This series improves validation so that more nonsensical configurations are rejected, fixes a number of scenarios in which user-provided attributes were getting overwritten by the firmware selection process, and overall makes things more predictable and reliable.
Notably, it addresses the inability of starting confidential VMs on aarch64, which was reported[1] some time ago. It is also a prerequisite of another series that I will post shortly, which introduces support for the uefi-vars QEMU device and thus makes it possible to use Secure Boot for aarch64 VMs. Since all these fixes and improvements make sense on their own, and there is a little bit of work still needed on the QEMU/edk2 side before the other series can be merged, I decided to post this one separately instead of lumping them together. It's not like it's not meaty enough on its own anyway :) [1] https://lists.libvirt.org/archives/list/[email protected]/thread/D5UDRJ4G66JXDMJHHEUNITRZHLBQH2TO/ Andrea Bolognani (36): qemu_firmware: Drop support for kernel descriptors qemu_firmware: Drop 'nvram' local variable qemu_firmware: Move format=raw compat exception qemu_firmware: Move copying of nvram.format to loader.format tests: Add firmware-manual-efi-rw-nvram domain_validate: Reject NVRAM with read/write firmware tests: Add firmware-auto-bios-rw tests: Add firmware-manual-bios-rw domain_validate: Reject read/write ROMs tests: Add firmware-auto-efi-format-loader-qcow2-rom domain_validate: Reject ROMs with format other than raw qemu_firmware: Ignore stateless/combined when NVRAM is configured qemu_firmware: Drop fallback for absent nvramTemplateFormat schemas: Allow templateFormat without template path tests: Add firmware-manual-efi-nvram-template-nonstandard-format tests: Add firmware-manual-efi-nvram-template-nonstandard-legacy-paths tests: Add firmware-auto-efi-format-nvram-raw tests: Add firmware-auto-efi-format-nvram-raw-loader-path tests: Add firmware-auto-efi-format-nvram-raw-nvramtemplate-path tests: Add firmware-auto-efi-format-nvramtemplate-qcow2 tests: Add firmware-auto-efi-format-mismatch-nvramtemplate qemu_firmware: Introduce qemuFirmwareFillDomainCustom() qemu_firmware: Set templateFormat for custom paths qemu_firmware: Simplify handling of legacy paths qemu_firmware: Refactor setting NVRAM format qemu_firmware: Prefer template format to loader format qemu_firmware: Retain user-specified NVRAM format qemu_firmware: Take templateFormat into account when matching qemu_firmware: Take NVRAM format into account when matching qemu_firmware: Remove NVRAM to loader format copy hack tests: Add firmware-manual-efi-sev-snp tests: Add firmware-manual-efi-tdx qemu_firmware: ROM firmware is always in raw format qemu_firmware: Don't skip autoselection for ROM qemu_firmware: Allow matching both UEFI and BIOS for ROM loader news: Mention improvements and fixes to firmware selection NEWS.rst | 8 + src/conf/domain_conf.c | 18 +- src/conf/domain_validate.c | 30 ++ src/conf/schemas/domaincommon.rng | 10 +- src/qemu/qemu_firmware.c | 367 ++++++++++-------- src/qemu/qemu_postparse.c | 17 - .../firmware-auto-bios-rw.x86_64-latest.err | 1 + ...> firmware-auto-bios-rw.x86_64-latest.xml} | 5 +- .../qemuxmlconfdata/firmware-auto-bios-rw.xml | 18 + ...-format-loader-qcow2-rom.x86_64-latest.err | 1 + ...mware-auto-efi-format-loader-qcow2-rom.xml | 18 + ...t-mismatch-nvramtemplate.x86_64-latest.err | 1 + ...-mismatch-nvramtemplate.x86_64-latest.xml} | 6 +- ...auto-efi-format-mismatch-nvramtemplate.xml | 19 + ...uto-efi-format-mismatch.x86_64-latest.args | 5 +- ...auto-efi-format-mismatch.x86_64-latest.xml | 2 +- ...-nvram-raw-loader-path.x86_64-latest.args} | 4 +- ...t-nvram-raw-loader-path.x86_64-latest.xml} | 4 +- ...-auto-efi-format-nvram-raw-loader-path.xml | 19 + ...raw-nvramtemplate-path.x86_64-latest.args} | 4 +- ...-raw-nvramtemplate-path.x86_64-latest.xml} | 4 +- ...fi-format-nvram-raw-nvramtemplate-path.xml | 18 + ...t-nvram-raw.x86_64-latest.abi-update.args} | 0 ...at-nvram-raw.x86_64-latest.abi-update.xml} | 0 ...o-efi-format-nvram-raw.x86_64-latest.args} | 0 ...to-efi-format-nvram-raw.x86_64-latest.xml} | 0 .../firmware-auto-efi-format-nvram-raw.xml | 18 + ...at-nvramtemplate-qcow2.x86_64-latest.args} | 9 +- ...mat-nvramtemplate-qcow2.x86_64-latest.xml} | 4 +- ...re-auto-efi-format-nvramtemplate-qcow2.xml | 18 + .../firmware-manual-bios-rw.x86_64-latest.err | 1 + .../firmware-manual-bios-rw.xml | 15 + ...-loader-path-nonstandard.x86_64-latest.xml | 2 +- ...ate-nonstandard-format.x86_64-latest.args} | 10 +- ...late-nonstandard-format.x86_64-latest.xml} | 4 +- ...