Merge pull request #9018 from VladRassokhin/vsphere-efi-secure-boot

builder/vsphere-iso: support EFI Secure Boot
2020-04-14 10:47:05 -07:00 · 2020-04-14 10:47:05 -07:00 · 3df20fc40b
commit 3df20fc40b
parent 31946d551e 440f540e28
7 changed files with 45 additions and 17 deletions
--- a/builder/vsphere/clone/config.hcl2spec.go
+++ b/builder/vsphere/clone/config.hcl2spec.go
@ -44,6 +44,7 @@ type FlatConfig struct {
 	MemoryHotAddEnabled       *bool                    `mapstructure:"RAM_hot_plug" cty:"RAM_hot_plug"`
 	VideoRAM                  *int64                   `mapstructure:"video_ram" cty:"video_ram"`
 	NestedHV                  *bool                    `mapstructure:"NestedHV" cty:"NestedHV"`
+	Firmware                  *string                  `mapstructure:"firmware" cty:"firmware"`
 	ConfigParams              map[string]string        `mapstructure:"configuration_parameters" cty:"configuration_parameters"`
 	BootOrder                 *string                  `mapstructure:"boot_order" cty:"boot_order"`
 	WaitTimeout               *string                  `mapstructure:"ip_wait_timeout" cty:"ip_wait_timeout"`
@ -142,6 +143,7 @@ func (*FlatConfig) HCL2Spec() map[string]hcldec.Spec {
 		"RAM_hot_plug":                 &hcldec.AttrSpec{Name: "RAM_hot_plug", Type: cty.Bool, Required: false},
 		"video_ram":                    &hcldec.AttrSpec{Name: "video_ram", Type: cty.Number, Required: false},
 		"NestedHV":                     &hcldec.AttrSpec{Name: "NestedHV", Type: cty.Bool, Required: false},
+		"firmware":                     &hcldec.AttrSpec{Name: "firmware", Type: cty.String, Required: false},
 		"configuration_parameters":     &hcldec.AttrSpec{Name: "configuration_parameters", Type: cty.Map(cty.String), Required: false},
 		"boot_order":                   &hcldec.AttrSpec{Name: "boot_order", Type: cty.String, Required: false},
 		"ip_wait_timeout":              &hcldec.AttrSpec{Name: "ip_wait_timeout", Type: cty.String, Required: false},
--- a/builder/vsphere/common/step_hardware.go
+++ b/builder/vsphere/common/step_hardware.go
@ -36,6 +36,8 @@ type HardwareConfig struct {
 	VideoRAM int64 `mapstructure:"video_ram"`
 	// Enable nested hardware virtualization for VM. Defaults to `false`.
 	NestedHV bool `mapstructure:"NestedHV"`
+	// Set the Firmware for virtual machine. Supported values: `bios`, `efi`, `efi-secure` or empty string to keep as in template. Defaults to empty string.
+	Firmware string `mapstructure:"firmware"`
 }

 func (c *HardwareConfig) Prepare() []error {
@ -45,6 +47,10 @@ func (c *HardwareConfig) Prepare() []error {
 		errs = append(errs, fmt.Errorf("'RAM_reservation' and 'RAM_reserve_all' cannot be used together"))
 	}

+	if c.Firmware != "" && c.Firmware != "bios" && c.Firmware != "efi" && c.Firmware != "efi-secure" {
+		errs = append(errs, fmt.Errorf("'firmware' must be '', 'bios', 'efi' or 'efi-secure'"))
+	}
+
 	return errs
 }

