On 5/13/25 14:25, Jim Fehlig wrote:
On 4/24/25 14:18, Jim Fehlig wrote:
On 4/24/25 04:59, Daniel P. Berrangé wrote:
On Mon, Apr 21, 2025 at 01:38:35PM -0600, Jim Fehlig via Devel wrote:
Hi All,
While investigating an internal bug report, we noticed that a minimal
firmware auto-selection configuration along with SEV* fails to find a match.
E.g. the following config
<domain type="kvm">
<os firmware="efi">
<type arch="x86_64" machine="q35">hvm</type>
<boot dev="hd"/>
</os>
<launchSecurity type="sev">
<policy>0x07</policy>
</launchSecurity>
...
</domain>
Fails with "Unable to find 'efi' firmware that is compatible with the
current configuration". A firmware that should match has the following json
description
{
"description": "UEFI firmware for x86_64, with AMD SEV",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"mode": "stateless",
"executable": {
"filename": "/usr/share/qemu/ovmf-x86_64-sev.bin",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s4",
"amd-sev",
"amd-sev-es",
"amd-sev-snp",
"verbose-dynamic"
],
"tags": [
]
}
Auto-selection works fine if I specify a 'stateless' firmware, e.g. amend
the above config with
<os firmware="efi">
<type arch="x86_64" machine="q35">hvm</type>
<loader stateless="yes"/>
<boot dev="hd"/>
</os>
Being unfamiliar with the firmware auto-selection code, I tried the below
naive hack, which only led to test failures and the subsequent runtime error
"unable to find any master var store for loader:
/usr/share/qemu/ovmf-x86_64-sev.bin". Should auto-selection work with the
minimal config, or is it expected that user also specify a stateless
firmware?
Andrea,
Having spent a fair bit of time in the firmware auto-selection code, perhaps you
have an opinion about this?
Sorry to keep nagging about this, but I still see the issue with latest git
master using a json descriptor identical to the latest Fedora one. When omitting
the 'stateless' attribute, autoselection fails with
operation failed: Unable to find 'efi' firmware that is compatible with the
current configuration
With debug enabled, I can see the firmware is not even considered since it's not
"split"
2025-07-29 21:02:05.517+0000: 32187: debug : qemuFirmwareMatchDomain:1310 :
Discarding loader without split flash
I would need to install Fedora and verify myself, but I'd be surprised if it
didn't encounter the same issue. Without the 'stateless' attribute, the
following test would fail
https://gitlab.com/libvirt/libvirt/-/blob/master/src/qemu/qemu_firmware.c?ref_type=heads#L1303
executing the else condition, and failing similarly since the firmware is not
split.
Regards,
Jim
