[pve-devel] [PATCH qemu-server 2/2] fix #6985: ovmf: auto-enroll Microsoft UEFI CA 2023 for Windows
Fiona Ebner
f.ebner at proxmox.com
Fri Nov 14 13:03:47 CET 2025
Am 14.11.25 um 12:47 PM schrieb Thomas Lamprecht:
> Am 14.11.25 um 12:03 schrieb Fiona Ebner:
>> Yes, we will need to be careful down the line. A clean option is using
>> different QSD IDs for different tasks (the ID for a QSD can be any
>> string and does not need to be a VMID). Currently, we only use QSD for
>> EFI enrollment here and for TPM which are both part of the same start
>> task. I will add a comment to note this and that
>> ensure_ms_2023_cert_enrolled() may currently only be called as part of
>> VM start.
>
>
> Oh, and what I just noticed: the QSD is currently not running inside of
> the qemu.slice/$vmid.scope?
>
> Not a blocker at all now, but that might be nice to have to ensure it's
> resource (mainly memory) usage is accounted for.
The one started for enrollment is not, but that one is very short-lived.
The one for started for swtpm should actually be? It's part of the
start_swtpm() function.
More information about the pve-devel
mailing list