to be automatically chosen for the
domain, so we have to avoid this situation or the user's choice
will be silently subverted.

Note that we can't actually encounter loader.secure=no in this
function at the moment because of earlier checks, but that's
going to change soon.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---

diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
index 6dca8fab5f..1b0f4bc299 100644
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@@ -1196,6 +1196,11 @@ qemuFirmwareMatchDomain(const virDomainDef *def,
                       "but firmware '%s' requires it to be enabled", path);
             return false;
         }
+        if (loader && loader->secure == VIR_TRISTATE_BOOL_NO) {
+            VIR_DEBUG("Domain doesn't restrict pflash programming to SMM, "
+                      "but firmware '%s' requires use of SMM", path);
+            return false;
+        }
     } else {
         if (loader && loader->secure == VIR_TRISTATE_BOOL_YES) {
             VIR_DEBUG("Domain restricts pflash programming to SMM, "