)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":7369,"name":"Sergey Skripnick","email":"sskripnick@mirantis.com","username":"redixin"},"change_message_id":"12ee23c4b0daf90cc037f228df0b673c1d483780","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"a0b10b96_f70adf07","updated":"2022-06-01 14:10:40.000000000","message":"Btw how this patch has SUCCESS py36 job? It looks like this job is globally broken","commit_id":"d1b563c09e67cb8285b669a18eda78d4b63c4014"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"4d7663bd3d23118a060069128be1fc97077ab49b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"f094e3fb_d517b560","updated":"2022-07-21 22:23:47.000000000","message":"recheck py36 unit test failures, logs deleted","commit_id":"ba4459438d5b6015f90cd51b1c4a86a600306803"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"238919b8fbbcd69c0a12acfcb6072b59799dcc11","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"c5108c36_9fe83f21","updated":"2022-12-13 21:22:21.000000000","message":"clean rebase, just had to tell git the difference by doing it by hand. 😊","commit_id":"41628d3546dee32f36033840cb22d5c157d40dc4"}],"doc/source/user/dynamic-emulator.rst":[{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"ca0a4d403f94b0ea7c0bc591059ac732b38b4461","unresolved":true,"context_lines":[{"line_number":165,"context_line":"      --ram 1024 \\"},{"line_number":166,"context_line":"      --boot loader.readonly\u003dyes \\"},{"line_number":167,"context_line":"      --boot loader.type\u003dpflash \\"},{"line_number":168,"context_line":"      --boot loader.secure\u003dno \\"},{"line_number":169,"context_line":"      --boot loader\u003d/usr/share/OVMF/OVMF_CODE.secboot.fd \\"},{"line_number":170,"context_line":"      --boot nvram.template\u003d/usr/share/OVMF/OVMF_VARS.fd \\"},{"line_number":171,"context_line":"      --disk size\u003d1 \\"}],"source_content_type":"text/x-rst","patch_set":6,"id":"61b8bee6_9e66b06c","line":168,"updated":"2023-01-19 19:59:59.000000000","message":"Are we limiting ourself to a newer version of libvirt/qemu/virt-install? Should we list a minimum version you need?","commit_id":"41628d3546dee32f36033840cb22d5c157d40dc4"}],"sushy_tools/emulator/resources/systems/libvirtdriver.py":[{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"b344976ba215ab20165d03ba268d3a3e0d28a0ee","unresolved":true,"context_lines":[{"line_number":606,"context_line":"        if not loader_elements:"},{"line_number":607,"context_line":"            return False"},{"line_number":608,"context_line":"        loader_element \u003d loader_elements[0]"},{"line_number":609,"context_line":"        return loader_element.get(\u0027secure\u0027) \u003d\u003d \u0027yes\u0027"},{"line_number":610,"context_line":""},{"line_number":611,"context_line":"    def set_secure_boot(self, identity, secure):"},{"line_number":612,"context_line":"        \"\"\"Set computer system secure boot state for UEFI boot mode."}],"source_content_type":"text/x-python","patch_set":1,"id":"187a04da_4b6e2ac5","line":609,"updated":"2022-05-26 23:30:36.000000000","message":"Here the test should be if the loader_element text filename contains \"secboot\".\n\nThen after https://review.opendev.org/c/openstack/sushy-tools/+/842266 add the check for secure attribute yes/no","commit_id":"08e3a2a51a38c07027b2c7ba92313945030dcc9a"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"b4ef0d9df5ef63224b642b72f01948c6ffeb4537","unresolved":false,"context_lines":[{"line_number":606,"context_line":"        if not loader_elements:"},{"line_number":607,"context_line":"            return False"},{"line_number":608,"context_line":"        loader_element \u003d loader_elements[0]"},{"line_number":609,"context_line":"        return loader_element.get(\u0027secure\u0027) \u003d\u003d \u0027yes\u0027"},{"line_number":610,"context_line":""},{"line_number":611,"context_line":"    def set_secure_boot(self, identity, secure):"},{"line_number":612,"context_line":"        \"\"\"Set computer system secure boot state for UEFI boot mode."