virt-manager-4.1.0-4.el9
- virt-install: Recommend '--boot uefi' (rhbz#2112154) - virt-install: Document Secure Boot setups (rhbz#2112154) Resolves: rhbz#2112154
This commit is contained in:
Jonathon Jongsma
parent
d1e6dc602b
commit
2999945eb8
62
virt-manager-virt-install-Document-Secure-Boot-setups.patch
Normal file
62
virt-manager-virt-install-Document-Secure-Boot-setups.patch
Normal file
@ -0,0 +1,62 @@
|
||||
From f44c6ec970413843214f52d5523ee8cf277b0150 Mon Sep 17 00:00:00 2001
|
||||
From: Andrea Bolognani <abologna@redhat.com>
|
||||
Date: Mon, 12 Dec 2022 19:38:22 +0100
|
||||
Subject: [PATCH] virt-install: Document Secure Boot setups
|
||||
|
||||
Provide ready to use recipes for explicitly enabling and
|
||||
explicitly disabling Secure Boot, as well as a pointer to
|
||||
the more extensive information found on the libvirt website.
|
||||
|
||||
Setting loader_secure=yes is only one part of a proper Secure
|
||||
Boot setup, so stop documenting it in the section about manual
|
||||
firmware selection to avoid confusion.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=2112154
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=2149971
|
||||
|
||||
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
|
||||
(cherry picked from commit 33ff193ee9fcfdb74f95d946a1b93239a1a12a61)
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2112154
|
||||
|
||||
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
|
||||
---
|
||||
man/virt-install.rst | 17 +++++++++++++++--
|
||||
1 file changed, 15 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/man/virt-install.rst b/man/virt-install.rst
|
||||
index 684f22655..a0df73280 100644
|
||||
--- a/man/virt-install.rst
|
||||
+++ b/man/virt-install.rst
|
||||
@@ -957,13 +957,26 @@ Some examples:
|
||||
via domcapabilities XML, so this will likely only work if using properly
|
||||
configured distro packages. This is the recommended UEFI setup.
|
||||
|
||||
+``--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=yes,firmware.feature1.name=enrolled-keys,firmware.feature1.enabled=yes``
|
||||
+ Configure the VM to boot from UEFI with Secure Boot support enabled.
|
||||
+ Only signed operating systems will be able to boot with this configuration.
|
||||
+
|
||||
+``--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no``
|
||||
+ Configure the VM to boot from UEFI with Secure Boot support disabled.
|
||||
+ This configuration allows both signed and unsigned operating systems to
|
||||
+ run.
|
||||
+
|
||||
+ Additional information about the ``secure-boot`` and
|
||||
+ ``enrolled-keys`` firmware features and how they can be used to
|
||||
+ influence firmware selection is available at
|
||||
+ https://libvirt.org/kbase/secureboot.html
|
||||
+
|
||||
``--boot loader=/.../OVMF_CODE.fd,loader.readonly=yes,loader.type=pflash,nvram.template=/.../OVMF_VARS.fd,loader_secure=no``
|
||||
Specify that the virtual machine use the custom OVMF binary as boot firmware,
|
||||
mapped as a virtual flash chip. In addition, request that libvirt instantiate
|
||||
the VM-specific UEFI varstore from the custom "/.../OVMF_VARS.fd" varstore
|
||||
template. This setup is not recommended, and should only be used if
|
||||
- --boot uefi doesn't know about your UEFI binaries. If your UEFI firmware
|
||||
- supports Secure boot feature you can enable it via loader_secure.
|
||||
+ --boot uefi doesn't know about your UEFI binaries.
|
||||
|
||||
Use --boot=? to see a list of all available sub options.
