[pve-devel] [PATCH qemu-server 1/6] qm enroll-efi-keys: do not remove EFI disk when config was modified during operation
Fiona Ebner
f.ebner at proxmox.com
Thu Dec 11 13:31:21 CET 2025
The EFI disk is already pre-existing and should not be removed in case
the VM configuration was modified during the enrollment operation.
It's not critical if the new certs are enrolled but the marker is not
written to the configuration. Worst case, the operation is just done
again, where virt-fw-vars will just skip enrollment after detecting
that the new certs are already on the disk.
Fixes: 95eb95c3 ("qm enroll-efi-keys: move potential blocking operation out of lock")
Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
---
src/PVE/CLI/qm.pm | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/src/PVE/CLI/qm.pm b/src/PVE/CLI/qm.pm
index 60fe318e..ca57409f 100755
--- a/src/PVE/CLI/qm.pm
+++ b/src/PVE/CLI/qm.pm
@@ -744,14 +744,7 @@ __PACKAGE__->register_method({
my $locked_conf = PVE::QemuConfig->load_config($vmid);
eval { PVE::Tools::assert_if_modified($conf->{digest}, $locked_conf->{digest}) };
- if (my $err = $@) {
- eval {
- my $drive = PVE::QemuServer::Drive::parse_drive('efidisk0', $updated);
- PVE::Storage::vdisk_free($storecfg, $drive->{file});
- };
- warn "failed to clean-up prepared efidisk volume - $@" if $@;
- die "VM ${vmid}: $err";
- }
+ die "VM ${vmid}: $@" if $@;
$locked_conf->{efidisk0} = $updated;
PVE::QemuConfig->write_config($vmid, $locked_conf);
--
2.47.3
More information about the pve-devel
mailing list