}],"source_content_type":"text/x-python","patch_set":1,"id":"d5e94330_ead831ad","line":609,"in_reply_to":"187a04da_4b6e2ac5","updated":"2022-05-27 02:54:16.000000000","message":"Done","commit_id":"08e3a2a51a38c07027b2c7ba92313945030dcc9a"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"b344976ba215ab20165d03ba268d3a3e0d28a0ee","unresolved":true,"context_lines":[{"line_number":607,"context_line":"            return False"},{"line_number":608,"context_line":"        loader_element \u003d loader_elements[0]"},{"line_number":609,"context_line":"        return loader_element.get(\u0027secure\u0027) \u003d\u003d \u0027yes\u0027"},{"line_number":610,"context_line":""},{"line_number":611,"context_line":"    def set_secure_boot(self, identity, secure):"},{"line_number":612,"context_line":"        \"\"\"Set computer system secure boot state for UEFI boot mode."},{"line_number":613,"context_line":""},{"line_number":614,"context_line":"        :param secure: boolean requesting the secure boot state"},{"line_number":615,"context_line":""},{"line_number":616,"context_line":"        :raises: `FishyError` if the can\u0027t be set"},{"line_number":617,"context_line":"        \"\"\""},{"line_number":618,"context_line":"        if self.get_boot_mode(identity) \u003d\u003d \u0027Legacy\u0027:"},{"line_number":619,"context_line":"            msg \u003d \u0027Legacy boot mode does not support secure boot\u0027"},{"line_number":620,"context_line":"            raise error.NotSupportedError(msg)"},{"line_number":621,"context_line":""},{"line_number":622,"context_line":"        domain \u003d self._get_domain(identity, readonly\u003dTrue)"},{"line_number":623,"context_line":""},{"line_number":624,"context_line":"        # XML schema: https://libvirt.org/formatdomain.html#elementsOSBIOS"},{"line_number":625,"context_line":"        tree \u003d ET.fromstring(domain.XMLDesc(libvirt.VIR_DOMAIN_XML_INACTIVE))"},{"line_number":626,"context_line":"        os_element \u003d tree.find(\u0027os\u0027)"},{"line_number":627,"context_line":"        for element in os_element.findall(\u0027loader\u0027):"},{"line_number":628,"context_line":"            element.set(\u0027secure\u0027, secure and \u0027yes\u0027 or \u0027no\u0027)"},{"line_number":629,"context_line":""},{"line_number":630,"context_line":"        with libvirt_open(self._uri) as conn:"},{"line_number":631,"context_line":""},{"line_number":632,"context_line":"            try:"},{"line_number":633,"context_line":"                conn.defineXML(ET.tostring(tree).decode(\u0027utf-8\u0027))"},{"line_number":634,"context_line":""},{"line_number":635,"context_line":"            except libvirt.libvirtError as e:"},{"line_number":636,"context_line":"                msg \u003d (\u0027Error changing secure boot at libvirt URI \u0027"},{"line_number":637,"context_line":"                       \u0027\"%(uri)s\": %(error)s\u0027 % {\u0027uri\u0027: self._uri,"},{"line_number":638,"context_line":"                                                 \u0027error\u0027: e})"},{"line_number":639,"context_line":""},{"line_number":640,"context_line":"                raise error.FishyError(msg)"},{"line_number":641,"context_line":""},{"line_number":642,"context_line":"    def get_total_memory(self, identity):"},{"line_number":643,"context_line":"        \"\"\"Get computer system total memory"}],"source_content_type":"text/x-python","patch_set":1,"id":"ec58749a_5ef38e03","line":640,"range":{"start_line":610,"start_character":0,"end_line":640,"end_character":43},"updated":"2022-05-26 23:30:36.000000000","message":"I think setting should only be supported after https://review.opendev.org/c/openstack/sushy-tools/+/842266 so the config doesn\u0027t actually have to track OVMF file paths","commit_id":"08e3a2a51a38c07027b2c7ba92313945030dcc9a"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"b4ef0d9df5ef63224b642b72f01948c6ffeb4537","unresolved":false,"context_lines":[{"line_number":607,"context_line":"            return False"},{"line_number":608,"context_line":"        loader_element \u003d loader_elements[0]"},{"line_number":609,"context_line":"        return loader_element.get(\u0027secure\u0027) \u003d\u003d \u0027yes\u0027"},{"line_number":610,"context_line":""},{"line_number":611,"context_line":"    def set_secure_boot(self, identity, secure):"},{"line_number":612,"context_line":"        \"\"\"Set computer system secure boot state for UEFI boot mode."