Public bug reported:
1. Summary of the Problem:
On a fresh installation of Ubuntu 24.04 LTS, libvirt consistently fails to
define a KVM virtual machine configured for UEFI firmware, returning the error
operation failed: Unable to find 'efi' firmware that is compatible with the
current configuration. This occurs despite the latest libvirt and QEMU versions
being installed, correct OVMF firmware files being present with proper
permissions, and all standard troubleshooting steps being exhausted. Defining
the VM with traditional BIOS (i440fx machine type) works as expected.
2. Steps to Reproduce:
Host Environment:
Operating System: Ubuntu 24.04 LTS (Noble Numbat)
Kernel: (Please paste your exact uname -a output here, e.g., Linux win11host
6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:27:32 UTC 2024
x86_64 x86_64 x86_64 GNU/Linux)
libvirt version: 10.0.0 (package 10.0.0-2ubuntu8.7)
QEMU version: 8.2.2 (package 8.2.2+dfsg-1ubuntu6)
OVMF package version: 2024.02-2ubuntu0.3 (confirmed reinstalled)
VM Configuration (from /home/spacepengu/Win11Gaming_final.xml):
The relevant XML section for the OS/firmware configuration is as follows
(note: the <secureboot> tag is explicitly removed as part of
troubleshooting):
XML
<os firmware='efi'>
<type arch='x86_64' machine='pc-q35'>hvm</type>
<loader readonly='yes'
type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/Win11Gaming_VARS.fd</nvram>
<boot dev='hd'/>
<boot dev='cdrom'/>
</os>
<features>
<acpi/>
<apic/>
<hyperv mode='custom'>
<relaxed state='on'/>
<vapic state='on'/>
<spinlocks state='on' retries='8191'/>
</hyperv>
<smm state='on'/>
</features>
<tpm model='tpm-crb'>
<backend type='emulator' version='2.0'/>
</tpm>
(Other parts of the XML, including CPU passthrough, PCI passthrough for GPU,
network, and disk definitions, are standard and have been verified to work with
the BIOS configuration.)
Steps:
Ensure libvirtd service is running: sudo systemctl status libvirtd (confirmed
active/running).
Attempt to define the VM using the above XML:
Bash
sudo virsh define /home/spacepengu/Win11Gaming_final.xml
3. Expected Behavior:
The virtual machine Win11Gaming should be successfully defined without errors,
allowing it to be started (sudo virsh start Win11Gaming).
4. Actual Behavior:
The virsh define command immediately fails with the following error:
error: Failed to define domain from /home/spacepengu/Win11Gaming_final.xml
error: operation failed: Unable to find 'efi' firmware that is compatible with
the current configuration
The libvirtd logs confirm this message:
Jun 07 06:45:46 win11host libvirtd[4322]: operation failed: Unable to find
'efi' firmware that is compatible with the current configuration
Jun 07 06:43:46 win11host libvirtd[4322]: operation failed: Unable to find
'efi' firmware that is compatible with the current configuration
Attempts to start the domain after the failed definition also fail:
sudo virsh start Win11Gaming
error: failed to get domain 'Win11Gaming'
5. Extensive Troubleshooting Performed (and Results):
libvirtd service status: Confirmed libvirtd.service is active (running). No
"unclean termination" or lingering dnsmasq processes after initial setup.
OVMF Firmware File Existence:
/usr/share/OVMF/OVMF_CODE_4M.fd exists.
/usr/share/OVMF/OVMF_CODE_4M.ms.fd exists.
/usr/share/OVMF/OVMF_CODE_4M.secboot.fd exists.
OVMF Firmware File Permissions: Confirmed read permissions for root and other
users.
Bash
ls -l /usr/share/OVMF/OVMF_CODE_4M.fd
-rw-r--r-- 1 root root 3653632 Mar 21 12:28 /usr/share/OVMF/OVMF_CODE_4M.fd
XML Variations for <loader> path:
Initially tried /usr/share/OVMF/OVMF_CODE_4M.secboot.fd with <secureboot
enable='yes'/> (resulted in unsupported configuration: unexpected feature
'secureboot').
Then, tried /usr/share/OVMF/OVMF_CODE_4M.fd with <secureboot enable='yes'/>
(same unsupported error).
Subsequently, removed the <secureboot enable='yes'/> tag entirely and used
/usr/share/OVMF/OVMF_CODE_4M.fd (resulted in the current Unable to find 'efi'
firmware that is compatible error).
Finally, tried /usr/share/OVMF/OVMF_CODE_4M.ms.fd without the <secureboot> tag
(resulted in the same Unable to find 'efi' firmware that is compatible error).
NVRAM File Removal: Attempted to remove
/var/lib/libvirt/qemu/nvram/Win11Gaming_VARS.fd (sudo rm ...), but the file did
not exist, indicating libvirt failed before creating it. This rules out NVRAM
file corruption.
AppArmor Status: Checked AppArmor logs; all libvirt processes associated with
the VM (libvirt-46d149db-9fff-40bc-b0dc-d9029ce1b0a5) are running in unconfined
mode. No AppArmor DENIED messages were found in dmesg or journalctl -k -b.
