]> git.proxmox.com Git - pve-manager.git/commitdiff
ui: efi: default to new 4MB format and allow pre-enrolled keys
authorThomas Lamprecht <t.lamprecht@proxmox.com>
Tue, 5 Oct 2021 18:05:20 +0000 (20:05 +0200)
committerThomas Lamprecht <t.lamprecht@proxmox.com>
Tue, 5 Oct 2021 18:11:21 +0000 (20:11 +0200)
to allow "real" secure boot, at least real enough for Windows 11 ;)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
www/manager6/qemu/HDEfi.js
www/manager6/qemu/SystemEdit.js

index 6a8aaa4af4e4a216bf25a8a972e1085ad5a20b9d..befdc932d7348cad5a865b82c95ed32da536c3c5 100644 (file)
@@ -24,8 +24,14 @@ Ext.define('PVE.qemu.EFIDiskInputPanel', {
            me.drive.file = values.hdstorage + ":1";
        }
 
+       // always default to newer 4m type with secure boot support, if we're
+       // adding a new EFI disk there can't be any old state anyway
+       me.drive.efitype = '4m';
+       me.drive['pre-enrolled-keys'] = values.preEnrolledKeys;
+       delete values.preEnrolledKeys;
+
        me.drive.format = values.diskformat;
-       var params = {};
+       let params = {};
        params[confid] = PVE.Parser.printQemuDrive(me.drive);
        return params;
     },
@@ -39,6 +45,7 @@ Ext.define('PVE.qemu.EFIDiskInputPanel', {
     setDisabled: function(disabled) {
        let me = this;
        me.down('pveDiskStorageSelector').setDisabled(disabled);
+       me.down('proxmoxcheckbox[name=preEnrolledKeys]').setDisabled(disabled);
        me.callParent(arguments);
     },
 
@@ -56,6 +63,18 @@ Ext.define('PVE.qemu.EFIDiskInputPanel', {
                disabled: me.disabled,
                hideSize: true,
            },
+           {
+               xtype: 'proxmoxcheckbox',
+               name: 'preEnrolledKeys',
+               checked: true,
+               fieldLabel: gettext("Pre-Enroll keys"),
+               disabled: me.disabled,
+               //boxLabel: '(e.g., Microsoft secure-boot keys')',
+               autoEl: {
+                   tag: 'div',
+                   'data-qtip': gettext('Enroll standard distribution and Microsoft secure boot keys.'),
+               },
+           },
            {
                xtype: 'label',
                text: gettext("Warning: The VM currently does not uses 'OVMF (UEFI)' as BIOS."),
index 8ed367fb785639ed33b4d6854fa604bd0af92882..f88dfb37de1e1557e2358658a1ee32faf9f64f5b 100644 (file)
@@ -22,24 +22,11 @@ Ext.define('PVE.qemu.SystemInputPanel', {
            values['serial' + values.vga.substr(6, 1)] = 'socket';
        }
 
-       var efidrive = {};
-       if (values.hdimage) {
-           efidrive.file = values.hdimage;
-       } else if (values.hdstorage) {
-           efidrive.file = values.hdstorage + ":1";
-       }
-
-       if (values.diskformat) {
-           efidrive.format = values.diskformat;
-       }
-
        delete values.hdimage;
        delete values.hdstorage;
        delete values.diskformat;
 
-       if (efidrive.file) {
-           values.efidisk0 = PVE.Parser.printQemuDrive(efidrive);
-       }
+       delete values.preEnrolledKeys; // efidisk
 
        return values;
     },
@@ -122,7 +109,7 @@ Ext.define('PVE.qemu.SystemInputPanel', {
            fieldLabel: gettext('Add EFI Disk'),
        },
        {
-           xtype: 'pveDiskStorageSelector',
+           xtype: 'pveEFIDiskInputPanel',
            name: 'efidisk0',
            storageContent: 'images',
            bind: {
@@ -134,6 +121,7 @@ Ext.define('PVE.qemu.SystemInputPanel', {
            disabled: true,
            hidden: true,
            hideSize: true,
+           usesEFI: true,
        },
     ],