},{"line_number":613,"context_line":""},{"line_number":614,"context_line":"        :param secure: boolean requesting the secure boot state"},{"line_number":615,"context_line":""},{"line_number":616,"context_line":"        :raises: `FishyError` if the can\u0027t be set"},{"line_number":617,"context_line":"        \"\"\""},{"line_number":618,"context_line":"        if self.get_boot_mode(identity) \u003d\u003d \u0027Legacy\u0027:"},{"line_number":619,"context_line":"            msg \u003d \u0027Legacy boot mode does not support secure boot\u0027"},{"line_number":620,"context_line":"            raise error.NotSupportedError(msg)"},{"line_number":621,"context_line":""},{"line_number":622,"context_line":"        domain \u003d self._get_domain(identity, readonly\u003dTrue)"},{"line_number":623,"context_line":""},{"line_number":624,"context_line":"        # XML schema: https://libvirt.org/formatdomain.html#elementsOSBIOS"},{"line_number":625,"context_line":"        tree \u003d ET.fromstring(domain.XMLDesc(libvirt.VIR_DOMAIN_XML_INACTIVE))"},{"line_number":626,"context_line":"        os_element \u003d tree.find(\u0027os\u0027)"},{"line_number":627,"context_line":"        for element in os_element.findall(\u0027loader\u0027):"},{"line_number":628,"context_line":"            element.set(\u0027secure\u0027, secure and \u0027yes\u0027 or \u0027no\u0027)"},{"line_number":629,"context_line":""},{"line_number":630,"context_line":"        with libvirt_open(self._uri) as conn:"},{"line_number":631,"context_line":""},{"line_number":632,"context_line":"            try:"},{"line_number":633,"context_line":"                conn.defineXML(ET.tostring(tree).decode(\u0027utf-8\u0027))"},{"line_number":634,"context_line":""},{"line_number":635,"context_line":"            except libvirt.libvirtError as e:"},{"line_number":636,"context_line":"                msg \u003d (\u0027Error changing secure boot at libvirt URI \u0027"},{"line_number":637,"context_line":"                       \u0027\"%(uri)s\": %(error)s\u0027 % {\u0027uri\u0027: self._uri,"},{"line_number":638,"context_line":"                                                 \u0027error\u0027: e})"},{"line_number":639,"context_line":""},{"line_number":640,"context_line":"                raise error.FishyError(msg)"},{"line_number":641,"context_line":""},{"line_number":642,"context_line":"    def get_total_memory(self, identity):"},{"line_number":643,"context_line":"        \"\"\"Get computer system total memory"}],"source_content_type":"text/x-python","patch_set":1,"id":"7802b024_9e899417","line":640,"range":{"start_line":610,"start_character":0,"end_line":640,"end_character":43},"in_reply_to":"ec58749a_5ef38e03","updated":"2022-05-27 02:54:16.000000000","message":"Done","commit_id":"08e3a2a51a38c07027b2c7ba92313945030dcc9a"},{"author":{"_account_id":7369,"name":"Sergey Skripnick","email":"sskripnick@mirantis.com","username":"redixin"},"change_message_id":"756a0ac426f5bdc2bbe1465eb4ffed78e36dfc6d","unresolved":true,"context_lines":[{"line_number":591,"context_line":""},{"line_number":592,"context_line":"        domain \u003d self._get_domain(identity, readonly\u003dTrue)"},{"line_number":593,"context_line":""},{"line_number":594,"context_line":"        # XML schema: https://libvirt.org/formatdomain.html#elementsOSBIOS"},{"line_number":595,"context_line":"        tree \u003d ET.fromstring(domain.XMLDesc(libvirt.VIR_DOMAIN_XML_INACTIVE))"},{"line_number":596,"context_line":""},{"line_number":597,"context_line":"        os_element \u003d tree.find(\u0027os\u0027)"}],"source_content_type":"text/x-python","patch_set":2,"id":"5d568886_9911092c","line":594,"updated":"2022-06-01 14:09:26.000000000","message":"This link seems to be broken or outdated.