From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Fiona Ebner <f.ebner@proxmox.com>,
Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH qemu-server 2/2] fix #6985: ovmf: auto-enroll Microsoft UEFI CA 2023 for Windows
Date: Fri, 14 Nov 2025 13:12:59 +0100 [thread overview]
Message-ID: <298d504a-5339-44b3-99a1-6e595691a5de@proxmox.com> (raw)
In-Reply-To: <c686416e-bebe-4461-93aa-0b7602946bac@proxmox.com>
Am 14.11.25 um 13:03 schrieb Fiona Ebner:
> Am 14.11.25 um 12:47 PM schrieb Thomas Lamprecht:
>> Am 14.11.25 um 12:03 schrieb Fiona Ebner:
>>> Yes, we will need to be careful down the line. A clean option is using
>>> different QSD IDs for different tasks (the ID for a QSD can be any
>>> string and does not need to be a VMID). Currently, we only use QSD for
>>> EFI enrollment here and for TPM which are both part of the same start
>>> task. I will add a comment to note this and that
>>> ensure_ms_2023_cert_enrolled() may currently only be called as part of
>>> VM start.
>>
>>
>> Oh, and what I just noticed: the QSD is currently not running inside of
>> the qemu.slice/$vmid.scope?
>>
>> Not a blocker at all now, but that might be nice to have to ensure it's
>> resource (mainly memory) usage is accounted for.
>
> The one started for enrollment is not, but that one is very short-lived.
> The one for started for swtpm should actually be? It's part of the
> start_swtpm() function.
True, and as you say that's the more important one anyway due to running
for the entire time such a VM is running.
So fine as is for now, we can change this at anytime anyway.
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2025-11-14 12:12 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-11 13:57 [pve-devel] [PATCH-SERIES qemu-server 0/2] " Fiona Ebner
2025-11-11 13:57 ` [pve-devel] [PATCH qemu-server 1/2] qsd: add remove_fuse_export() function Fiona Ebner
2025-11-14 11:50 ` [pve-devel] applied: " Thomas Lamprecht
2025-11-11 13:57 ` [pve-devel] [PATCH qemu-server 2/2] fix #6985: ovmf: auto-enroll Microsoft UEFI CA 2023 for Windows Fiona Ebner
2025-11-14 1:18 ` Thomas Lamprecht
2025-11-14 11:03 ` Fiona Ebner
2025-11-14 11:48 ` Thomas Lamprecht
2025-11-14 12:03 ` Fiona Ebner
2025-11-14 12:12 ` Thomas Lamprecht [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=298d504a-5339-44b3-99a1-6e595691a5de@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.