Setup UEFI Secure Boot in a Fedora environment
==============================================

There are two kinds of OVMF builds available on Fedora:

(1) So-called "plain OVMF" with no Secure Boot (SB), which also requires
System Management Mode (SMM) to be enabled in QEMU.

(2) OVMF with Secure Boot (SB) + System Management Mode (SMM).

*NOTE*: RHEL, from 7.3 onwards, ships _only_ the Secure Boot variant of
OVMF build. 

---

To create a minimal Fedora-26 VM, with OVMF Secure Boot (and System
Managment Mode):

    $ sudo ./create-uefi-qcow2-guest.bash vm2 f26 x86_64 \
        /var/lib/libvirt/images/

The resulting libvirt guest XML would look like:

    https://kashyapc.fedorapeople.org/virt/ovmf-sb-smm/smm-sb-uefi-f26-ovmf-vm2.xml

(Once implemented, OpenStack Nova-generated libvirt guest XML would
roughly -- depending on the distribution -- look the same as above.)

* * *

For the "plain OVMF", the libvirt guest XML would look like:

    https://kashyapc.fedorapeople.org/virt/ovmf-sb-smm/plain-uefi-f26-ovmf-vm2.xml

For verification purposes, the QEMU command-line of a guest with OVMF
boot with SB + SMM looks as follows:

    https://kashyapc.fedorapeople.org/virt/ovmf-sb-smm/qemu-command-line-ovmf-sb-smm.txt