Add a trait for UEFI Secure Boot support

Introduce a trait, COMPUTE_SECURITY_UEFI_SECURE_BOOT, as discussed in
the Secure Boot spec[1].  (Yeah, it reads a little awkward, not sure if
we can avoid it, as I've included it as part of compute/

This lets an admin set the trait either via the flavor extra-specs or
image metadata properties:


to request to boot an instance in Secure Boot mode.  Nova's libvirt
driver is responsible make sure the compute node has the necessary
capabilities (e.g. relevant libvirt, QEMU, OVMF, EDK2 et al versions).
If the host hypervisor is incapable, the instance creation will fail.


blueprint: allow-secure-boot-for-qemu-kvm-guests

Change-Id: I333147dcd47c6d0b926338a5a0c545f5adc63961
Signed-off-by: Kashyap Chamarthy <>
Kashyap Chamarthy 2021-01-12 16:17:14 +01:00
parent 454292dbd2
commit 89cec2696b
1 changed files with 5 additions and 1 deletions

View File

@ -18,5 +18,9 @@ TRAITS = [
# support for TPM 1.2
# support for TPM 2.0
# support for UEFI Secure Boot
# ref: