From: Jim Fehlig <jfehlig@suse.com>
Date: Wed, 2 Jun 2021 20:39:43 +0000 (-0600)
Subject: libxl: Forbid domain definition with secure boot enabled
X-Git-Tag: v7.5.0-rc1~182
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7c5507df103db4a8c9393b4199336eba37611aa9;p=thirdparty%2Flibvirt.git

libxl: Forbid domain definition with secure boot enabled

Xen+ovmf does not support secure boot. Fail domain def validation
if secure boot is enabled.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---

diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index 9630f12568..14d000511a 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -446,6 +446,16 @@ libxlDomainDefValidate(const virDomainDef *def,
                                         def->virtType))
         return -1;
 
+    /* Xen+ovmf does not support secure boot */
+    if (virDomainDefHasOldStyleUEFI(def)) {
+        if (def->os.loader &&
+            def->os.loader->secure == VIR_TRISTATE_BOOL_YES) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("Secure boot is not supported on Xen"));
+            return -1;
+        }
+    }
+
     return 0;
 }