Bash
sudo dmesg | grep DENIED # (No output)
sudo journalctl -k -b | grep apparmor # (Shows only "STATUS" and
"profile_load/replace" for unconfined profiles)
OVMF Package Reinstallation: Performed sudo apt reinstall ovmf, which completed
successfully but did not resolve the issue.
6. Workaround:
Defining the VM with a traditional BIOS configuration (by replacing the entire
<os firmware='efi'> block with a simple <os><type arch='x86_64'
machine='pc-q35'>hvm</type><boot dev='hd'/><boot dev='cdrom'/></os>) allows the
VM to be defined and started successfully. This confirms that the underlying
KVM/QEMU setup works, and the issue is specific to libvirt's UEFI firmware
validation.
7. Additional Notes:
The host's physical BIOS Secure Boot is currently disabled, but this typically
should not impact the guest's emulated UEFI capabilities. The issue appears to
be a libvirt internal validation failure regarding the OVMF firmware when a
UEFI VM is requested without the secureboot feature enabled.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: libvirt-daemon 10.0.0-2ubuntu8.7
ProcVersionSignature: Ubuntu 6.8.0-60.63-generic 6.8.12
Uname: Linux 6.8.0-60-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.6
Architecture: amd64
CasperMD5CheckResult: pass
Date: Sat Jun 7 07:00:43 2025
InstallationDate: Installed on 2025-06-06 (1 days ago)
InstallationMedia: Ubuntu-Server 24.04.2 LTS "Noble Numbat" - Release amd64
(20250216.2)
KernLog:
ProcEnviron:
LANG=C.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission
denied: '/etc/libvirt/qemu.conf']
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug noble
** Description changed:
- Okay, I'll fill in the placeholders based on the information you've
- provided previously in our conversation.
-
- Bug Report Details (Filled Placeholders)
- Here's the complete bug report with the specific details from your system:
-
1. Summary of the Problem:
On a fresh installation of Ubuntu 24.04 LTS, libvirt consistently fails to
define a KVM virtual machine configured for UEFI firmware, returning the error
operation failed: Unable to find 'efi' firmware that is compatible with the
current configuration. This occurs despite the latest libvirt and QEMU versions
being installed, correct OVMF firmware files being present with proper
permissions, and all standard troubleshooting steps being exhausted. Defining
the VM with traditional BIOS (i440fx machine type) works as expected.
2. Steps to Reproduce:
Host Environment:
Operating System: Ubuntu 24.04 LTS (Noble Numbat)
Kernel: (Please paste your exact uname -a output here, e.g., Linux win11host
6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:27:32 UTC 2024
x86_64 x86_64 x86_64 GNU/Linux)
libvirt version: 10.0.0 (package 10.0.0-2ubuntu8.7)
QEMU version: 8.2.2 (package 8.2.2+dfsg-1ubuntu6)
OVMF package version: 2024.02-2ubuntu0.3 (confirmed reinstalled)
VM Configuration (from /home/spacepengu/Win11Gaming_final.xml):
The relevant XML section for the OS/firmware configuration is as follows
(note: the <secureboot> tag is explicitly removed as part of
troubleshooting):
XML
- <os firmware='efi'>
- <type arch='x86_64' machine='pc-q35'>hvm</type>
- <loader readonly='yes'
type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/Win11Gaming_VARS.fd</nvram>
- <boot dev='hd'/>
- <boot dev='cdrom'/>
- </os>
- <features>
- <acpi/>
- <apic/>
- <hyperv mode='custom'>
- <relaxed state='on'/>
- <vapic state='on'/>
- <spinlocks state='on' retries='8191'/>
- </hyperv>
- <smm state='on'/>
- </features>
- <tpm model='tpm-crb'>
- <backend type='emulator' version='2.0'/>
- </tpm>
+ <os firmware='efi'>
+ <type arch='x86_64' machine='pc-q35'>hvm</type>
+ <loader readonly='yes'
type='pflash'>/usr/share/OVMF/OVMF_CODE_4M.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/Win11Gaming_VARS.fd</nvram>
+ <boot dev='hd'/>
+ <boot dev='cdrom'/>
+ </os>
+ <features>
+ <acpi/>
+ <apic/>
+ <hyperv mode='custom'>
+ <relaxed state='on'/>
+ <vapic state='on'/>
+ <spinlocks state='on' retries='8191'/>
+ </hyperv>
+ <smm state='on'/>
+ </features>
+ <tpm model='tpm-crb'>
+ <backend type='emulator' version='2.0'/>
+ </tpm>
(Other parts of the XML, including CPU passthrough, PCI passthrough for GPU,
network, and disk definitions, are standard and have been verified to work with
the BIOS configuration.)
Steps:
Ensure libvirtd service is running: sudo systemctl status libvirtd (confirmed
active/running).
