File 077-man-virt-install-change--boot-secure-boot--docs.patch of Package virt-manager

Subject: man: virt-install: change `--boot secure-boot=` docs
From: Cole Robinson crobinso@redhat.com Wed Feb 25 07:14:43 2026 -0500
Date: Wed Feb 25 09:44:04 2026 -0500:
Git: 3eebb61b7b39fc7098987cafd1d7999299cb63b8

The example is documenting secure-boot=off but the text is covering
secure-boot=on. Rework it to cover both options, but expand on the
text for what I consider the most important case, which is getting
the VM to boot when default policy would reject it.

Drop the bit about firmware autoselection. It's correct but applies
only to old libvirt which should be rarely used these days IMO.

Signed-off-by: Cole Robinson <crobinso@redhat.com>

diff --git a/man/virt-install.rst b/man/virt-install.rst
index d3462172a..13bf5afdb 100644
--- a/man/virt-install.rst
+++ b/man/virt-install.rst
@@ -973,10 +973,13 @@ Some examples:
 ``--boot uefi=off``
     Do not use UEFI if the VM would normally default to it.
 
-``--boot uefi=on,secure-boot=off``
-    Configure the VM to boot from UEFI with secure-boot enabled and enforced.
-    This requires libvirt with firmware auto-selection. Setting ``secure-boot``
-    to off ensures the firmware can boot unsigned binaries.
+``--boot uefi,secure-boot=on|off``
+    Require or forbid Secure Boot enforcement, overriding the ``--boot uefi``
+    default. Typically the default is ``on``.
+
+    If your VM install fails to boot, and UEFI in the VM shows an error
+    with 'Access Denied', you may need to set ``secure-boot=off`` to
+    install your VM.
 
 ``--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=yes,firmware.feature1.name=enrolled-keys,firmware.feature1.enabled=yes``
     Configure the VM to boot from UEFI with Secure Boot support enabled.