Re: [PATCH] qemu: don't warn about missing SMM for CVM firmware

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jul 31, 2025 at 07:33:21PM +0100, Daniel P. Berrangé via Devel wrote:
> +++ b/src/qemu/qemu_firmware.c
> @@ -1540,6 +1540,7 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
>      bool requiresSMM = false;
>      bool supportsSecureBoot = false;
>      bool hasEnrolledKeys = false;
> +    bool cvm = false;

Maybe isConfidential instead, to follow the existing convention and
be a little more descriptive?

> @@ -1566,7 +1569,8 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
>          }
>      }
>
> -    if ((supportsSecureBoot != requiresSMM) ||
> +    if ((!cvm &&
> +         (supportsSecureBoot != requiresSMM)) ||
>          (hasEnrolledKeys && !supportsSecureBoot)) {
>          VIR_WARN("Firmware description '%s' has invalid set of features: "
>                   "%s = %d, %s = %d, %s = %d",

This could use a short comment explaining why firmware intended for
CVM doesn't need SSM for Secure Boot.

Regardless of whether you want to act on any of the above
suggestions, the change makes sense so

  Reviewed-by: Andrea Bolognani <abologna@xxxxxxxxxx>

-- 
Andrea Bolognani / Red Hat / Virtualization




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux