)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"5298159251bcc705563d0bd81799311ca9ec2181","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"a22b3857_33187f1f","updated":"2026-01-16 17:23:59.000000000","message":"Just a question","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"0ca09ffa700d9f92b5e61aa53e0354f697aa8e5e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"97eaab39_401e3f98","updated":"2026-01-13 16:41:52.000000000","message":"it took me a few cycles to verify the libvirt documentation and the spec but I think I\u0027m OK.","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"0aeed443379329a81d84ef0148ab184c98b13fe0","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"86c85f85_959bfc73","updated":"2026-01-19 02:29:28.000000000","message":"recheck let\u0027s see if the failure in -next job appears consistently.","commit_id":"a8778cd3e645bfc32ff219ce34a53c63aea15d12"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"e119ab299a820c19abbc259127542bb5eddf4c7d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"c838b689_37702f6d","updated":"2026-02-02 15:05:01.000000000","message":"This patch looks good to me, btw it is already Workflow +1.","commit_id":"5d3ba1b9eda569e3cc834235171d444b84bdcb2c"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"c6bfe8acea417643d36f2492f0669553461ae199","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"40ff919d_8d4ab424","updated":"2026-01-27 06:34:21.000000000","message":"recheck","commit_id":"5d3ba1b9eda569e3cc834235171d444b84bdcb2c"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"8c0d6f186c624304b8f1e4a4e88633c06387e088","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"14d5e7b5_7307c3db","updated":"2026-01-27 15:37:15.000000000","message":"recheck nova-next passed once ...","commit_id":"5d3ba1b9eda569e3cc834235171d444b84bdcb2c"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"bdd43cdabec0e48a955d99b2378cd4a5d26c2ef0","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"5828d341_6b1d723c","updated":"2026-02-05 23:42:02.000000000","message":"recheck a different job failed this time ...","commit_id":"1a8247afe3976cbff9706f921ffe18987a0c9a51"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"43067ce19734dcfc2166093b6ac6cab720e7382d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"29696cee_7aaff7f2","updated":"2026-02-05 15:08:27.000000000","message":"recheck is that tempest error seen consistently ?","commit_id":"1a8247afe3976cbff9706f921ffe18987a0c9a51"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"dbbdd0ce277b6c52c702c474848081431654af37","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"0ab78810_b722392e","updated":"2026-02-05 12:40:23.000000000","message":"recheck post failure","commit_id":"1a8247afe3976cbff9706f921ffe18987a0c9a51"}],"nova/tests/unit/virt/libvirt/test_config.py":[{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"0ca09ffa700d9f92b5e61aa53e0354f697aa8e5e","unresolved":true,"context_lines":[{"line_number":2869,"context_line":"        obj.os_mach_type \u003d \"pc-q35-5.1\""},{"line_number":2870,"context_line":"        obj.os_loader_secure \u003d secure"},{"line_number":2871,"context_line":"        obj.os_loader_stateless \u003d stateless"},{"line_number":2872,"context_line":""},{"line_number":2873,"context_line":"        return obj.to_xml()"},{"line_number":2874,"context_line":""},{"line_number":2875,"context_line":"    def test_config_uefi_autoconfigure(self):"}],"source_content_type":"text/x-python","patch_set":6,"id":"0b12c6b2_51715db8","line":2872,"updated":"2026-01-13 16:41:52.000000000","message":"sounds unnecessary to me.","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b314ffc2c8384789b5f85c0a6879e48ca0f7878e","unresolved":true,"context_lines":[{"line_number":2869,"context_line":"        obj.os_mach_type \u003d \"pc-q35-5.1\""},{"line_number":2870,"context_line":"        obj.os_loader_secure \u003d secure"},{"line_number":2871,"context_line":"        obj.os_loader_stateless \u003d stateless"},{"line_number":2872,"context_line":""},{"line_number":2873,"context_line":"        return obj.to_xml()"},{"line_number":2874,"context_line":""},{"line_number":2875,"context_line":"    def test_config_uefi_autoconfigure(self):"}],"source_content_type":"text/x-python","patch_set":6,"id":"94476969_03302e0b","line":2872,"in_reply_to":"0b12c6b2_51715db8","updated":"2026-01-13 16:56:56.000000000","message":"Oh, yes. I\u0027ll drop it when I update this (if that is considered to be trivial)","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"013c9fff8401a80171ffd10fcfe04f85618c6534","unresolved":false,"context_lines":[{"line_number":2869,"context_line":"        obj.os_mach_type \u003d \"pc-q35-5.1\""},{"line_number":2870,"context_line":"        obj.os_loader_secure \u003d secure"},{"line_number":2871,"context_line":"        obj.os_loader_stateless \u003d stateless"},{"line_number":2872,"context_line":""},{"line_number":2873,"context_line":"        return obj.to_xml()"},{"line_number":2874,"context_line":""},{"line_number":2875,"context_line":"    def test_config_uefi_autoconfigure(self):"}],"source_content_type":"text/x-python","patch_set":6,"id":"065c3cf7_f7109b86","line":2872,"in_reply_to":"94476969_03302e0b","updated":"2026-01-13 17:22:22.000000000","message":"nope, not needed, no worries or you would need to rebase the whole series and then run the jobs again","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"0ca09ffa700d9f92b5e61aa53e0354f697aa8e5e","unresolved":true,"context_lines":[{"line_number":2888,"context_line":"                  \u003cfeature enabled\u003d\u0027no\u0027 name\u003d\u0027secure-boot\u0027/\u003e"},{"line_number":2889,"context_line":"                \u003c/firmware\u003e"},{"line_number":2890,"context_line":"                \u003ctype machine\u003d\"pc-q35-5.1\"\u003ehvm\u003c/type\u003e"},{"line_number":2891,"context_line":"                \u003cloader secure\u003d\"no\"/\u003e"},{"line_number":2892,"context_line":"              \u003c/os\u003e"},{"line_number":2893,"context_line":"            \u003c/domain\u003e\"\"\","},{"line_number":2894,"context_line":"        )"}],"source_content_type":"text/x-python","patch_set":6,"id":"0d8b9c71_4487c046","line":2891,"updated":"2026-01-13 16:41:52.000000000","message":"any reason why we keep the loader element if we now have the firmware element ?\nPer https://libvirt.org/formatdomain.html#operating-system-booting I do see it optional if we already have firmware element.\n\nI also looked at the spec [1] and I see you\u0027ll detect the legacy behaviour by looking at the loader but why do we need to continue to use this element ?\n\n[1] https://review.opendev.org/c/openstack/nova-specs/+/966584/8/specs/2026.1/approved/libvirt-firmware-auto-selection.rst\n\n\nLATER : Oh, in the spec, you mention the stateless case with \n        \u003cloader secure\u003d\u0027no\u0027 stateless\u003d\u0027yes\u0027/\u003e\n        \u003cfirmware\u003e\n          \u003cfeature enabled\u003d\u0027no\u0027 name\u003d\u0027secure-boot\u0027/\u003e\n        \u003c/firmware\u003e\n        \nso I guess that\u0027s why we need to keep that element.","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"ef565cc8c7dbbc52d96ccb5e8ab94a12b650e994","unresolved":true,"context_lines":[{"line_number":2888,"context_line":"                  \u003cfeature enabled\u003d\u0027no\u0027 name\u003d\u0027secure-boot\u0027/\u003e"},{"line_number":2889,"context_line":"                \u003c/firmware\u003e"},{"line_number":2890,"context_line":"                \u003ctype machine\u003d\"pc-q35-5.1\"\u003ehvm\u003c/type\u003e"},{"line_number":2891,"context_line":"                \u003cloader secure\u003d\"no\"/\u003e"},{"line_number":2892,"context_line":"              \u003c/os\u003e"},{"line_number":2893,"context_line":"            \u003c/domain\u003e\"\"\","},{"line_number":2894,"context_line":"        )"}],"source_content_type":"text/x-python","patch_set":6,"id":"96d72c77_278264da","line":2891,"in_reply_to":"0d8b9c71_4487c046","updated":"2026-01-13 16:55:57.000000000","message":"I kept the loader element because libvirt \u003c 8.6.0 still requires the loader element set in addition to firmware elements. Because current nova supports libvirt \u003e\u003d 8.0.0 we should explicitly add the loader element with secure\u003d\u0027yes/no\u0027 for that old version.\n\nPlease check https://libvirt.org/kbase/secureboot.html#older-libvirt-versions\n\n`If your libvirt version is older than 8.6.0 but newer than 7.2.0, then enabling Secure Boot requires a slightly more verbose XML snippet:`\n\n\nW may bump the min version to drop that legacy part but because we still need the loader element for stateless firmware (as you noticed) it may not be really useful at this moment.","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"fb892982c801cf09e7bcdd2e7726af3d89d46459","unresolved":true,"context_lines":[{"line_number":2888,"context_line":"                  \u003cfeature enabled\u003d\u0027no\u0027 name\u003d\u0027secure-boot\u0027/\u003e"},{"line_number":2889,"context_line":"                \u003c/firmware\u003e"},{"line_number":2890,"context_line":"                \u003ctype machine\u003d\"pc-q35-5.1\"\u003ehvm\u003c/type\u003e"},{"line_number":2891,"context_line":"                \u003cloader secure\u003d\"no\"/\u003e"},{"line_number":2892,"context_line":"              \u003c/os\u003e"},{"line_number":2893,"context_line":"            \u003c/domain\u003e\"\"\","},{"line_number":2894,"context_line":"        )"}],"source_content_type":"text/x-python","patch_set":6,"id":"ca0651f6_5b2adb95","line":2891,"in_reply_to":"96d72c77_278264da","updated":"2026-01-17 18:00:46.000000000","message":"Am I correct that by keeping the loader element for now we remain compatible with 8.0.0 and at the same time with 8.6.0+ the autoselect still works even if the extraneous loader element is provided. So we don\u0027t need to explicitly check for libvirt version \u003c8.6.0 to conditionally keep the loader element.","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"486ca6997e60100a9a649bfa72a9c6a627f7d108","unresolved":true,"context_lines":[{"line_number":2888,"context_line":"                  \u003cfeature enabled\u003d\u0027no\u0027 name\u003d\u0027secure-boot\u0027/\u003e"},{"line_number":2889,"context_line":"                \u003c/firmware\u003e"},{"line_number":2890,"context_line":"                \u003ctype machine\u003d\"pc-q35-5.1\"\u003ehvm\u003c/type\u003e"},{"line_number":2891,"context_line":"                \u003cloader secure\u003d\"no\"/\u003e"},{"line_number":2892,"context_line":"              \u003c/os\u003e"},{"line_number":2893,"context_line":"            \u003c/domain\u003e\"\"\","},{"line_number":2894,"context_line":"        )"}],"source_content_type":"text/x-python","patch_set":6,"id":"ddf6bf47_47e1b0aa","line":2891,"in_reply_to":"ca0651f6_5b2adb95","updated":"2026-02-02 16:09:02.000000000","message":"Sorry I somehow overlooked this comment.\n\nYes. In both libvirt \u003c 8.6.0 and libvirt \u003e 8.6.0, autoselect works mostly in the same manner with secure flag set in the loader element. In libvirt \u003e\u003d 8.6.0 the flag is automatically set only when SMM is required, which allows usage of firmware with secure-boot but without SMM. However this pattern is currently required only by TDX which is not supported yet.","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"}],"nova/virt/libvirt/config.py":[{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"0ca09ffa700d9f92b5e61aa53e0354f697aa8e5e","unresolved":false,"context_lines":[{"line_number":3152,"context_line":""},{"line_number":3153,"context_line":"        if self.os_firmware is not None:"},{"line_number":3154,"context_line":"            os.set(\"firmware\", self.os_firmware)"},{"line_number":3155,"context_line":"            if self.os_loader_secure is not None:"},{"line_number":3156,"context_line":"                firmware \u003d etree.Element(\"firmware\")"},{"line_number":3157,"context_line":"                sb_feature \u003d etree.Element(\"feature\")"},{"line_number":3158,"context_line":"                sb_feature.set(\"name\", \"secure-boot\")"}],"source_content_type":"text/x-python","patch_set":6,"id":"6b181679_6d5bea6e","line":3155,"updated":"2026-01-13 16:41:52.000000000","message":"that\u0027s fine, we don\u0027t need to add firmware element if the instance currently doesn\u0027t opt into loader secure\u003dno or yes.","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"d428009124428aae0c286d5940fc3027e108b329","unresolved":true,"context_lines":[{"line_number":3152,"context_line":""},{"line_number":3153,"context_line":"        if self.os_firmware is not None:"},{"line_number":3154,"context_line":"            os.set(\"firmware\", self.os_firmware)"},{"line_number":3155,"context_line":"            if self.os_loader_secure is not None:"},{"line_number":3156,"context_line":"                firmware \u003d etree.Element(\"firmware\")"},{"line_number":3157,"context_line":"                sb_feature \u003d etree.Element(\"feature\")"},{"line_number":3158,"context_line":"                sb_feature.set(\"name\", \"secure-boot\")"}],"source_content_type":"text/x-python","patch_set":6,"id":"4511318c_ce2b712e","line":3155,"in_reply_to":"02a6fcde_1c9621c6","updated":"2026-01-18 10:17:07.000000000","message":"\u003e This ^^ seems contradictory to me. \n\nSorry I meant to say \"os_loader_secure \u003d None\" is used ... . os_loader_secure is set to True or False in UEFI boot.\n\n\u003e Or if self.os_loader_secure is None then we don\u0027t have to explicitly disable secure-boot as it is somehow implicitly disabled.\n\nFirst, as a background, current libvirt driver always set self.os_loader_secure to True or False when guest uses UEFI, while it leaves os_loader_secure to None when guest uses BIOS. So not filling these options for os_loader_secure\u003dNone is the \"correct\" behavior.\n\nIIUC the question is about the expected behavior for uefi boot but I\u0027m not too sure about it because that\u0027s an unused scenario at this moment.\n\nWithin current nova which selects firmware files automatically these firmware feature fields are just ignored. The only important field is os/loader/secure and that should be defined explicitly and set to True only when secure boot is enabled (because its default is False). So the libvirt always should set the flag explicitly and the behavior with None is not something we can define at this layer.\n\nOn the other hand once firmware auto selection is implemented not filling secure-boot flags leaves libvirt to select secure boot according to the firmware it selects (regardless of secure boot support). Although I don\u0027t intend to use this combination but the behavior sounds sensible to me.","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"14a69caeb34b0925ae8cfb858f7c3b6ceabe9486","unresolved":false,"context_lines":[{"line_number":3152,"context_line":""},{"line_number":3153,"context_line":"        if self.os_firmware is not None:"},{"line_number":3154,"context_line":"            os.set(\"firmware\", self.os_firmware)"},{"line_number":3155,"context_line":"            if self.os_loader_secure is not None:"},{"line_number":3156,"context_line":"                firmware \u003d etree.Element(\"firmware\")"},{"line_number":3157,"context_line":"                sb_feature \u003d etree.Element(\"feature\")"},{"line_number":3158,"context_line":"                sb_feature.set(\"name\", \"secure-boot\")"}],"source_content_type":"text/x-python","patch_set":6,"id":"8ffe6708_6fcffd19","line":3155,"in_reply_to":"4511318c_ce2b712e","updated":"2026-01-19 12:31:47.000000000","message":"\u003e First, as a background, current libvirt driver always set self.os_loader_secure to True or False when guest uses UEFI, while it leaves os_loader_secure to None when guest uses BIOS. So not filling these options for os_loader_secure\u003dNone is the \"correct\" behavior.