Hi Pieter,
I run it in CentOS 8: Cloudstack: <name>i-4-46-VM</name> <uuid>e9c33f2d-7237-4cc1-b466-5d85a04ed549</uuid> <description>Other PV Virtio-SCSI (64-bit)</description> <cpu mode='host-model'><model fallback='allow'></model><feature policy='require' name='vmx'/><feature policy='require' name='vme'/><feature policy='require' name='smx'/></cpu><sysinfo type='smbios'> <system> <entry name='manufacturer'>Apache Software Foundation</entry> <entry name='product'>CloudStack KVM Hypervisor</entry> <entry name='uuid'>e9c33f2d-7237-4cc1-b466-5d85a04ed549</entry> </system> </sysinfo> <os> <type arch='x86_64' machine='q35'>hvm</type> <nvram template='/usr/share/edk2/ovmf/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/e9c33f2d-7237-4cc1-b466-5d85a04ed549.fd</nvram><boot dev='cdrom'/> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> Virsh dump: <sysinfo type='smbios'> <system> <entry name='manufacturer'>Apache Software Foundation</entry> <entry name='product'>CloudStack KVM Hypervisor</entry> <entry name='uuid'>e9c33f2d-7237-4cc1-b466-5d85a04ed549</entry> </system> </sysinfo> <os> <type arch='x86_64' machine='pc-q35-rhel8.2.0'>hvm</type> <boot dev='cdrom'/> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> Regards, Piotr From: Pieter Harvey <pieter.har...@icloud.com.INVALID> Sent: Friday, December 17, 2021 5:46 PM To: Pieter Harvey <pieter.har...@icloud.com> Cc: "users@cloudstack.apache.org" <users@cloudstack.apache.org> Subject: Re: UEFI on KVM silently becomes BIOS mode Hi Piotr, Is there any way to get this debug info (or xml dump) from CloudStack, what it is creating versus what ends up in virsh? I think I have configured everything correctly 1. cloudstack uefi enabled in database for host (host.uefi.enable) 2. host agent has uefi.properties with all paths configured (snippet below based Ubuntu 20.04.3) 3. instance is configured for UEFI (tried both legacy and secure boot) uefi.properties ========== guest.nvram.template.secure=/usr/share/OVMF/OVMF_VARS.fd guest.nvram.template.legacy=/usr/share/OVMF/OVMF_VARS.fd guest.loader.secure=/usr/share/OVMF/OVMF_CODE.secboot.fd guest.loader.legacy=/usr/share/OVMF/OVMF_CODE.fd guest.nvram.path=/var/lib/libvirt/qemu/nvram/ sudo ls -lh /usr/share/OVMF/ ==================== -rw-r--r-- 1 root root 1.9M Sep 20 13:11 OVMF_CODE.fd lrwxrwxrwx 1 root root 20 Sep 20 13:11 OVMF_CODE.ms.fd -> OVMF_CODE.secboot.fd -rw-r--r-- 1 root root 1.9M Sep 20 13:11 OVMF_CODE.secboot.fd -rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.fd -rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.ms.fd -rw-r--r-- 1 root root 128K Sep 20 13:11 OVMF_VARS.snakeoil.fd syslog ===== java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:) (logid:) uefi.properties file found at /etc/cloudstack/agent/uefi.properties java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:) (logid:) guest.nvram.template.legacy = /usr/share/OVMF/OVMF_VARS.fd java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:) (logid:) guest.loader.legacy = /usr/share/OVMF/OVMF_CODE.fd java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:) (logid:) guest.nvram.template.secure = /usr/share/OVMF/OVMF_VARS.fd java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:) (logid:) guest.loader.secure =/usr/share/OVMF/OVMF_CODE.secboot.fd java[47841]: INFO [kvm.resource.LibvirtComputingResource] (main:) (logid:) guest.nvram.path = /var/lib/libvirt/qemu/nvram/ - Pieter On 17 Dec 2021, at 16:15, Piotr Pisz <pi...@piszki.pl <mailto:pi...@piszki.pl> > wrote: Hi Pieter, I have just checked, everything works as expected, maybe you have something wrongly configured, check according to this: https://lab.piszki.pl/cloudstack-vm-with-vtpm-and-secure-boot-uefi/ Regards, Piotr From: Pieter Harvey <pieter.har...@icloud.com.INVALID <mailto:pieter.har...@icloud.com.INVALID> > Sent: Friday, December 17, 2021 4:11 PM To: "users@cloudstack.apache.org <mailto:users@cloudstack.apache.org> " <users@cloudstack.apache.org <mailto:users@cloudstack.apache.org> > Subject: UEFI on KVM silently becomes BIOS mode Hello, Maybe it's something wrong with CloudStack, maybe it's my brain but I have an issue regarding UEFI on CloudStack (4.16) + KVM (Ubuntu 20.04) 1. CloudStack Compute node is running, and can boot machines configured as UEFI in the GUI (secure or legacy). 2. When the machine is booted, I check the virsh xml config on the host and noticed that the machine is still in BIOS mode, even though CloudStack "thinks" it has deployed a fresh UEFI enabled instance. I have configured uefi.properties on the agent and the host is UEFI enabled in CloudStack but this is the config snippet of a deployed machine <os> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <boot dev='cdrom'/> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> However what I am expecting to see is: <os firmware="efi"> <type arch='x86_64' machine='pc-q35-4.2'>hvm</type> <loader secure="yes"/> <boot dev='cdrom'/> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> So CloudStack has changed the default machine type from 440fx to q35 but no mention of UEFI or secureboot options in the output XML. Any tips to get UEFI and possibly secure boot fully working? - Pieter