Re: [Qemu-devel] [qemu RFC v2] qapi: add "firmware.json"

[Gerd Hoffmann]

On Wed, Apr 18, 2018 at 12:40:54AM +0200, Laszlo Ersek wrote:
> Add a schema that describes the different uses and properties of virtual
> machine firmware.

Looks good to me overall.

> +{ 'enum' : 'FirmwareType',
> +  'data' : [ 'bios', 'slof', 'uboot', 'uefi' ] }

openbios missing.

> +{ 'enum' : 'FirmwareArchitecture',
> +  'data' : [ 'aarch64', 'arm', 'i386', 'x86_64' ] }

ppc(64) missing (but you have slof above ;) ...
s390 too.

> +# @machines: Lists the machine types (known by the emulator that is specified
> +#            through @architecture) that can execute the firmware. Elements 
> of
> +#            @machines are not supposed to be versioned; if a machine type is
> +#            versioned in QEMU (e.g. "pc-i440fx-2.12"), then its unversioned
> +#            variant, which typically refers to the latest version (e.g. 
> "pc"),
> +#            should be listed in @machines. On the QEMU command line, 
> "-machine
> +#            type=..." specifies the requested machine type.

Hmm, I'd tend to ignore the aliases here (pc, q35, virt) and use
wildcards instead (pc-i440fx-*, pc-q35-*, virt-*).

I think that will be easier for libvirt to work with because it always
resolves aliases to actual machine types when storing them in the domain
xml.

> +# @secure-boot: The firmware implements the software interfaces for UEFI 
> Secure
> +#               Boot, as defined in the UEFI specification. Note that without
> +#               @requires-smm, guest code running with kernel privileges can
> +#               undermine the security of Secure Boot.
> +#
> +# @secure-boot-enrolled-keys: The variable store (NVRAM) template associated

I think "enrolled-keys" should better be a separate feature.

cheers,
  Gerd