Re: [PATCH] qemu: don't warn about missing SMM for CVM firmware

Andrea Bolognani via Devel Tue, 12 Aug 2025 01:07:27 -0700

On Thu, Jul 31, 2025 at 07:33:21PM +0100, Daniel P. Berrangé via Devel wrote:
> +++ b/src/qemu/qemu_firmware.c
> @@ -1540,6 +1540,7 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
>      bool requiresSMM = false;
>      bool supportsSecureBoot = false;
>      bool hasEnrolledKeys = false;
> +    bool cvm = false;


Maybe isConfidential instead, to follow the existing convention and
be a little more descriptive?

> @@ -1566,7 +1569,8 @@ qemuFirmwareSanityCheck(const qemuFirmware *fw,
>          }
>      }
>
> -    if ((supportsSecureBoot != requiresSMM) ||
> +    if ((!cvm &&
> +         (supportsSecureBoot != requiresSMM)) ||
>          (hasEnrolledKeys && !supportsSecureBoot)) {
>          VIR_WARN("Firmware description '%s' has invalid set of features: "
>                   "%s = %d, %s = %d, %s = %d",

This could use a short comment explaining why firmware intended for
CVM doesn't need SSM for Secure Boot.

Regardless of whether you want to act on any of the above
suggestions, the change makes sense so

  Reviewed-by: Andrea Bolognani <abolo...@redhat.com>

-- 
Andrea Bolognani / Red Hat / Virtualization

Re: [PATCH] qemu: don't warn about missing SMM for CVM firmware

Reply via email to