On 12/02/2026 21.43, Zhuoying Cai wrote:
The current approach to enable secure boot relies on providing
secure-boot and boot-certs parameters of s390-ccw-virtio machine
type option, which apply to all boot devices.
With the possibility of multiple boot devices, secure boot expects all
provided devices to be supported and eligible (e.g.,
virtio-blk/virtio-scsi using the SCSI scheme).
If multiple boot devices are provided and include an unsupported (e.g.,
ECKD, VFIO) or a non-eligible (e.g., Net) device, the boot process will
terminate with an error logged to the console.
Signed-off-by: Zhuoying Cai <[email protected]>
---
hw/s390x/ipl.c | 79 ++++++++++++++++++++++++++++-------------
pc-bios/s390-ccw/main.c | 3 --
2 files changed, 54 insertions(+), 28 deletions(-)
Reviewed-by: Thomas Huth <[email protected]>
