terraform: disable secure boot for QEMU / MiniConstellation

cli/internal/terraform/terraform/qemu/modules/instance_group/domain.xsl

@@ -14,7 +14,7 @@
         <xsl:copy>
             <!--<xsl:apply-templates select="node()|@*"/>-->
             <xsl:attribute name="secure">
-                <xsl:value-of select="'yes'"/>
+                <xsl:value-of select="'no'"/>
             </xsl:attribute>
             <xsl:attribute name="readonly">
                 <xsl:value-of select="'yes'"/>

cli/internal/terraform/terraform/qemu/variables.tf

@@ -68,7 +68,7 @@ variable "image_format" {
 variable "firmware" {
   type        = string
   default     = "/usr/share/OVMF/OVMF_CODE.secboot.fd"
-  description = "path to UEFI firmware file. Use \"OVMF_CODE_4M.ms.fd\" on Ubuntu and \"OVMF_CODE.secboot.fd\" on Fedora."
+  description = "path to UEFI firmware file. Use \"OVMF_CODE_4M.ms.fd\" on Ubuntu and \"OVMF_CODE.fd\" or \"OVMF_CODE.secboot.fd\" on Fedora."
 }
 
 variable "nvram" {

cli/internal/terraform/variables.go

@@ -360,9 +360,9 @@ func (q *QEMUVariables) String() string {
 	vCopy := *q
 	switch vCopy.NVRAM {
 	case "production":
-		vCopy.NVRAM = "/usr/share/OVMF/constellation_vars.production.fd"
+		vCopy.NVRAM = "/usr/share/OVMF/OVMF_VARS.fd"
 	case "testing":
-		vCopy.NVRAM = "/usr/share/OVMF/constellation_vars.testing.fd"
+		vCopy.NVRAM = "/usr/share/OVMF/OVMF_VARS.fd"
 	}
 	f := hclwrite.NewEmptyFile()
 	gohcl.EncodeIntoBody(vCopy, f.Body())

cli/internal/terraform/variables_test.go

@@ -329,7 +329,7 @@ constellation_os_image  = "/var/lib/libvirt/images/cluster-name.qcow2"
 image_format            = "raw"
 metadata_api_image      = "example.com/metadata-api:latest"
 metadata_libvirt_uri    = "qemu:///system"
-nvram                   = "/usr/share/OVMF/constellation_vars.production.fd"
+nvram                   = "/usr/share/OVMF/OVMF_VARS.fd"
 constellation_initrd    = "/var/lib/libvirt/images/cluster-name-initrd"
 constellation_cmdline   = "console=ttyS0,115200n8"
 custom_endpoint         = "example.com"