[pve-devel] [PATCH qemu-server 3/4] ovmf: factor out helper for checking whether MS 2023 certificate should be enrolled

[Fiona Ebner]

In preparation to only call that helper during VM start. See the
following commit "vm start: ovmf: do not auto-enroll Microsoft UEFI CA
2023" for details.

Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
---
 src/PVE/QemuServer/OVMF.pm | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/PVE/QemuServer/OVMF.pm b/src/PVE/QemuServer/OVMF.pm
index 409ad022..e5f4cf02 100644
--- a/src/PVE/QemuServer/OVMF.pm
+++ b/src/PVE/QemuServer/OVMF.pm
@@ -278,13 +278,23 @@ sub print_ovmf_commandline {
     return ($cmd, $machine_flags);
 }
 
-sub ensure_ms_2023_cert_enrolled {
-    my ($storecfg, $vmid, $efidisk_str) = @_;
+sub should_enroll_ms_2023_cert {
+    my ($efidisk_str) = @_;
 
     my $efidisk = parse_drive('efidisk0', $efidisk_str);
     return if !$efidisk->{'pre-enrolled-keys'};
     return if $efidisk->{'ms-cert'} && $efidisk->{'ms-cert'} eq '2023';
 
+    return 1;
+}
+
+sub ensure_ms_2023_cert_enrolled {
+    my ($storecfg, $vmid, $efidisk_str) = @_;
+
+    return if !should_enroll_ms_2023_cert($efidisk_str);
+
+    my $efidisk = parse_drive('efidisk0', $efidisk_str);
+
     print "efidisk0: enrolling Microsoft UEFI CA 2023\n";
 
     my $qsd_id = "vm-$vmid-efi-enroll";
-- 
2.47.3