Attempt to define the VM using the above XML:
Bash
sudo virsh define /home/spacepengu/Win11Gaming_final.xml
3. Expected Behavior:
The virtual machine Win11Gaming should be successfully defined without
errors, allowing it to be started (sudo virsh start Win11Gaming).
4. Actual Behavior:
The virsh define command immediately fails with the following error:
error: Failed to define domain from /home/spacepengu/Win11Gaming_final.xml
error: operation failed: Unable to find 'efi' firmware that is compatible
with the current configuration
The libvirtd logs confirm this message:
Jun 07 06:45:46 win11host libvirtd[4322]: operation failed: Unable to find
'efi' firmware that is compatible with the current configuration
Jun 07 06:43:46 win11host libvirtd[4322]: operation failed: Unable to find
'efi' firmware that is compatible with the current configuration
Attempts to start the domain after the failed definition also fail:
sudo virsh start Win11Gaming
error: failed to get domain 'Win11Gaming'
5. Extensive Troubleshooting Performed (and Results):
libvirtd service status: Confirmed libvirtd.service is active (running). No
"unclean termination" or lingering dnsmasq processes after initial setup.
OVMF Firmware File Existence:
/usr/share/OVMF/OVMF_CODE_4M.fd exists.
/usr/share/OVMF/OVMF_CODE_4M.ms.fd exists.
/usr/share/OVMF/OVMF_CODE_4M.secboot.fd exists.
OVMF Firmware File Permissions: Confirmed read permissions for root and other
users.
Bash
ls -l /usr/share/OVMF/OVMF_CODE_4M.fd
-rw-r--r-- 1 root root 3653632 Mar 21 12:28 /usr/share/OVMF/OVMF_CODE_4M.fd
XML Variations for <loader> path:
Initially tried /usr/share/OVMF/OVMF_CODE_4M.secboot.fd with <secureboot
enable='yes'/> (resulted in unsupported configuration: unexpected feature
'secureboot').
Then, tried /usr/share/OVMF/OVMF_CODE_4M.fd with <secureboot enable='yes'/>
(same unsupported error).
Subsequently, removed the <secureboot enable='yes'/> tag entirely and used
/usr/share/OVMF/OVMF_CODE_4M.fd (resulted in the current Unable to find 'efi'
firmware that is compatible error).
Finally, tried /usr/share/OVMF/OVMF_CODE_4M.ms.fd without the <secureboot>
tag (resulted in the same Unable to find 'efi' firmware that is compatible
error).
NVRAM File Removal: Attempted to remove
/var/lib/libvirt/qemu/nvram/Win11Gaming_VARS.fd (sudo rm ...), but the file did
not exist, indicating libvirt failed before creating it. This rules out NVRAM
file corruption.
AppArmor Status: Checked AppArmor logs; all libvirt processes associated with
the VM (libvirt-46d149db-9fff-40bc-b0dc-d9029ce1b0a5) are running in unconfined
mode. No AppArmor DENIED messages were found in dmesg or journalctl -k -b.
Bash
sudo dmesg | grep DENIED # (No output)
sudo journalctl -k -b | grep apparmor # (Shows only "STATUS" and
"profile_load/replace" for unconfined profiles)
OVMF Package Reinstallation: Performed sudo apt reinstall ovmf, which
completed successfully but did not resolve the issue.
6. Workaround:
Defining the VM with a traditional BIOS configuration (by replacing the
entire <os firmware='efi'> block with a simple <os><type arch='x86_64'
machine='pc-q35'>hvm</type><boot dev='hd'/><boot dev='cdrom'/></os>) allows the
VM to be defined and started successfully. This confirms that the underlying
KVM/QEMU setup works, and the issue is specific to libvirt's UEFI firmware
validation.
7. Additional Notes:
The host's physical BIOS Secure Boot is currently disabled, but this
typically should not impact the guest's emulated UEFI capabilities. The issue
appears to be a libvirt internal validation failure regarding the OVMF firmware
when a UEFI VM is requested without the secureboot feature enabled.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: libvirt-daemon 10.0.0-2ubuntu8.7
ProcVersionSignature: Ubuntu 6.8.0-60.63-generic 6.8.12
Uname: Linux 6.8.0-60-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.6
Architecture: amd64
CasperMD5CheckResult: pass
Date: Sat Jun 7 07:00:43 2025
InstallationDate: Installed on 2025-06-06 (1 days ago)
InstallationMedia: Ubuntu-Server 24.04.2 LTS "Noble Numbat" - Release amd64
(20250216.2)
KernLog:
-
+
ProcEnviron:
- LANG=C.UTF-8
- PATH=(custom, no user)
- SHELL=/bin/bash
- TERM=xterm-256color
- XDG_RUNTIME_DIR=<set>
+ LANG=C.UTF-8
+ PATH=(custom, no user)
+ SHELL=/bin/bash
+ TERM=xterm-256color
+ XDG_RUNTIME_DIR=<set>
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13]
Permission denied: '/etc/libvirt/qemu.conf']
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2113456
Title:
libvirt fails to define UEFI KVM VMs with firmware compatibility error
on Ubuntu 24.04.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2113456/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
