From a5e5a3ea0df6e5fa7ae318ff4ad8cde22d67d095 Mon Sep 17 00:00:00 2001
From: Alexander Olofsson <alexander.olofsson@liu.se>
Date: Mon, 14 Nov 2022 14:00:09 +0100
Subject: [PATCH] Add preliminary secure boot setup

---
 .../vmware_extensions.rb                      | 41 ++++++++++---------
 1 file changed, 22 insertions(+), 19 deletions(-)

diff --git a/app/models/concerns/foreman_vmware_advanced/vmware_extensions.rb b/app/models/concerns/foreman_vmware_advanced/vmware_extensions.rb
index cbc5a57..1182837 100644
--- a/app/models/concerns/foreman_vmware_advanced/vmware_extensions.rb
+++ b/app/models/concerns/foreman_vmware_advanced/vmware_extensions.rb
@@ -5,11 +5,7 @@ module ForemanVmwareAdvanced
     def parse_args(inp_args)
       args = super(inp_args)
 
-      args[:extra_config] = (args[:extra_config] || {}).merge(
-        'bios.bootOrder': 'ethernet0',
-        'disk.EnableUUID': 'TRUE',
-        'svga.autodetect': 'TRUE'
-      )
+      args[:extra_config] = (args[:extra_config] || {}).merge(SETTINGS[:vmware_advanced]) if SETTINGS[:vmware_advanced]
 
       args
     end
@@ -18,21 +14,28 @@ module ForemanVmwareAdvanced
       vm = super(args)
       return unless vm
 
-      if SETTINGS[:vtpm_add] && vm.firmware == 'efi'
-        begin
-          spec = {
-            deviceChange: [
-              {
-                operation: :add,
-                device: RbVmomi::VIM::VirtualTPM.new(key: -1)
-              }
-            ]
-          }
-
-          client.vm_reconfig_hardware 'instance_uuid' => vm.attributes[:instance_uuid], 'hardware_spec' => spec
-        rescue StandardError => e
-          logger.error "Failed to add vTPM - #{e.class}: #{e}"
+      spec = {}
+      if vm.firmeware == 'efi'
+        if SETTINGS[:vmware_secureboot] && args[:guest_id]&.start_with?('win')
+          spec[:bootOptions] = RbVmomi::VIM::VirtualMachineBootOptions.new(efiSecureBootEnabled: true)
         end
+
+        if SETTINGS[:vtpm_add]
+          spec[:deviceChange] = [
+            {
+              operation: :add,
+              device: RbVmomi::VIM::VirtualTPM.new(key: -1)
+            }
+          ]
+        end
+      end
+
+      return vm if spec.empty?
+
+      begin
+        client.vm_reconfig_hardware 'instance_uuid' => vm.attributes[:instance_uuid], 'hardware_spec' => spec
+      rescue StandardError => e
+        logger.error "Failed to add advanced VMWare options - #{e.class}: #{e}"
       end
 
       vm
-- 
GitLab