In preparation to only call that helper during VM start. See the following commit "vm start: ovmf: do not auto-enroll Microsoft UEFI CA 2023" for details.
Signed-off-by: Fiona Ebner <[email protected]> --- src/PVE/QemuServer/OVMF.pm | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/PVE/QemuServer/OVMF.pm b/src/PVE/QemuServer/OVMF.pm index 409ad022..e5f4cf02 100644 --- a/src/PVE/QemuServer/OVMF.pm +++ b/src/PVE/QemuServer/OVMF.pm @@ -278,13 +278,23 @@ sub print_ovmf_commandline { return ($cmd, $machine_flags); } -sub ensure_ms_2023_cert_enrolled { - my ($storecfg, $vmid, $efidisk_str) = @_; +sub should_enroll_ms_2023_cert { + my ($efidisk_str) = @_; my $efidisk = parse_drive('efidisk0', $efidisk_str); return if !$efidisk->{'pre-enrolled-keys'}; return if $efidisk->{'ms-cert'} && $efidisk->{'ms-cert'} eq '2023'; + return 1; +} + +sub ensure_ms_2023_cert_enrolled { + my ($storecfg, $vmid, $efidisk_str) = @_; + + return if !should_enroll_ms_2023_cert($efidisk_str); + + my $efidisk = parse_drive('efidisk0', $efidisk_str); + print "efidisk0: enrolling Microsoft UEFI CA 2023\n"; my $qsd_id = "vm-$vmid-efi-enroll"; -- 2.47.3 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
