On 9/18/25 4:51 AM, Markus Armbruster wrote: > Daniel P. Berrangé <[email protected]> writes: > >> On Thu, Sep 18, 2025 at 08:56:39AM +0200, Markus Armbruster wrote: >>> Zhuoying Cai <[email protected]> writes: >>> >>>> Introduce a new `boot-certs` machine type option for the s390-ccw-virtio >>>> machine. This allows users to specify one or more certificate file paths >>>> or directories to be used during secure boot. >>>> >>>> Each entry is specified using the syntax: >>>> boot-certs.<index>.path=/path/to/cert.pem >>>> >>>> Multiple paths can be specify using array properties: >>>> boot-certs.0.path=/path/to/cert.pem, >>>> boot-certs.1.path=/path/to/cert-dir, >>>> boot-certs.2.path=/path/to/another-dir... >>> >>> Given we can specifiy a directory containing any number of certificate >>> files, is the ability to specify multiple paths worth the additional >>> complexity? >> >> The typical scenario would be point to somewhere in /etc/pki >> for some globally provided certs, and then also point to >> somewhere local ($HOME) for custom extra certs. So IMHO it >> is reasonable to want multiple paths, to avoid copying around >> certs from different locations. > > Thanks. > > Preferably with BootCertificate renamed to BootCertificates > Acked-by: Markus Armbruster <[email protected]> >
I'll rename it in the next version. Thanks for the review!
