Daniel P. Berrangé <[email protected]> writes: > On Thu, Sep 18, 2025 at 08:56:39AM +0200, Markus Armbruster wrote: >> Zhuoying Cai <[email protected]> writes: >> >> > Introduce a new `boot-certs` machine type option for the s390-ccw-virtio >> > machine. This allows users to specify one or more certificate file paths >> > or directories to be used during secure boot. >> > >> > Each entry is specified using the syntax: >> > boot-certs.<index>.path=/path/to/cert.pem >> > >> > Multiple paths can be specify using array properties: >> > boot-certs.0.path=/path/to/cert.pem, >> > boot-certs.1.path=/path/to/cert-dir, >> > boot-certs.2.path=/path/to/another-dir... >> >> Given we can specifiy a directory containing any number of certificate >> files, is the ability to specify multiple paths worth the additional >> complexity? > > The typical scenario would be point to somewhere in /etc/pki > for some globally provided certs, and then also point to > somewhere local ($HOME) for custom extra certs. So IMHO it > is reasonable to want multiple paths, to avoid copying around > certs from different locations.
Thanks. Preferably with BootCertificate renamed to BootCertificates Acked-by: Markus Armbruster <[email protected]>