|
||||
Complete details at https://libvirt.org/formatdomain.html#elementsOS
|
||||
--
|
||||
2.39.1
|
||||
|
||||
42
virt-manager-virt-install-Recommend-boot-uefi.patch
Normal file
42
virt-manager-virt-install-Recommend-boot-uefi.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From 19b683f075d11b920552990d16b9a7a82eed12e3 Mon Sep 17 00:00:00 2001
|
||||
From: Andrea Bolognani <abologna@redhat.com>
|
||||
Date: Mon, 12 Dec 2022 19:32:32 +0100
|
||||
Subject: [PATCH] virt-install: Recommend '--boot uefi'
|
||||
|
||||
Firmware autoselection is the way to go in most cases, so
|
||||
recommend that instead of telling users that they should provide
|
||||
all information manually.
|
||||
|
||||
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
|
||||
(cherry picked from commit f2b5aaf458764ec7ecf105038e5f2f7cc26b6c17)
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2112154
|
||||
|
||||
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
|
||||
---
|
||||
man/virt-install.rst | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/man/virt-install.rst b/man/virt-install.rst
|
||||
index 3a6e8dcd2..684f22655 100644
|
||||
--- a/man/virt-install.rst
|
||||
+++ b/man/virt-install.rst
|
||||
@@ -955,13 +955,13 @@ Some examples:
|
||||
Configure the VM to boot from UEFI. In order for virt-install to know the
|
||||
correct UEFI parameters, libvirt needs to be advertising known UEFI binaries
|
||||
via domcapabilities XML, so this will likely only work if using properly
|
||||
- configured distro packages.
|
||||
+ configured distro packages. This is the recommended UEFI setup.
|
||||
|
||||
``--boot loader=/.../OVMF_CODE.fd,loader.readonly=yes,loader.type=pflash,nvram.template=/.../OVMF_VARS.fd,loader_secure=no``
|
||||
Specify that the virtual machine use the custom OVMF binary as boot firmware,
|
||||
mapped as a virtual flash chip. In addition, request that libvirt instantiate
|
||||
the VM-specific UEFI varstore from the custom "/.../OVMF_VARS.fd" varstore
|
||||
- template. This is the recommended UEFI setup, and should be used if
|
||||
+ template. This setup is not recommended, and should only be used if
|
||||
--boot uefi doesn't know about your UEFI binaries. If your UEFI firmware
|
||||
supports Secure boot feature you can enable it via loader_secure.
|
||||
|
||||
--
|
||||
2.39.1
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
|
||||
Name: virt-manager
|
||||
Version: 4.1.0
|
||||
Release: 3%{?dist}%{?extra_release}
|
||||
Release: 4%{?dist}%{?extra_release}
|
||||
%global verrel %{version}-%{release}
|
||||
|
||||
Summary: Desktop tool for managing virtual machines via libvirt
|
||||
@ -23,6 +23,8 @@ Patch2: virt-manager-virtinstall-fix-regression-with-boot-and-no-install-method.
|
||||
Patch3: virt-manager-progress-Fix-showing-correct-final-total.patch
|
||||
Patch4: virt-manager-virtinstall-Fix-the-allocating-disk-size-printed-by-the-progress-bar.patch
|
||||
Patch5: virt-manager-virtinstall-Hide-total_size-in-the-progress-bar-if-it-doesn-t-need.patch
|
||||
Patch6: virt-manager-virt-install-Recommend-boot-uefi.patch
|
||||
Patch7: virt-manager-virt-install-Document-Secure-Boot-setups.patch
|
||||
|
||||
|
||||
Requires: virt-manager-common = %{verrel}
|
||||
@ -188,6 +190,10 @@ git config gc.auto 0
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Feb 14 2023 Jonathon Jongsma <jjongsma@redhat.com> - 4.1.0-4
|
||||
- virt-install: Recommend '--boot uefi' (rhbz#2112154)
|
||||
- virt-install: Document Secure Boot setups (rhbz#2112154)
|
||||
|
||||
* Wed Feb 1 2023 Jonathon Jongsma <jjongsma@redhat.com> - 4.1.0-3
|
||||
- progress: Fix showing correct final total (rhbz#2156247)
|
||||
- virtinstall: Fix the allocating disk size printed by the progress bar (rhbz#2156247)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user