On 8/26/25 09:30, Andrea Bolognani wrote:
On Mon, Aug 25, 2025 at 05:12:57PM -0600, Jim Fehlig wrote:
On 8/25/25 10:19, Andrea Bolognani via Devel wrote:
One of the new test cases demonstrates how firmware
autoselection doesn't currently work correctly for domains
using SEV-SNP: the descriptor for a suitable firmware exists,
and yet it doesn't get picked up.
But the descriptor is incorrect. Autoselection using current git master
works fine with a proper descriptor for SNP.
It's true, the current descriptor for SEV-SNP is incorrect as it
causes libvirt to use pflash instead of rom. But the fact that
libvirt will ignore the current descriptor unless
<loader stateless='yes'/>
is present in the domain configuration, as demonstrated by the test
case that I'm adding in this patch, is a problem of its own, and
indeed the one that you reported in the first place ;)
Yep, no arguing that point.
So yes, we need to fix both issues, the one in libvirt and the one in
the descriptors. Solving the latter first would merely sweep the
former under the carpet, not make it go away.
I think the same could be said by fixing libvirt first.
IMO, we need to fix the descriptors (patches 8 and 9) before adding more
tests with invalid config.
I'm doing things in this order deliberately. Adding a failing test
establishes the current baseline for the functionality, so that when
the fix is applied you can see the improvement reflected directly in
the test suite, confirming its effectiveness. Adding tests after the
fact only demonstrates that the feature now works, not that it was
broken beforehand.
+-blockdev
'{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF_CODE.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}'
\
+-blockdev
'{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}'
\
+-blockdev
'{"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/guest_VARS.fd","node-name":"libvirt-pflash1-storage","read-only":false}'
\
Writable pflash is not compatible with SEV(-ES) guests.
Is that so? According to
https://libvirt.org/kbase/launch_security_sev.html
a stateless firmware is only a requirement if boot measurements are
desired, which IIUC is not necessarily always the case.
Dammit, you're right. I need to remember some of the SNP/TDX restrictions do not
apply to SEV(-ES). Too bad we're stuck supporting that transitional technology.
In fact, the full XML example at the bottom of that document is using
stateful firmware.
To be clear, I'm tentatively in favor of moving towards a world in
which stateless firmware is used consistently across the board for
SEV guests, but we need to ensure that we don't cause disruption for
existing users in the process.
Agreed. Changing the actual edk2 descriptors per patch 9 may cause disruptions
for users wanting a persistent variable store in pflash for their SEV(-ES) guests.
Regards,
Jim