\n\nIt looks like this one is correct as for today:\nhttps://libvirt.org/formatdomain.html#operating-system-booting\n\nAnd it seems that what are we looking for, is \"loader\" element with attribute \"secure\u003d\u0027yes\u0027\"","commit_id":"d1b563c09e67cb8285b669a18eda78d4b63c4014"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"b74ae58aa7318b5c203dd4f21210f701f8eb8adb","unresolved":false,"context_lines":[{"line_number":591,"context_line":""},{"line_number":592,"context_line":"        domain \u003d self._get_domain(identity, readonly\u003dTrue)"},{"line_number":593,"context_line":""},{"line_number":594,"context_line":"        # XML schema: https://libvirt.org/formatdomain.html#elementsOSBIOS"},{"line_number":595,"context_line":"        tree \u003d ET.fromstring(domain.XMLDesc(libvirt.VIR_DOMAIN_XML_INACTIVE))"},{"line_number":596,"context_line":""},{"line_number":597,"context_line":"        os_element \u003d tree.find(\u0027os\u0027)"}],"source_content_type":"text/x-python","patch_set":2,"id":"2fff91ce_1f33da6c","line":594,"in_reply_to":"5d568886_9911092c","updated":"2022-06-01 22:27:35.000000000","message":"Done","commit_id":"d1b563c09e67cb8285b669a18eda78d4b63c4014"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"ba7d27e3b6ecbc5d7268d1eff313d9bbef4b61e4","unresolved":false,"context_lines":[{"line_number":596,"context_line":""},{"line_number":597,"context_line":"        os_element \u003d tree.find(\u0027os\u0027)"},{"line_number":598,"context_line":""},{"line_number":599,"context_line":"        loader_elements \u003d os_element.findall(\u0027loader\u0027)"},{"line_number":600,"context_line":"        if len(loader_elements) \u003e 1:"},{"line_number":601,"context_line":"            msg \u003d (\u0027Can\\\u0027t get secure boot state because \"loader\" element \u0027"},{"line_number":602,"context_line":"                   \u0027must be present exactly once in domain \"%(identity)s\" \u0027"}],"source_content_type":"text/x-python","patch_set":2,"id":"be10cf88_54728002","line":599,"updated":"2022-06-01 07:02:00.000000000","message":"You need to be checking the nvram path, not the loader path. \"secboot\" in the loader path does not mean that secure boot is enabled.","commit_id":"d1b563c09e67cb8285b669a18eda78d4b63c4014"},{"author":{"_account_id":7369,"name":"Sergey Skripnick","email":"sskripnick@mirantis.com","username":"redixin"},"change_message_id":"cf6179d434b91f6ba28c2e976c8fbf320a399a0a","unresolved":false,"context_lines":[{"line_number":596,"context_line":""},{"line_number":597,"context_line":"        os_element \u003d tree.find(\u0027os\u0027)"},{"line_number":598,"context_line":""},{"line_number":599,"context_line":"        loader_elements \u003d os_element.findall(\u0027loader\u0027)"},{"line_number":600,"context_line":"        if len(loader_elements) \u003e 1:"},{"line_number":601,"context_line":"            msg \u003d (\u0027Can\\\u0027t get secure boot state because \"loader\" element \u0027"},{"line_number":602,"context_line":"                   \u0027must be present exactly once in domain \"%(identity)s\" \u0027"}],"source_content_type":"text/x-python","patch_set":2,"id":"efe0c603_90cc7f9d","line":599,"in_reply_to":"20a68bb8_6bac3fd8","updated":"2022-06-02 09:21:49.000000000","message":"Sorry guys I can\u0027t get how nvram refers to the secure boot. From the link above:\n\n\u003e nvram\nSome UEFI firmwares may want to use a non-volatile memory to store some variables. In the host, this is represented as a file and the absolute path to the file is stored in this element. Moreover, when the domain is started up libvirt copies so called master NVRAM store file defined in qemu.conf. If needed, the template attribute can be used to per domain override map of master NVRAM stores from the config file. Note, that for transient domains if the NVRAM file has been created by libvirt it is left behind and it is management application\u0027s responsibility to save and remove file (if needed to be persistent). Since 1.2.8\n\nAnd at the same time:\n\n\u003e loader\nThe optional loader tag refers to a firmware blob, which is specified by absolute path, used to assist the domain creation process. It is used by Xen fully virtualized domains as well as setting the QEMU BIOS file path for QEMU/KVM domains. Xen since 0.1.0, QEMU/KVM since 0.9.12 