[lxc-devel] [lxd/master] lxd/vm: Make OVMF path configurable

stgraber on Github lxc-bot at linuxcontainers.org
Tue Nov 19 03:44:42 UTC 2019 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20191118/42a99779/attachment.bin>
-------------- next part --------------
From 17ae468f373961681efec373745a97227e8fe12e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 18 Nov 2019 22:43:36 -0500
Subject: [PATCH] lxd/vm: Make OVMF path configurable
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 doc/environment.md |  1 +
 lxd/vm_qemu.go     | 14 +++++++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/doc/environment.md b/doc/environment.md
index 8269d2b434..2925711467 100644
--- a/doc/environment.md
+++ b/doc/environment.md
@@ -27,3 +27,4 @@ Name                            | Description
 `LXD_LXC_TEMPLATE_CONFIG`       | Path to the LXC template configuration directory
 `LXD_SECURITY_APPARMOR`         | If set to `false`, forces AppArmor off
 `LXD_UNPRIVILEGED_ONLY`         | If set to `true`, enforces that only unprivileged containers can be created. Note that any privileged containers that have been created before setting LXD_UNPRIVILEGED_ONLY will continue to be privileged. To use this option effectively it should be set when the LXD daemon is first setup.
+`LXD_OVMF_PATH`                 | Path to an OVMF build including `OVMF_CODE.fd` and `OVMF_VARS.ms.fd`
diff --git a/lxd/vm_qemu.go b/lxd/vm_qemu.go
index 8d41c72629..3b99e0f170 100644
--- a/lxd/vm_qemu.go
+++ b/lxd/vm_qemu.go
@@ -392,6 +392,14 @@ func (vm *vmQemu) Shutdown(timeout time.Duration) error {
 	return nil
 }
 
+func (vm *vmQemu) ovmfPath() string {
+	if os.Getenv("LXD_OVMF_PATH") != "" {
+		return os.Getenv("LXD_OVMF_PATH")
+	}
+
+	return "/usr/share/OVMF"
+}
+
 func (vm *vmQemu) Start(stateful bool) error {
 	// Ensure the correct vhost_vsock kernel module is loaded before establishing the vsock.
 	err := util.LoadModule("vhost_vsock")
@@ -433,7 +441,7 @@ func (vm *vmQemu) Start(stateful bool) error {
 	// Copy OVMF settings firmware to nvram file.
 	// This firmware file can be modified by the VM so it must be copied from the defaults.
 	if !shared.PathExists(vm.getNvramPath()) {
-		srcOvmfFile := "/usr/share/OVMF/OVMF_VARS.ms.fd"
+		srcOvmfFile := filepath.Join(vm.ovmfPath(), "OVMF_VARS.ms.fd")
 		if !shared.PathExists(srcOvmfFile) {
 			return fmt.Errorf("Required secure boot EFI firmware settings file missing: %s", srcOvmfFile)
 		}
@@ -1024,7 +1032,7 @@ func (vm *vmQemu) addFirmwareConfig(sb *strings.Builder) {
 	sb.WriteString(fmt.Sprintf(`
 # Firmware (read only)
 [drive]
-file = "/usr/share/OVMF/OVMF_CODE.fd"
+file = "%s"
 if = "pflash"
 format = "raw"
 unit = "0"
@@ -1036,7 +1044,7 @@ file = "%s"
 if = "pflash"
 format = "raw"
 unit = "1"
-`, nvramPath))
+`, filepath.Join(vm.ovmfPath(), "OVMF_CODE.fd"), nvramPath))
 
 	return
 }

More information about the lxc-devel mailing list