-efi-nvram-template-nonstandard-format.xml | 19 + ...nstandard-legacy-paths.x86_64-latest.args} | 4 +- ...onstandard-legacy-paths.x86_64-latest.xml} | 5 +- ...vram-template-nonstandard-legacy-paths.xml | 20 + ...ram-template-nonstandard.x86_64-latest.xml | 2 +- ...ware-manual-efi-rw-nvram.x86_64-latest.err | 1 + .../firmware-manual-efi-rw-nvram.xml | 19 + ...ual-efi-sev-snp.x86_64-latest+amdsev.args} | 7 +- ...nual-efi-sev-snp.x86_64-latest+amdsev.xml} | 12 +- .../firmware-manual-efi-sev-snp.xml | 21 + ...anual-efi-tdx.x86_64-latest+inteltdx.args} | 9 +- ...manual-efi-tdx.x86_64-latest+inteltdx.xml} | 11 +- .../firmware-manual-efi-tdx.xml | 25 ++ tests/qemuxmlconftest.c | 19 + 49 files changed, 571 insertions(+), 263 deletions(-) create mode 100644 tests/qemuxmlconfdata/firmware-auto-bios-rw.x86_64-latest.err copy tests/qemuxmlconfdata/{firmware-manual-efi-nvram-template-nonstandard.x86_64-latest.xml => firmware-auto-bios-rw.x86_64-latest.xml} (83%) create mode 100644 tests/qemuxmlconfdata/firmware-auto-bios-rw.xml create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.x86_64-latest.err create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-loader-qcow2-rom.xml create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.err copy tests/qemuxmlconfdata/{firmware-manual-efi-nvram-template-nonstandard.x86_64-latest.xml => firmware-auto-efi-format-mismatch-nvramtemplate.x86_64-latest.xml} (83%) create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-mismatch-nvramtemplate.xml copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.args => firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.args} (90%) copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.xml => firmware-auto-efi-format-nvram-raw-loader-path.x86_64-latest.xml} (81%) create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-loader-path.xml copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.args => firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.args} (90%) copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.xml => firmware-auto-efi-format-nvram-raw-nvramtemplate-path.x86_64-latest.xml} (81%) create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw-nvramtemplate-path.xml copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.args => firmware-auto-efi-format-nvram-raw.x86_64-latest.abi-update.args} (100%) copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.xml => firmware-auto-efi-format-nvram-raw.x86_64-latest.abi-update.xml} (100%) copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.args => firmware-auto-efi-format-nvram-raw.x86_64-latest.args} (100%) copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.xml => firmware-auto-efi-format-nvram-raw.x86_64-latest.xml} (100%) create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvram-raw.xml copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.args => firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.args} (77%) copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.xml => firmware-auto-efi-format-nvramtemplate-qcow2.x86_64-latest.xml} (81%) create mode 100644 tests/qemuxmlconfdata/firmware-auto-efi-format-nvramtemplate-qcow2.xml create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-rw.x86_64-latest.err create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-rw.xml copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.args => firmware-manual-efi-nvram-template-nonstandard-format.x86_64-latest.args} (70%) copy tests/qemuxmlconfdata/{firmware-manual-efi-nvram-template-nonstandard.x86_64-latest.xml => firmware-manual-efi-nvram-template-nonstandard-format.x86_64-latest.xml} (81%) create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-format.xml copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.args => firmware-manual-efi-nvram-template-nonstandard-legacy-paths.x86_64-latest.args} (89%) copy tests/qemuxmlconfdata/{firmware-manual-efi-loader-path-nonstandard.x86_64-latest.xml => firmware-manual-efi-nvram-template-nonstandard-legacy-paths.x86_64-latest.xml} (81%) create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-nvram-template-nonstandard-legacy-paths.xml create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.x86_64-latest.err create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-rw-nvram.xml copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.args => firmware-manual-efi-sev-snp.x86_64-latest+amdsev.args} (74%) copy tests/qemuxmlconfdata/{firmware-manual-efi-nvram-template-nonstandard.x86_64-latest.xml => firmware-manual-efi-sev-snp.x86_64-latest+amdsev.xml} (75%) create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.xml copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.args => firmware-manual-efi-tdx.x86_64-latest+inteltdx.args} (59%) copy tests/qemuxmlconfdata/{firmware-auto-efi-format-mismatch.x86_64-latest.xml => firmware-manual-efi-tdx.x86_64-latest+inteltdx.xml} (69%) create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-tdx.xml -- 2.52.0
