Refactor Secure Boot Support and Firmware Handling

- Renamed firmware-related attributes to align with VMware conventions.
- Accurately report firmware type and Secure Boot status to Foreman.

lib/fog/libvirt/models/compute/server.rb

@@ -13,8 +13,8 @@ class Server < Fog::Compute::Server
 
         attribute :cpus
         attribute :cputime
-        attribute :os_firmware
-        attribute :os_firmware_features
+        attribute :firmware
+        attribute :firmware_features
         attribute :os_type
         attribute :memory_size
         attribute :max_memory_size
@@ -286,7 +286,7 @@ def to_xml
               os_tags = {}
 
               # Set firmware only if it's EFI, BIOS don't need to be set
-              os_tags[:firmware] = "efi" if os_firmware == "efi"
+              os_tags[:firmware] = "efi" if firmware == "efi"
 
               xml.os(**os_tags) do
                 type = xml.type(os_type, :arch => arch)
@@ -296,9 +296,9 @@ def to_xml
                   xml.boot(:dev => dev)
                 end
 
-                if os_firmware == "efi"
+                if firmware == "efi" && firmware_features&.any?
                   xml.firmware do
-                    os_firmware_features.each_pair do |key, value|
+                    firmware_features.each_pair do |key, value|
                       xml.feature(:name => key, :enabled => value)
                     end
                   end

lib/fog/libvirt/requests/compute/list_domains.rb

@@ -48,6 +48,23 @@ def boot_order xml
           xml_elements(xml, "domain/os/boot", "dev")
         end
 
+        # Foreman expects the firmware to be 'uefi_sb' if SB is enabled
+        def firmware(xml)
+          firmware_type = xml_elements(xml, "domain/os", "firmware").first || 'bios'
+          return 'uefi_sb' if firmware_type == 'efi' && secure_boot_enabled?(xml)
+
+          firmware_type
+        end
+
+        def secure_boot_enabled?(xml)
+          enabled_features = xml_elements(xml, "domain/os/firmware/feature")
+                               .select { |feature| feature[:enabled] == 'yes' }
+                               .map { |feature| feature[:name] }
+
+          required_features = ['secure-boot', 'enrolled-keys']
+          required_features.all? { |feature| enabled_features.include?(feature) }
+        end
+
         def domain_interfaces xml
           ifs = xml_elements(xml, "domain/devices/interface")
           ifs.map { |i|
@@ -78,6 +95,7 @@ def domain_to_attributes(dom)
               :active          => dom.active?,
               :display         => domain_display(dom.xml_desc),
               :boot_order      => boot_order(dom.xml_desc),
+              :firmware        => firmware(dom.xml_desc),
               :nics            => domain_interfaces(dom.xml_desc),
               :volumes_path    => domain_volumes(dom.xml_desc),
               :state           => states[dom.info.state]