From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 6C0831FF13B for ; Wed, 20 May 2026 16:20:52 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A55FDB964; Wed, 20 May 2026 16:20:51 +0200 (CEST) From: Fiona Ebner To: pve-devel@lists.proxmox.com Subject: [PATCH edk2-firmware/qemu-server/manager 0/4] ovmf: support pre-enrolled-keys for ARM EFI disks Date: Wed, 20 May 2026 16:20:31 +0200 Message-ID: <20260520142044.502304-1-f.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1779286831976 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.009 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [ovmf.pm] Message-ID-Hash: R55ZKRHLQEOW32EVDMVBPBW4BF2PEW4R X-Message-ID-Hash: R55ZKRHLQEOW32EVDMVBPBW4BF2PEW4R X-MailFrom: f.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Have the firmware package for ARM ship the secureboot-enabled CODE image. The VARS image with the pre-enrolled-keys was already shipped. Let qemu-server actually honor the pre-enrolled-keys setting and use those images when requested. Finally, a small UX improvment to make the task warning when the firmware package is outdated visible in the UI. Might be nice to have soonish after the next point release since ARM support was generally improved with that release. pve-edk2-firmware: Fiona Ebner (2): d/rules: use dedicated install dir for AAVMF build d/{rules,install}: build secureboot-enabled image for aarch64 debian/pve-edk2-firmware-aarch64.install | 4 +-- debian/rules | 39 +++++++++++++++--------- 2 files changed, 27 insertions(+), 16 deletions(-) qemu-server: Fiona Ebner (1): ovmf: honor pre-enrolled-keys setting for aarch64 src/PVE/QemuServer/OVMF.pm | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) manager: Fiona Ebner (1): ui: qemu: hardware edit: create EFI disk via asynchronous API www/manager6/qemu/HDEfi.js | 1 + 1 file changed, 1 insertion(+) Summary over all repositories: 4 files changed, 46 insertions(+), 16 deletions(-) -- Generated by git-murpp 0.5.0