We’re currently working on implementing Secure Boot support for Libvirt in Foreman (the PR is currently in progress), and we’d like to hear from the community about how you’re currently using Secure Boot with Libvirt.
Our proposed solution involves adding a firmware selection option within Foreman, which would include BIOS, UEFI, and UEFI Secure Boot. If UEFI Secure Boot is selected, we plan to pass the following configurations as outlined in the Libvirt documentation:
loader secure='yes'secure-boot='yes'enrolled-keys='yes'
After the VM is created, we would rely on the loader secure='yes' setting to determine whether Secure Boot is enabled. Although this isn’t a mandatory field, based on Libvirt’s documentation, the secure option is always set to yes when Secure Boot is enabled.
We would appreciate your insights on:
- How are you currently using Secure Boot with Libvirt?
- Are there any specific configurations or challenges you’ve encountered?
- Does our proposed approach align with your needs and expectations?
Thank you in advance for your input!
