f4c249c692
Introduce two new guides on UEFI and Secure Boot. In addition, update the flavors guide to document the secure boot feature (though this doc should really be removed in near term in favour of the auto-generated docs, as noted inline). Note that this change includes our first use of the ':nova:extra-spec:' cross-reference role and highlights a small bug in that implementation. This is resolved. Blueprint: allow-secure-boot-for-qemu-kvm-guests Change-Id: I4eb370b87ba8d0403c8c0ef038a909313a48d1d6 Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2.4 KiB
UEFI
17.0.0 (Queens)
Nova supports configuring a UEFI
bootloader for guests. This brings about important advantages over
legacy BIOS bootloaders and allows for features such as secure-boot.
Enabling UEFI
Currently the configuration of UEFI guest bootloaders is only
supported when using the libvirt compute driver with a :oslo.configlibvirt.virt_type of
kvm or qemu or when using the Hyper-V compute
driver with certain machine types. When using the libvirt compute driver
with AArch64-based guests, UEFI is automatically enabled as AArch64 does
not support BIOS.
Update this once compute drivers start reporting a trait indicating UEFI bootloader support.
Configuring a flavor or image
Configuring a UEFI bootloader varies depending on the compute driver in use.
Libvirt
UEFI support is enabled by default on AArch64-based guests. For other
guest architectures, you can request UEFI support with libvirt by
setting the hw_firmware_type image property to
uefi. For example:
$ openstack image set --property hw_firmware_type=uefi $IMAGEHyper-V
It is not possible to explicitly request UEFI support with Hyper-V.
Rather, it is enabled implicitly when using Generation
2 guests. You can request a Generation 2 guest by setting the
hw_machine_type image metadata property to
hyperv-gen2. For example:
$ openstack image set --property hw_machine_type=hyperv-gen2 $IMAGE