On Tue, Sep 30, 2025 at 11:34:23AM +0200, Thomas Huth wrote: > On 18/09/2025 01.21, Zhuoying Cai wrote: > > Introduce a new `boot-certs` machine type option for the s390-ccw-virtio > > machine. This allows users to specify one or more certificate file paths > > or directories to be used during secure boot. > > > > Each entry is specified using the syntax: > > boot-certs.<index>.path=/path/to/cert.pem > > > > Multiple paths can be specify using array properties: > > boot-certs.0.path=/path/to/cert.pem, > > boot-certs.1.path=/path/to/cert-dir, > > boot-certs.2.path=/path/to/another-dir... > > > > Signed-off-by: Zhuoying Cai <[email protected]> > > --- > > docs/system/s390x/secure-ipl.rst | 21 +++++++++++++++++++++ > > hw/s390x/s390-virtio-ccw.c | 30 ++++++++++++++++++++++++++++++ > > include/hw/s390x/s390-virtio-ccw.h | 2 ++ > > qapi/machine-s390x.json | 22 ++++++++++++++++++++++ > > qapi/pragma.json | 1 + > > qemu-options.hx | 6 +++++- > > 6 files changed, 81 insertions(+), 1 deletion(-) > > create mode 100644 docs/system/s390x/secure-ipl.rst > > > > diff --git a/docs/system/s390x/secure-ipl.rst > > b/docs/system/s390x/secure-ipl.rst > > new file mode 100644 > > index 0000000000..92c1bb2153 > > --- /dev/null > > +++ b/docs/system/s390x/secure-ipl.rst > > @@ -0,0 +1,21 @@ > > +.. SPDX-License-Identifier: GPL-2.0-or-later > > + > > +Secure IPL Command Line Options > > +=============================== > > + > > +The s390-ccw-virtio machine type supports secure IPL. These parameters > > allow users > > +to provide certificates and enable secure IPL directly via the command > > line. > > + > > +Providing Certificates > > +---------------------- > > + > > +The certificate store can be populated by supplying a list of X.509 > > certificate file > > +paths or directories containing certificate files on the command-line: > > + > > +Note: certificate files must have a .pem extension. > > + > > +.. code-block:: shell > > + > > + qemu-system-s390x -machine s390-ccw-virtio, \ > > + boot-certs.0.path=/.../qemu/certs, \ > > + boot-certs.1.path=/another/path/cert.pem ... > > Using newlines/spaces between parameters does not work, so people cannot > copy-n-paste this example to the shell. > > So I think you either have to merge it into one line, or use multiple > "-machine" statements, e.g.: > > qemu-system-s390x -M s390-ccw-virtio \ > -M boot-certs.0.path=/.../qemu/certs \ > -M boot-certs.1.path=/another/path/cert.pem ...
The inability to copy+paste is unfortunate, but IMHO the docs are better in the way they are already expressed. Repeating the -M arg in this way is not a natural way we'd expect people to configure QEMU, even if it happens to work in the case of -M/-machine. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
