runtime: suppport split firmware

firmware can be split into FIRMWARE_VARS.fd (UEFI variables as configuration) and FIRMWARE_CODE.fd (UEFI program image). UEFI variables can be customized per each user while UEFI code is kept same. fixes #3583 Signed-off-by: Julio Montes <julio.montes@intel.com>
2025-12-19 07:14:22 +01:00 · 2022-02-01 11:19:21 -06:00
parent 732c45de94
commit 1f29478b09
22 changed files with 140 additions and 42 deletions
--- a/src/runtime/virtcontainers/qemu_arm64_test.go
+++ b/src/runtime/virtcontainers/qemu_arm64_test.go
@@ -179,35 +179,35 @@ func TestQemuArm64AppendProtectionDevice(t *testing.T) {
 	var err error

 	// no protection
-	devices, bios, err = arm64.appendProtectionDevice(devices, firmware)
+	devices, bios, err = arm64.appendProtectionDevice(devices, firmware, "")
 	assert.Empty(devices)
 	assert.Empty(bios)
 	assert.NoError(err)

 	// PEF protection
 	arm64.(*qemuArm64).protection = pefProtection
-	devices, bios, err = arm64.appendProtectionDevice(devices, firmware)
+	devices, bios, err = arm64.appendProtectionDevice(devices, firmware, "")
 	assert.Empty(devices)
 	assert.Empty(bios)
 	assert.NoError(err)

 	// Secure Execution protection
 	arm64.(*qemuArm64).protection = seProtection
-	devices, bios, err = arm64.appendProtectionDevice(devices, firmware)
+	devices, bios, err = arm64.appendProtectionDevice(devices, firmware, "")
 	assert.Empty(devices)
 	assert.Empty(bios)
 	assert.NoError(err)

 	// SEV protection
 	arm64.(*qemuArm64).protection = sevProtection
-	devices, bios, err = arm64.appendProtectionDevice(devices, firmware)
+	devices, bios, err = arm64.appendProtectionDevice(devices, firmware, "")
 	assert.Empty(devices)
 	assert.Empty(bios)
 	assert.NoError(err)

 	// TDX protection
 	arm64.(*qemuArm64).protection = tdxProtection
-	devices, bios, err = arm64.appendProtectionDevice(devices, firmware)
+	devices, bios, err = arm64.appendProtectionDevice(devices, firmware, "")
 	assert.Empty(devices)
 	assert.Empty(bios)
 	assert.NoError(err)