@ -71,6 +77,7 @@ func (s *StepConfigureHardware) Run(_ context.Context, state multistep.StateBag)
 			CpuHotAddEnabled:    s.Config.CpuHotAddEnabled,
 			MemoryHotAddEnabled: s.Config.MemoryHotAddEnabled,
 			VideoRAM:            s.Config.VideoRAM,
+			Firmware:            s.Config.Firmware,
 		})
 		if err != nil {
 			state.Put("error", err)
--- a/builder/vsphere/common/step_hardware.hcl2spec.go
+++ b/builder/vsphere/common/step_hardware.hcl2spec.go
@ -9,17 +9,18 @@ import (
 // FlatHardwareConfig is an auto-generated flat version of HardwareConfig.
 // Where the contents of a field with a `mapstructure:,squash` tag are bubbled up.
 type FlatHardwareConfig struct {
-	CPUs                *int32 `mapstructure:"CPUs" cty:"CPUs"`
-	CpuCores            *int32 `mapstructure:"cpu_cores" cty:"cpu_cores"`
-	CPUReservation      *int64 `mapstructure:"CPU_reservation" cty:"CPU_reservation"`
-	CPULimit            *int64 `mapstructure:"CPU_limit" cty:"CPU_limit"`
-	CpuHotAddEnabled    *bool  `mapstructure:"CPU_hot_plug" cty:"CPU_hot_plug"`
-	RAM                 *int64 `mapstructure:"RAM" cty:"RAM"`
-	RAMReservation      *int64 `mapstructure:"RAM_reservation" cty:"RAM_reservation"`
-	RAMReserveAll       *bool  `mapstructure:"RAM_reserve_all" cty:"RAM_reserve_all"`
-	MemoryHotAddEnabled *bool  `mapstructure:"RAM_hot_plug" cty:"RAM_hot_plug"`
-	VideoRAM            *int64 `mapstructure:"video_ram" cty:"video_ram"`
-	NestedHV            *bool  `mapstructure:"NestedHV" cty:"NestedHV"`
+	CPUs                *int32  `mapstructure:"CPUs" cty:"CPUs"`
+	CpuCores            *int32  `mapstructure:"cpu_cores" cty:"cpu_cores"`
+	CPUReservation      *int64  `mapstructure:"CPU_reservation" cty:"CPU_reservation"`
+	CPULimit            *int64  `mapstructure:"CPU_limit" cty:"CPU_limit"`
+	CpuHotAddEnabled    *bool   `mapstructure:"CPU_hot_plug" cty:"CPU_hot_plug"`
+	RAM                 *int64  `mapstructure:"RAM" cty:"RAM"`
+	RAMReservation      *int64  `mapstructure:"RAM_reservation" cty:"RAM_reservation"`
+	RAMReserveAll       *bool   `mapstructure:"RAM_reserve_all" cty:"RAM_reserve_all"`
+	MemoryHotAddEnabled *bool   `mapstructure:"RAM_hot_plug" cty:"RAM_hot_plug"`
+	VideoRAM            *int64  `mapstructure:"video_ram" cty:"video_ram"`
+	NestedHV            *bool   `mapstructure:"NestedHV" cty:"NestedHV"`
+	Firmware            *string `mapstructure:"firmware" cty:"firmware"`
 }

 // FlatMapstructure returns a new FlatHardwareConfig.
@ -45,6 +46,7 @@ func (*FlatHardwareConfig) HCL2Spec() map[string]hcldec.Spec {
 		"RAM_hot_plug":    &hcldec.AttrSpec{Name: "RAM_hot_plug", Type: cty.Bool, Required: false},
 		"video_ram":       &hcldec.AttrSpec{Name: "video_ram", Type: cty.Number, Required: false},
 		"NestedHV":        &hcldec.AttrSpec{Name: "NestedHV", Type: cty.Bool, Required: false},
+		"firmware":        &hcldec.AttrSpec{Name: "firmware", Type: cty.String, Required: false},
 	}
 	return s
 }
--- a/builder/vsphere/driver/vm.go
+++ b/builder/vsphere/driver/vm.go
@ -47,6 +47,7 @@ type HardwareConfig struct {
 	CpuHotAddEnabled    bool
 	MemoryHotAddEnabled bool
 	VideoRAM            int64
+	Firmware            string
 }

 type NIC struct {
@ -70,7 +71,7 @@ type CreateConfig struct {
 	NICs          []NIC
 	USBController bool
 	Version       uint   // example: 10
-	Firmware      string // efi or bios
+	Firmware      string // efi-secure, efi or bios
 	Storage       []Disk
 }

