virt-manager-4.1.0-4.el9

- virt-install: Recommend '--boot uefi' (rhbz#2112154) - virt-install: Document Secure Boot setups (rhbz#2112154) Resolves: rhbz#2112154
2023-02-14 13:41:41 -06:00 · 2023-02-14 13:41:41 -06:00 · 2999945eb8
parent d1e6dc602b
commit 2999945eb8
3 changed files with 111 additions and 1 deletions
--- a/virt-manager-virt-install-Document-Secure-Boot-setups.patch
+++ b/virt-manager-virt-install-Document-Secure-Boot-setups.patch
@ -0,0 +1,62 @@
+From f44c6ec970413843214f52d5523ee8cf277b0150 Mon Sep 17 00:00:00 2001
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 12 Dec 2022 19:38:22 +0100
+Subject: [PATCH] virt-install: Document Secure Boot setups
+
+Provide ready to use recipes for explicitly enabling and
+explicitly disabling Secure Boot, as well as a pointer to
+the more extensive information found on the libvirt website.
+
+Setting loader_secure=yes is only one part of a proper Secure
+Boot setup, so stop documenting it in the section about manual
+firmware selection to avoid confusion.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2112154
+https://bugzilla.redhat.com/show_bug.cgi?id=2149971
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+(cherry picked from commit 33ff193ee9fcfdb74f95d946a1b93239a1a12a61)
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2112154
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+---
+ man/virt-install.rst | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/man/virt-install.rst b/man/virt-install.rst
+index 684f22655..a0df73280 100644
+--- a/man/virt-install.rst
+++ b/man/virt-install.rst
+@@ -957,13 +957,26 @@ Some examples:
+     via domcapabilities XML, so this will likely only work if using properly
+     configured distro packages. This is the recommended UEFI setup.
+ 
+``--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=yes,firmware.feature1.name=enrolled-keys,firmware.feature1.enabled=yes``
+    Configure the VM to boot from UEFI with Secure Boot support enabled.
+    Only signed operating systems will be able to boot with this configuration.
+
+``--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no``
+    Configure the VM to boot from UEFI with Secure Boot support disabled.
+    This configuration allows both signed and unsigned operating systems to
+    run.
+
+    Additional information about the ``secure-boot`` and
+    ``enrolled-keys`` firmware features and how they can be used to
+    influence firmware selection is available at
+    https://libvirt.org/kbase/secureboot.html
+
+ ``--boot loader=/.../OVMF_CODE.fd,loader.readonly=yes,loader.type=pflash,nvram.template=/.../OVMF_VARS.fd,loader_secure=no``
+     Specify that the virtual machine use the custom OVMF binary as boot firmware,
+     mapped as a virtual flash chip. In addition, request that libvirt instantiate
+     the VM-specific UEFI varstore from the custom "/.../OVMF_VARS.fd" varstore
+     template. This setup is not recommended, and should only be used if
+-    --boot uefi doesn't know about your UEFI binaries. If your UEFI firmware
+-    supports Secure boot feature you can enable it via loader_secure.
+    --boot uefi doesn't know about your UEFI binaries.
+ 
+ Use --boot=? to see a list of all available sub options.
+ Complete details at https://libvirt.org/formatdomain.html#elementsOS
+-- 
+2.39.1
+
--- a/virt-manager-virt-install-Recommend-boot-uefi.patch
+++ b/virt-manager-virt-install-Recommend-boot-uefi.patch
@ -0,0 +1,42 @@
+From 19b683f075d11b920552990d16b9a7a82eed12e3 Mon Sep 17 00:00:00 2001
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Mon, 12 Dec 2022 19:32:32 +0100
+Subject: [PATCH] virt-install: Recommend '--boot uefi'
+
+Firmware autoselection is the way to go in most cases, so
+recommend that instead of telling users that they should provide
+all information manually.
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+(cherry picked from commit f2b5aaf458764ec7ecf105038e5f2f7cc26b6c17)
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2112154
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+---
+ man/virt-install.rst | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/man/virt-install.rst b/man/virt-install.rst
+index 3a6e8dcd2..684f22655 100644
+--- a/man/virt-install.rst
+++ b/man/virt-install.rst
+@@ -955,13 +955,13 @@ Some examples:
+     Configure the VM to boot from UEFI. In order for virt-install to know the
+     correct UEFI parameters, libvirt needs to be advertising known UEFI binaries
+     via domcapabilities XML, so this will likely only work if using properly
+-    configured distro packages.
+    configured distro packages. This is the recommended UEFI setup.
+ 
+ ``--boot loader=/.../OVMF_CODE.fd,loader.readonly=yes,loader.type=pflash,nvram.template=/.../OVMF_VARS.fd,loader_secure=no``
+     Specify that the virtual machine use the custom OVMF binary as boot firmware,
+     mapped as a virtual flash chip. In addition, request that libvirt instantiate
+     the VM-specific UEFI varstore from the custom "/.../OVMF_VARS.fd" varstore
+-    template. This is the recommended UEFI setup, and should be used if
+    template. This setup is not recommended, and should only be used if
+     --boot uefi doesn't know about your UEFI binaries. If your UEFI firmware
+     supports Secure boot feature you can enable it via loader_secure.
+ 
+-- 
+2.39.1
+
--- a/virt-manager.spec
+++ b/virt-manager.spec
@ -8,7 +8,7 @@

 Name: virt-manager
 Version: 4.1.0
-Release: 3%{?dist}%{?extra_release}
+Release: 4%{?dist}%{?extra_release}
 %global verrel %{version}-%{release}

 Summary: Desktop tool for managing virtual machines via libvirt
@ -23,6 +23,8 @@ Patch2: virt-manager-virtinstall-fix-regression-with-boot-and-no-install-method.
 Patch3: virt-manager-progress-Fix-showing-correct-final-total.patch
 Patch4: virt-manager-virtinstall-Fix-the-allocating-disk-size-printed-by-the-progress-bar.patch
 Patch5: virt-manager-virtinstall-Hide-total_size-in-the-progress-bar-if-it-doesn-t-need.patch
+Patch6: virt-manager-virt-install-Recommend-boot-uefi.patch
+Patch7: virt-manager-virt-install-Document-Secure-Boot-setups.patch


 Requires: virt-manager-common = %{verrel}
@ -188,6 +190,10 @@ git config gc.auto 0


 %changelog
+* Tue Feb 14 2023 Jonathon Jongsma <jjongsma@redhat.com> - 4.1.0-4
+- virt-install: Recommend '--boot uefi' (rhbz#2112154)
+- virt-install: Document Secure Boot setups (rhbz#2112154)
+
 * Wed Feb  1 2023 Jonathon Jongsma <jjongsma@redhat.com> - 4.1.0-3
 - progress: Fix showing correct final total (rhbz#2156247)
 - virtinstall: Fix the allocating disk size printed by the progress bar (rhbz#2156247)