\n\u003e \n\u003e IIUC the question is about the expected behavior for uefi boot but I\u0027m not too sure about it because that\u0027s an unused scenario at this moment.\n\u003e \n\u003e Within current nova which selects firmware files automatically these firmware feature fields are just ignored. The only important field is os/loader/secure and that should be defined explicitly and set to True only when secure boot is enabled (because its default is False). So the libvirt always should set the flag explicitly and the behavior with None is not something we can define at this layer.\n\u003e \n\u003e On the other hand once firmware auto selection is implemented not filling secure-boot flags leaves libvirt to select secure boot according to the firmware it selects (regardless of secure boot support). Although I don\u0027t intend to use this combination but the behavior sounds sensible to me.\n\nThanks for the explanation. I think it is clearer now. So with autoselect there could be a case when libvirt decides about secure boot, but nova will never ask for that behavior from libvirt but always defines secure boot or not secure boot explicitly. That works for me.","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"5298159251bcc705563d0bd81799311ca9ec2181","unresolved":true,"context_lines":[{"line_number":3152,"context_line":""},{"line_number":3153,"context_line":"        if self.os_firmware is not None:"},{"line_number":3154,"context_line":"            os.set(\"firmware\", self.os_firmware)"},{"line_number":3155,"context_line":"            if self.os_loader_secure is not None:"},{"line_number":3156,"context_line":"                firmware \u003d etree.Element(\"firmware\")"},{"line_number":3157,"context_line":"                sb_feature \u003d etree.Element(\"feature\")"},{"line_number":3158,"context_line":"                sb_feature.set(\"name\", \"secure-boot\")"}],"source_content_type":"text/x-python","patch_set":6,"id":"76550453_aa00cacd","line":3155,"in_reply_to":"6b181679_6d5bea6e","updated":"2026-01-16 17:23:59.000000000","message":"On the other hand, do we want to explicitly say \"secure-boot\": \"no\" for VMs that are not opted into secure boot? I\u0027m not sure if this is a good idea but I want to raise it for discussion here.\n\nOr what does a not defined os_loader_secure means compared to defined it to yes / no?","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"1155a4524331a7163602c98fbfbc0f49e64b0b0b","unresolved":true,"context_lines":[{"line_number":3152,"context_line":""},{"line_number":3153,"context_line":"        if self.os_firmware is not None:"},{"line_number":3154,"context_line":"            os.set(\"firmware\", self.os_firmware)"},{"line_number":3155,"context_line":"            if self.os_loader_secure is not None:"},{"line_number":3156,"context_line":"                firmware \u003d etree.Element(\"firmware\")"},{"line_number":3157,"context_line":"                sb_feature \u003d etree.Element(\"feature\")"},{"line_number":3158,"context_line":"                sb_feature.set(\"name\", \"secure-boot\")"}],"source_content_type":"text/x-python","patch_set":6,"id":"96e44c63_5c3df022","line":3155,"in_reply_to":"76550453_aa00cacd","updated":"2026-01-17 15:07:34.000000000","message":"\u003e On the other hand, do we want to explicitly say \"secure-boot\": \"no\" for VMs that are not opted into secure boot? I\u0027m not sure if this is a good idea but I want to raise it for discussion here.\nCurrently LibvirtDriver sets os_loader_secure\u003dTrue/False in case UEFI boot is enabled.\n\n\u003e Or what does a not defined os_loader_secure means compared to defined it to yes / no?