[pve-devel] [PATCH qemu-server 2/2] fix #6985: ovmf: auto-enroll Microsoft UEFI CA 2023 for Windows

Fri Nov 14 12:48:23 CET 2025

Am 14.11.25 um 12:03 schrieb Fiona Ebner:
> Yes, we will need to be careful down the line. A clean option is using
> different QSD IDs for different tasks (the ID for a QSD can be any
> string and does not need to be a VMID). Currently, we only use QSD for
> EFI enrollment here and for TPM which are both part of the same start
> task. I will add a comment to note this and that
> ensure_ms_2023_cert_enrolled() may currently only be called as part of
> VM start.

Oh, and what I just noticed: the QSD is currently not running inside of
the qemu.slice/$vmid.scope?

Not a blocker at all now, but that might be nice to have to ensure it's
resource (mainly memory) usage is accounted for.