On Mon, Aug 25, 2025 at 05:12:57PM -0600, Jim Fehlig wrote:
> On 8/25/25 10:19, Andrea Bolognani via Devel wrote:
> > One of the new test cases demonstrates how firmware
> > autoselection doesn't currently work correctly for domains
> > using SEV-SNP: the descriptor for a suitable firmware exists,
> > and yet it doesn't get picked up.
>
> But the descriptor is incorrect. Autoselection using current git master
> works fine with a proper descriptor for SNP.
It's true, the current descriptor for SEV-SNP is incorrect as it
causes libvirt to use pflash instead of rom. But the fact that
libvirt will ignore the current descriptor unless
<loader stateless='yes'/>
is present in the domain configuration, as demonstrated by the test
case that I'm adding in this patch, is a problem of its own, and
indeed the one that you reported in the first place ;)
So yes, we need to fix both issues, the one in libvirt and the one in
the descriptors. Solving the latter first would merely sweep the
former under the carpet, not make it go away.
> IMO, we need to fix the descriptors (patches 8 and 9) before adding more
> tests with invalid config.
I'm doing things in this order deliberately. Adding a failing test
establishes the current baseline for the functionality, so that when
the fix is applied you can see the improvement reflected directly in
the test suite, confirming its effectiveness. Adding tests after the
fact only demonstrates that the feature now works, not that it was
broken beforehand.
> > +-blockdev
> > '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}'
> > \
> > +-blockdev
> > '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
> > \
> > +-blockdev
> > '{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}'
> > \
>
> Writable pflash is not compatible with SEV(-ES) guests.
Is that so? According to
https://libvirt.org/kbase/launch_security_sev.html
a stateless firmware is only a requirement if boot measurements are
desired, which IIUC is not necessarily always the case.
In fact, the full XML example at the bottom of that document is using
stateful firmware.
To be clear, I'm tentatively in favor of moving towards a world in
which stateless firmware is used consistently across the board for
SEV guests, but we need to ensure that we don't cause disruption for
existing users in the process.
--
Andrea Bolognani / Red Hat / Virtualization
