libvirt: Launch instances with stateless firmware
This change implements the actual functionality to allow users to launch instances with stateless firmware (read-only firmware image + no NVRAM). Note that this feature is supported by the libvirt virt driver, and also requires libvirt >= 8.6.0. Implements: blueprint libvirt-stateless-firmware Change-Id: I7219bfa11ae98e65c326bec1a99c49d3e245cb9a
This commit is contained in:
Takashi Kajinami
@@ -1413,3 +1413,24 @@ driver.ironic=missing
|
||||
driver.libvirt-vz-vm=missing
|
||||
driver.libvirt-vz-ct=missing
|
||||
driver.zvm=missing
|
||||
|
||||
[operation.boot-stateless-firmware]
|
||||
title=Boot instance with stateless firmware
|
||||
status=optional
|
||||
notes=The feature allows VMs to be booted with read-only firmware image without
|
||||
NVRAM file. This feature is especially useful for confidential computing use
|
||||
case because it allows more complete measurement of elements involved in
|
||||
the boot chain and disables the potential attack serface from hypervisors.
|
||||
cli=openstack server create <usual server create parameters>
|
||||
driver.libvirt-kvm-x86=partial
|
||||
driver-notes.libvirt-kvm-x86=This feature is supported only with UEFI firmware
|
||||
driver.libvirt-kvm-aarch64=missing
|
||||
driver.libvirt-kvm-ppc64=missing
|
||||
driver.libvirt-kvm-s390x=missing
|
||||
driver.libvirt-qemu-x86=missing
|
||||
driver.libvirt-lxc=missing
|
||||
driver.vmware=missing
|
||||
driver.ironic=missing
|
||||
driver.libvirt-vz-vm=missing
|
||||
driver.libvirt-vz-ct=missing
|
||||
driver.zvm=missing
|
||||
|
||||
Reference in New Issue
Block a user