Then, since 1.2.8 it\u0027s possible for the element to have two optional attributes: readonly (accepted values are yes and no) to reflect the fact that the image should be writable or read-only. The second attribute type accepts values rom and pflash. It tells the hypervisor where in the guest memory the file should be mapped. For instance, if the loader path points to an UEFI image, type should be pflash. Moreover, some firmwares may implement the Secure boot feature. Attribute secure can be used to tell the hypervisor that the firmware is capable of Secure Boot feature. It cannot be used to enable or disable the feature itself in the firmware. Since 2.1.0","commit_id":"d1b563c09e67cb8285b669a18eda78d4b63c4014"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"b74ae58aa7318b5c203dd4f21210f701f8eb8adb","unresolved":false,"context_lines":[{"line_number":596,"context_line":""},{"line_number":597,"context_line":"        os_element \u003d tree.find(\u0027os\u0027)"},{"line_number":598,"context_line":""},{"line_number":599,"context_line":"        loader_elements \u003d os_element.findall(\u0027loader\u0027)"},{"line_number":600,"context_line":"        if len(loader_elements) \u003e 1:"},{"line_number":601,"context_line":"            msg \u003d (\u0027Can\\\u0027t get secure boot state because \"loader\" element \u0027"},{"line_number":602,"context_line":"                   \u0027must be present exactly once in domain \"%(identity)s\" \u0027"}],"source_content_type":"text/x-python","patch_set":2,"id":"20a68bb8_6bac3fd8","line":599,"in_reply_to":"be10cf88_54728002","updated":"2022-06-01 22:27:35.000000000","message":"OK I think I get it now. A firmware which supports secure boot might also boot in non-secure mode. nvram determines the mode, and the specific keys etc set up for secure boot behaviour.","commit_id":"d1b563c09e67cb8285b669a18eda78d4b63c4014"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"c7c4840d3c6bb1e8585389c700e383b5455d1aa5","unresolved":false,"context_lines":[{"line_number":596,"context_line":""},{"line_number":597,"context_line":"        os_element \u003d tree.find(\u0027os\u0027)"},{"line_number":598,"context_line":""},{"line_number":599,"context_line":"        loader_elements \u003d os_element.findall(\u0027loader\u0027)"},{"line_number":600,"context_line":"        if len(loader_elements) \u003e 1:"},{"line_number":601,"context_line":"            msg \u003d (\u0027Can\\\u0027t get secure boot state because \"loader\" element \u0027"},{"line_number":602,"context_line":"                   \u0027must be present exactly once in domain \"%(identity)s\" \u0027"}],"source_content_type":"text/x-python","patch_set":2,"id":"7bc20e9a_cc2c6ffd","line":599,"in_reply_to":"efe0c603_90cc7f9d","updated":"2022-06-03 03:21:57.000000000","message":"I\u0027ve just tried various combinations of firmware/nvram, secboot and not on my Fedora-35.\n\nMy findings align with Dmitry\u0027s experience, and contradicts the above documentation somewhat. Here is the output of \"mokutil --sb-state\" after booting each:\n\nOVMF_CODE.secboot.fd + OVMF_VARS.secboot.fd \u003d SecureBoot enabled\nOVMF_CODE.secboot.fd + OVMF_VARS.fd \u003d SecureBoot disabled\nOVMF_CODE.fd + OVMF_VARS.secboot.fd \u003d This system doesn\u0027t support Secure Boot\nOVMF_CODE.fd + OVMF_VARS.fd \u003d This system doesn\u0027t support Secure Boot\n\nAccording to this, we can always use OVMF_CODE.secboot.fd and toggle secure boot with OVMF_VARS.fd/OVMF_VARS.secboot.fd. I even managed to get an existing domain to switch by changing the template\u003d\"\" and deleting the nvram before rebooting. I\u0027ll rework [1] to do this.\n\nUnfortunately \u003cos firmware\u003d\"efi\"\u003e will only ever deploy a full secure-boot combination and doesn\u0027t allow the nvram to be overridden, so I\u0027m going to need to drop the approach in [2] until libvirt provide some automatic mechanism to select uefi-but-not-secure 😞\n\n[1] https://review.opendev.org/c/openstack/sushy-tools/+/843557/3\n[2] https://review.opendev.org/c/openstack/sushy-tools/+/841653/4","commit_id":"d1b563c09e67cb8285b669a18eda78d4b63c4014"}]}
