Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #37566 - Add UEFI Secure Boot Firmware to Libvirt #10321

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Fixes #37566 - Add UEFI Secure Boot Firmware to Libvirt #10321

wants to merge 2 commits into from

Conversation

nofaralfasi
Copy link
Contributor

Requires:

This PR includes two commits:

  1. Add firmware selection option for Libvirt VM creation.
  2. Introduce a new firmware type for Secure Boot support.

When creating a new host in Foreman, after selecting Libvirt as the compute resource, a new option to select the VM's firmware will appear under the Virtual Machine tab. See the screenshot below for a demonstration:

image

Notes:

  1. For machines created through Foreman, enrolled-keys are enabled by default when Secure Boot is activated.
  2. For existing VMs, Secure Boot status is determined by the loader secure='yes' setting.

For more details: community post.

@nofaralfasi nofaralfasi requested a review from a team as a code owner September 15, 2024 10:46
This was referenced Sep 15, 2024
Closed
Open
@nofaralfasi
Copy link
Contributor Author

Failing tests should be fixed automatically after fog/fog-libvirt#155 is merged.

This was referenced Sep 15, 2024
Closed
Open
@nofaralfasi
Fixes #37566 - Add UEFI Secure Boot Firmware to Libvirt
d209e92 
- Added a new firmware type for Secure Boot.
- Enable `enrolled-keys` by default when Secure Boot is activated.
- Added firmware-related methods to the ComputeResource model
  for shared use between VMware and Libvirt.
@nofaralfasi
Copy link
Contributor Author

As noted in my comment on the VMware-related PR #10324 (comment), the same issue occurs with Libvirt. The Automatic firmware selection is not functioning correctly on the compute_attributes form.

adamruzicka
adamruzicka reviewed Sep 18, 2024
View reviewed changes
app/models/compute_resources/foreman/model/libvirt.rb
:port => '-1' }
:port => '-1' },
:firmware => 'automatic',
:firmware_features => { "secure-boot" => "no" }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason for having strings as keys in the inner hash?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, the reason for using strings as keys here is that Libvirt expects these values in this format and converts them to XML accordingly. You can see this conversion in the Libvirt code here. For more details, refer to the related PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamruzicka adamruzicka adamruzicka left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Waiting on contributor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nofaralfasi @adamruzicka