@ -107,7 +108,12 @@ func (d *Driver) CreateVM(config *CreateConfig) (*VirtualMachine, error) {
 	if config.Version != 0 {
 		createSpec.Version = fmt.Sprintf("%s%d", "vmx-", config.Version)
 	}
-	if config.Firmware != "" {
+	if config.Firmware == "efi-secure" {
+		createSpec.Firmware = "efi"
+		createSpec.BootOptions = &types.VirtualMachineBootOptions{
+			EfiSecureBootEnabled: types.NewBool(true),
+		}
+	} else if config.Firmware != "" {
 		createSpec.Firmware = config.Firmware
 	}

@ -350,6 +356,15 @@ func (vm *VirtualMachine) Configure(config *HardwareConfig) error {
 		confSpec.DeviceChange = append(confSpec.DeviceChange, spec)
 	}

+	if config.Firmware == "efi-secure" || config.Firmware == "efi" {
+		confSpec.Firmware = "efi"
+		confSpec.BootOptions = &types.VirtualMachineBootOptions{
+			EfiSecureBootEnabled: types.NewBool(config.Firmware == "efi-secure"),
+		}
+	} else if config.Firmware != "" {
+		confSpec.Firmware = config.Firmware
+	}
+
 	task, err := vm.vm.Reconfigure(vm.driver.ctx, confSpec)
 	if err != nil {
 		return err
--- a/builder/vsphere/iso/step_create.go
+++ b/builder/vsphere/iso/step_create.go
@ -74,7 +74,7 @@ type CreateConfig struct {
 	// here](https://code.vmware.com/apis/358/vsphere/doc/vim.vm.GuestOsDescriptor.GuestOsIdentifier.html)
 	// for a full list of possible values.
 	GuestOSType string `mapstructure:"guest_os_type"`
-	// Set the Firmware at machine creation. Example `efi`. Defaults to `bios`.
+	// Set the Firmware at machine creation. Supported values: `bios`, `efi` or `efi-secure`. Defaults to `bios`.
 	Firmware string `mapstructure:"firmware"`
 	// Set VM disk controller type. Example `pvscsi`.
 	DiskControllerType string `mapstructure:"disk_controller_type"`
@ -115,8 +115,8 @@ func (c *CreateConfig) Prepare() []error {
 		c.GuestOSType = "otherGuest"
 	}

-	if c.Firmware != "" && c.Firmware != "bios" && c.Firmware != "efi" {
-		errs = append(errs, fmt.Errorf("'firmware' must be 'bios' or 'efi'"))
+	if c.Firmware != "" && c.Firmware != "bios" && c.Firmware != "efi" && c.Firmware != "efi-secure" {
+		errs = append(errs, fmt.Errorf("'firmware' must be 'bios', 'efi' or 'efi-secure'"))
 	}

 	return errs
--- a/website/pages/partials/builder/vsphere/common/HardwareConfig-not-required.mdx
+++ b/website/pages/partials/builder/vsphere/common/HardwareConfig-not-required.mdx
@ -22,4 +22,6 @@
 -   `video_ram` (int64) - Amount of video memory in MB.
    
 -   `NestedHV` (bool) - Enable nested hardware virtualization for VM. Defaults to `false`.
+    
+-   `firmware` (string) - Set the Firmware for virtual machine. Supported values: `bios`, `efi`, `efi-secure` or empty string to keep as in template. Defaults to empty string.
    
--- a/website/pages/partials/builder/vsphere/iso/CreateConfig-not-required.mdx
+++ b/website/pages/partials/builder/vsphere/iso/CreateConfig-not-required.mdx
@ -9,7 +9,7 @@
    here](https://code.vmware.com/apis/358/vsphere/doc/vim.vm.GuestOsDescriptor.GuestOsIdentifier.html)
    for a full list of possible values.
    
-   `firmware` (string) - Set the Firmware at machine creation. Example `efi`. Defaults to `bios`.
+-   `firmware` (string) - Set the Firmware at machine creation. Supported values: `bios`, `efi` or `efi-secure`. Defaults to `bios`.
    
 -   `disk_controller_type` (string) - Set VM disk controller type. Example `pvscsi`.