Attach EFI VHD as read-only

ambarve · ambarve · commit e7c9e65853f5 · 2025-07-24T12:29:52.000-04:00
Signed-off-by: Amit Barve &lt;ambarve@microsoft.com&gt;
diff --git a/internal/uvm/create_wcow.go b/internal/uvm/create_wcow.go
@@ -414,8 +414,9 @@ func prepareSecurityConfigDoc(ctx context.Context, uvm *UtilityVM, opts *Options
 		Type_: "VirtualDisk",
 	}
 	doc.VirtualMachine.Devices.Scsi[guestrequest.ScsiControllerGuids[0]].Attachments["1"] = hcsschema.Attachment{
-		Path:  opts.BootFiles.BlockCIMFiles.EFIVHDPath,
-		Type_: "VirtualDisk",
+		Path:     opts.BootFiles.BlockCIMFiles.EFIVHDPath,
+		Type_:    "VirtualDisk",
+		ReadOnly: true,
 	}
 	doc.VirtualMachine.Devices.Scsi[guestrequest.ScsiControllerGuids[0]].Attachments["2"] = hcsschema.Attachment{
 		Path:     opts.BootFiles.BlockCIMFiles.BootCIMVHDPath,

Original file line number	Diff line number	Diff line change
`@@ -414,8 +414,9 @@ func prepareSecurityConfigDoc(ctx context.Context, uvm UtilityVM, opts Options`
`414`	`414`	`Type_: "VirtualDisk",`
`415`	`415`	`}`
`416`	`416`	`doc.VirtualMachine.Devices.Scsi[guestrequest.ScsiControllerGuids[0]].Attachments["1"] = hcsschema.Attachment{`
`417`		`- Path: opts.BootFiles.BlockCIMFiles.EFIVHDPath,`
`418`		`- Type_: "VirtualDisk",`
	`417`	`+ Path: opts.BootFiles.BlockCIMFiles.EFIVHDPath,`
	`418`	`+ Type_: "VirtualDisk",`
	`419`	`+ ReadOnly: true,`
`419`	`420`	`}`
`420`	`421`	`doc.VirtualMachine.Devices.Scsi[guestrequest.ScsiControllerGuids[0]].Attachments["2"] = hcsschema.Attachment{`
`421`	`422`	`Path: opts.BootFiles.BlockCIMFiles.BootCIMVHDPath,`