Skip to content

Commit

Permalink
Disable uefi secure boot for further discussion
Browse files Browse the repository at this point in the history 
Signed-off-by: David Vossel <[email protected]>
  • Loading branch information
@davidvossel
davidvossel committed Jan 30, 2019
1 parent 923fbba commit c0c8daf
Show file tree
Hide file tree
Showing 8 changed files with 9 additions and 79 deletions.
8 changes: 1 addition & 7 deletions api/openapi-spec/swagger.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4370,13 +4370,7 @@
}
},
"v1.EFI": {
"description": "If set, EFI will be used instead of BIOS.",
"properties": {
"secure": {
"description": "Some firmwares implements the Secure boot feature\n+optional",
"type": "boolean"
}
}
"description": "If set, EFI will be used instead of BIOS."
},
"v1.EmptyDiskSource": {
"description": "EmptyDisk represents a temporary disk which shares the vmis lifecycle.",
Expand Down
10 changes: 1 addition & 9 deletions pkg/api/v1/openapi_generated.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 0 additions & 3 deletions pkg/api/v1/schema.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,9 +161,6 @@ type BIOS struct {
// ---
// +k8s:openapi-gen=true
type EFI struct {
// Some firmwares implements the Secure boot feature
// +optional
Secure bool `json:"secure,omitempty"`
}

// ---
Expand Down
3 changes: 1 addition & 2 deletions pkg/api/v1/schema_swagger_generated.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 2 additions & 10 deletions pkg/virt-launcher/virtwrap/api/converter.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,6 @@ const (
CPUModeHostModel = "host-model"
defaultIOThread = uint(1)
EFIPath = "/usr/share/OVMF/OVMF_CODE.fd"
EFISecurePath = "/usr/share/OVMF/OVMF_CODE.secboot.fd"
EFIVarsPath = "/usr/share/OVMF/OVMF_VARS.fd"
)

Expand Down Expand Up @@ -607,17 +606,10 @@ func Convert_v1_VirtualMachine_To_api_Domain(vmi *v1.VirtualMachineInstance, dom

if vmi.Spec.Domain.Firmware.Bootloader != nil && vmi.Spec.Domain.Firmware.Bootloader.EFI != nil {

var efi string

if vmi.Spec.Domain.Firmware.Bootloader.EFI.Secure {
efi = EFISecurePath
} else {
efi = EFIPath
}
domain.Spec.OS.BootLoader = &Loader{
Path: efi,
Path: EFIPath,
ReadOnly: "yes",
Secure: boolToYesNo(&vmi.Spec.Domain.Firmware.Bootloader.EFI.Secure, false),
Secure: "no",
Type: "pflash",
}

Expand Down
23 changes: 1 addition & 22 deletions pkg/virt-launcher/virtwrap/api/converter_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1577,37 +1577,16 @@ var _ = Describe("Converter", func() {

vmi.Spec.Domain.Firmware = &v1.Firmware{
Bootloader: &v1.Bootloader{
EFI: &v1.EFI{
Secure: false,
},
EFI: &v1.EFI{},
},
}
domainSpec := vmiToDomainXMLToDomainSpec(vmi, c)
Expect(domainSpec.OS.BootLoader.ReadOnly).To(Equal("yes"))
Expect(domainSpec.OS.BootLoader.Secure).To(Equal("no"))
Expect(domainSpec.OS.BootLoader.Type).To(Equal("pflash"))
Expect(domainSpec.OS.BootLoader.Path).To(Equal(EFIPath))
Expect(domainSpec.OS.NVRam.Template).To(Equal(EFIVarsPath))
Expect(domainSpec.OS.NVRam.NVRam).To(Equal("/tmp/mynamespace_testvmi"))
})

It("should configure the EFI bootloader if EFI secure option", func() {

vmi.Spec.Domain.Firmware = &v1.Firmware{
Bootloader: &v1.Bootloader{
EFI: &v1.EFI{
Secure: true,
},
},
}
domainSpec := vmiToDomainXMLToDomainSpec(vmi, c)
Expect(domainSpec.OS.BootLoader.ReadOnly).To(Equal("yes"))
Expect(domainSpec.OS.BootLoader.Secure).To(Equal("yes"))
Expect(domainSpec.OS.BootLoader.Type).To(Equal("pflash"))
Expect(domainSpec.OS.BootLoader.Path).To(Equal(EFISecurePath))
Expect(domainSpec.OS.NVRam.Template).To(Equal(EFIVarsPath))
Expect(domainSpec.OS.NVRam.NVRam).To(Equal("/tmp/mynamespace_testvmi"))
})
})
})
})
Expand Down
11 changes: 2 additions & 9 deletions tests/utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1304,23 +1304,16 @@ func NewRandomVMIWithEphemeralDiskAndUserdataHighMemory(containerImage string, u
return vmi
}

func NewRandomVMIWithEFIBootloader(s bool) *v1.VirtualMachineInstance {
func NewRandomVMIWithEFIBootloader() *v1.VirtualMachineInstance {
vmi := NewRandomVMIWithEphemeralDiskHighMemory(ContainerDiskFor(ContainerDiskAlpine))

// EFI needs more memory than other images
vmi.Spec.Domain.Resources.Requests[k8sv1.ResourceMemory] = resource.MustParse("1Gi")
vmi.Spec.Domain.Firmware = &v1.Firmware{
Bootloader: &v1.Bootloader{
EFI: &v1.EFI{
Secure: s,
},
EFI: &v1.EFI{},
},
}
if s {
vmi.Spec.Domain.Features = &v1.Features{
SMM: &v1.FeatureState{},
}
}

return vmi

Expand Down
18 changes: 1 addition & 17 deletions tests/vmi_configuration_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -310,7 +310,7 @@ var _ = Describe("Configurations", func() {
Context("with EFI bootloader method", func() {

It("should use EFI", func() {
vmi := tests.NewRandomVMIWithEFIBootloader(false)
vmi := tests.NewRandomVMIWithEFIBootloader()

By("Starting a VirtualMachineInstance")
vmi, err = virtClient.VirtualMachineInstance(tests.NamespaceTestDefault).Create(vmi)
Expand All @@ -322,22 +322,6 @@ var _ = Describe("Configurations", func() {
Expect(err).ToNot(HaveOccurred())
Expect(domXml).To(ContainSubstring("OVMF_CODE"))
})

It("should use EFI with Secureboot", func() {
vmi := tests.NewRandomVMIWithEFIBootloader(true)

By("Starting a VirtualMachineInstance")
vmi, err = virtClient.VirtualMachineInstance(tests.NamespaceTestDefault).Create(vmi)
Expect(err).ToNot(HaveOccurred())
tests.WaitUntilVMIReady(vmi, tests.LoggedInAlpineExpecter)

By("Checking if UEFI with Secureboot is enabled")
domXml, err := tests.GetRunningVirtualMachineInstanceDomainXML(virtClient, vmi)
Expect(err).ToNot(HaveOccurred())
Expect(domXml).To(ContainSubstring("OVMF_CODE.secboot"))
Expect(domXml).To(ContainSubstring("smm"))
})

})

Context("with diverging guest memory from requested memory", func() {
Expand Down

0 comments on commit c0c8daf

Please sign in to comment.