\nos_loader_secure is used for vms with bios boot (because bios boot never supports secure boot).\n\n\nAlternatively we can implement some logic here which determines the values according to the boot mode but that requires larger scope of refactoring, so I tend to leave that to a separate work.","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"fb892982c801cf09e7bcdd2e7726af3d89d46459","unresolved":true,"context_lines":[{"line_number":3152,"context_line":""},{"line_number":3153,"context_line":"        if self.os_firmware is not None:"},{"line_number":3154,"context_line":"            os.set(\"firmware\", self.os_firmware)"},{"line_number":3155,"context_line":"            if self.os_loader_secure is not None:"},{"line_number":3156,"context_line":"                firmware \u003d etree.Element(\"firmware\")"},{"line_number":3157,"context_line":"                sb_feature \u003d etree.Element(\"feature\")"},{"line_number":3158,"context_line":"                sb_feature.set(\"name\", \"secure-boot\")"}],"source_content_type":"text/x-python","patch_set":6,"id":"02a6fcde_1c9621c6","line":3155,"in_reply_to":"96e44c63_5c3df022","updated":"2026-01-17 18:00:46.000000000","message":"Sorry I\u0027m confused.\n\n\u003e Currently LibvirtDriver sets os_loader_secure\u003dTrue/False in case UEFI boot is enabled.\n\n\u003e os_loader_secure is used for vms with bios boot (because bios boot never supports secure boot).\n\nThis ^^ seems contradictory to me. \n\nAnyhow I think my question can be rephrased to\nDo we need to add a firmware element with secure-boot, enabled\u003dno if self.os_loader_secure is None? Or if self.os_loader_secure is None then we don\u0027t have to explicitly disable secure-boot as it is somehow implicitly disabled.","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"1155a4524331a7163602c98fbfbc0f49e64b0b0b","unresolved":true,"context_lines":[{"line_number":3158,"context_line":"                sb_feature.set(\"name\", \"secure-boot\")"},{"line_number":3159,"context_line":"                sb_feature.set("},{"line_number":3160,"context_line":"                    \"enabled\", self.get_yes_no_str(self.os_loader_secure))"},{"line_number":3161,"context_line":"                firmware.append(sb_feature)"},{"line_number":3162,"context_line":"                os.append(firmware)"},{"line_number":3163,"context_line":""},{"line_number":3164,"context_line":"        type_node \u003d self._text_node(\"type\", self.os_type)"}],"source_content_type":"text/x-python","patch_set":6,"id":"9bf3c05b_1499ec78","line":3161,"range":{"start_line":3161,"start_character":25,"end_line":3161,"end_character":31},"updated":"2026-01-17 15:07:34.000000000","message":"I noticed that we should not add this when os_loader_secure is False...","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"3d5d3e36487c5529e22e584ab1c8c53fddef6e23","unresolved":false,"context_lines":[{"line_number":3158,"context_line":"                sb_feature.set(\"name\", \"secure-boot\")"},{"line_number":3159,"context_line":"                sb_feature.set("},{"line_number":3160,"context_line":"                    \"enabled\", self.get_yes_no_str(self.os_loader_secure))"},{"line_number":3161,"context_line":"                firmware.append(sb_feature)"},{"line_number":3162,"context_line":"                os.append(firmware)"},{"line_number":3163,"context_line":""},{"line_number":3164,"context_line":"        type_node \u003d self._text_node(\"type\", self.os_type)"}],"source_content_type":"text/x-python","patch_set":6,"id":"25aa574e_15b8b3ba","line":3161,"range":{"start_line":3161,"start_character":25,"end_line":3161,"end_character":31},"in_reply_to":"9bf3c05b_1499ec78","updated":"2026-01-17 15:09:01.000000000","message":"Ignore this. I somehow forgot the fact that we don\u0027t have to omit this element due to explicit no added above...","commit_id":"e691af82ca60dedd91b0bd7292793035082aa909"}]}